VIRUS WARNING and help needed - ukash virus metropolitan police virus

[CoolFunkMan]

There's a nasty virus lurking the web at the moment. It locks your computer and leaves a fake message from the Metropolitan Police, saying that you've been looking at child porn and violent videos/imagery. It goes on to say that your computer will remain locked until you pay a fine of £100. It looks realistic, and even shows you your ip address, but the dead giveaway is the fact that you have to pay via ukash, to get a code to unlock your system.

 

I've had this happen this morning, and no one in my house has looked at any of the material/subject matter that the fake page claims. My fiancée was watching videos via TV Links last night (it was America's Next Top Model if you must know), and the issue occurred not long afterwards.

 

Fortunately, she found a work around by pressing ctrl+alt+del and logging off, then back on again. However, the option for task manager has vanished. I started a full scan on Microsoft Security Essentials a few hours ago, and it has found harmful files on my system.

 

Although I'm worried in case this doesn't fix the problem. Are there any other precautions I should take before rebooting my system? Should I uninstall MSE, as it failed to locate and block this virus? I'm running Windows 7 Home Premium.

 

Thanks if anyone can help.

[Cube]

My suggestion is the same for pretty much any big virus: reinstall windows.

 

Back up what you need and just format the thing.

[CoolFunkMan]

That's the problem, I have absolutely no way of backing anything up, plus I can't afford to buy an external hard drive. It is apparently possible to remove this virus, but it's a pain in the arse. I did a google search earlier, but the way others described it sounded confusing.

[Rummy]

How bigs your hard drive? How much space do you have? Is the drive already partitioned into two windows drives(usually C: and D: )? Do you know anyone who could lend an external? I think drives are still pricey from the floods, so it isn't the most feasible solution to buy one.

 

Personally I'm with Cube on this though, because whilst I remove a lot of stuff for people, I'm not usually pr0 enough to make sure I undo every single little thing the virus did, and it might come back to be a problem later on.

 

EDIT: Apparently MBAM works(the software, not the forumite :p), do you have that installed?

 

EDITEDIT: Another person said it didn't, but someone said this worked for them;

 

I got this yesterday. Long story short, this how I dealt with it;

 

Booted into safe mode with command prompt (hold F8 at start up).

At command prompt I typed 'msconfig'.

In msconfig I clicked on the 'start up' tab.

In the list of programs loading on start up there was one entitled 'Lamp Admit Naval Crust Diana Slob' which definitely sounded dodgy so I clicked on it to remove the tick and made a note of the location.

A reboot into Windows normal mode confirmed that this was the file causing the problem since I now had control over the computer again.

In Windows Explorer I navigated to the affected file and deleted it.

 

On mine (I'm running Windows 7) it was a file named '0.645436414059299.exe' located in C:\Users\Sollus\AppData\Local\Temp. This worked for me, but I would imagine its sneaky enough to hide anywhere. McAfee is now running properly (I'm disappointed that it didn't stop it in the first place) and I'm now in the process of changing all my passwords.

 

Hope this is useful.

Edited December 12, 2011 by Rummy

[Wesley]

My advice is to stop looking at child porn.

[CoolFunkMan]

Thanks for the info there, I think it's worked!

 

I did what you said, then did a system restore. Luckily, the last one was a few days ago, so I haven't lost much, if anything at all.

 

Thanks again!

 

My advice is to stop looking at child porn.

 

LOL!

Edited December 12, 2011 by CoolFunkMan

[Rummy]

For the future make sure everything is up to date virus/spyware wise. Whilst I don't know much/anything about MSE, I usually keep both an antivirus AND an anti-malware scanning tool installed(usually MBAM). Also common computer sense, but if you're sharing your computer it isn't easy to share that one with everyone, but it's worth trying to educate people who use it on clicking stuff willynilly etc.

[Jimbob]

Havn't had to deal with this virus, but i did have to do a re-install on my computer over the weekend.

 

Only advice, if you have the time, follow the guidance to remove it via the sources you found. Or if you have the disks, re-install Windows from fresh. Which sounds easier from what i read to get rid of the virus.

[Shorty]

If you ever absolutely need to do a format, but you need to keep some stuff and Windows is damaged to the point you can't even get to your folders, try running in safe mode. If that fails, you could boot into another operating system from USB. That's the reason I keep a copy of Ubuntu on a mini USB stick on my keyring.

 

What did you do to get this virus? Now that you've fixed it, I hope you've learned from it! No more dodgy looking .exe files from torrents claiming to have an album that's not even been released yet, methinks

[CoolFunkMan]

Lol, it wasn't me. My Fiancee was watching America's Next Top Model on TV Links. For some reason, one of the links opened a dodgy site, which resulted in my computer contracting the virus. She promised to not go on that site again. I never used to have issues with that site back in the day though... :/