Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I remove the west Yorkshire virus?


  • Please log in to reply

#1
Alex234

Alex234

    New Member

  • Member
  • Pip
  • 2 posts
There is a virus that is not letting me use my computer at all. Right as my home screen shows up, the virus pops up. I'm on my iPad and the infected computer is a Toshiba laptop. It is called the west Yorkshire virus. I don't know what to do. I need help!
  • 0

Advertisements


#2
Alex234

Alex234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
http://https://commu...olice virus.jpg
This is what it looks like
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
See if you can follow the instructions here:

http://www.wikihow.com/Remove-Bundespolizei-Ukash-Virus-Manually

I expect your version will work about the same way. The main thing you need to do is correct the shell entry in the registry. Then run msconfig

instead of turning everything off:

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot.

I would try rebooting into Safe Mode with Networking tho with most things turned off you may be able to boot into regular mode.

If you can get it to boot then:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Just in case the article wasn't clear:

To get into Safe Mode:

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Command Prompt (or just Command Prompt). Login with your usual login.

I'd skip the task manager and go directly to regedit. If you get the Registry Editor to open then:

Find:
HKey_Local Machine and click on the + in front of it. This should make it open up and show you its subkeys. One of which will be:

Software. Click on its + and then find:

Microsoft. Click on its + and then find:

Windows NT. Click on its + and then find:

CurrentVersion. Click on its + and then find:

Winlogon. Click on Winlogon and then look in the right pane for Shell. Right click on Shell and select Modify (or double click on it). A little box will open up which will have the path to the malware. Write that down then replace it with explorer.exe and hit OK. Close the registry.

Now try to run msconfig.
  • 0

#5
Alex234

Alex234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Well, I can't enter safe mode. The virus pops up. I've been on the 3 different safe modes and the virus still popped up, even with the Internet disconnected.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Can you get a friend to download a file and burn it to a CD for you?

Download PC Regedit from http://www.pcdisktoo...d/PCRegedit.iso


We need to burn this as a bootable CD so the easiest way is to get free iso burner from:

http://www.freeisoburner.com/

You run Free Iso Burner and then point it at the PCRegdit.iso file and tell it to burn it and it should do it correctly.

Then you have to tell your PC to boot from the CD. Sometimes they have a separate boot order key like F10. Other times you have to go into the BIOS/CMOS setup to change the order.

Instructions for using this CD are at the bottom of http://www.raymond.c...ing-in-windows/

They tell you to look at the userinit key which is in the same area as the Shell key that you probably need to fix so the instructions should be good enough for you.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
A friend of mine suggested you might try

http://www.f-secure....2_reveton.shtml

or

http://www.microsoft...A#recovery_link

Might not need the CD afterall.

Ron
  • 0

#8
Alex234

Alex234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I might need the cd. The thing is, i can't do anything on my computer. I can't go on the Internet, use any programs, or remove it manually. So, I will probably get my dad to help me burn the program on a cd.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
The first link suggests you try:

Press Ctrl-O (the letter O, not the number zero).
From the prompted "Open" dialog box, type:

c:\windows\system32\cmd.exe.

Note: For Windows 7, it will prompt you whether you want to download and execute the file; you can press "Run" to continue.

In the command prompt displayed, type in one of the following commands, depending on your operating system:

For Windows XP:

Type cd %USERPROFILE%\Start Menu\Programs\Startup

For Windows 7:

Type cd %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup



From the same command prompt, type:

del *.dll.lnk

Finally, reboot the machine. You can do so by using this command:

shutdown -r -t 0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP