Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UKASH Virus on Microsoft XP [Closed]


  • This topic is locked This topic is locked

#31
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Sorry for the delay. I've been snowed under with revision for exams.

Download and run the ZoneAlarm Removal Tool and then restart your computer.
This will get rid of any remaining remnants of the firewall as you have now uninstalled ZoneAlarm and having two firewalls on your computer can cause problems.
  • 0

Advertisements


#32
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
No problem - your help has been great and I know you have stuff to do aside from help me. I myself am snowed under with SNOW! :)

I'll get to this tomorrow. Off to movies tonight. Just as an update - PC has been running perfectly! (thankfully)

:) Speak tomorrow.
  • 0

#33
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
After consulting with other helpers, I think I now know why Security Center and Windows Firewall were not working.

A legitimate service called winmgmt was hijacked by the malware. When fixing your computer, OTL got rid of the service as well as the malware. The Windows Security Center (wscsvc) and Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) services are both dependent on winmgmt. The only way Security Center and Windows Firewall are going to function is to restore the winmgmt service.


Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Download ERUNT.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
  • Install ERUNT by following the prompts.
    (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
  • Start ERUNT.
    (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup.
    (The default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked.
  • Press OK.
  • Press YES to create the folder.
Posted Image


Step 2

  • Download the following file to your desktop: Attached File  winmgmt.reg   4.47KB   12 downloads
  • Double-click winmgmt.reg and confirm the prompts.

Step 3

Just to clarify, what problems (if any) do you now have with your computer?
  • 0

#34
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi There,

I ran the Zone Alarm removal tool and restarted my PC.

I haven't been having any issues with the PC whilst running the new Personal Firewall.

I have a feeling that the windows security services you mentioned may have been removed the last time I had an issue with the PC - ie. not during this attack / clean up process. I say this because I now remember that the Windows Firewall was not running before and that the Security Center was not working. I did however think that last time my partner did a reinstall and I just presumed it was added back at that time - but maybe not.

As for your entry above - I installed ERUNT but there was no option to NOT have a folder on the start up folder. Basically it just asked me what I wanted to call the folder - but I had no option as to whether or not I wanted it. As such when I installed ERUNT it does appear on the start menu. As this goes against your instructions in step 1 I did not proceed to run the software (ie. I did 1 and 2 of Step 1 but nothing further).

Should I proceed onto to part 3 of step 1?

Thanks again for your ongoing assistance btw. :) Part of me is tempted to stop at this stage since I have a working firewall and anti-virus system. Can I ask - once the Windows Security Centre is workign again will it cause issues with the other software on the PC?
  • 0

#35
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Go on ahead and proceed with the other steps.
  • 0

#36
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi There,

Just before I proceed .... today my PC ran it's automated anti-virus scan and picked up 2 items! Both high severity.

One: Win32:Reveton-LH [trj]
Two: JS:Runner-C [trj]

Both items were removed ( I chose 'delete' rather than 'move to chest'. I'm not sure how to get a text file of my avast scans so I can show you the file location etc. Any idea?

Avast recommended I do a boot-time scan so I have let that proceed and am off to bed. Tomorrow I'll see if it finds anything else and I'll update Malwarebytes and run it as well.

I thought I'd better post this information before making any changes to the registry as it appears there may still be a malware issue.

ETA: I couldn't sleep so am here again - the Avast Virus scan which ran on boot up was clean. SO was Malwarebytes scan.

What now? :)

Edited by jems, 20 January 2013 - 05:41 PM.

  • 0

#37
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
The items Avast found are most likely orphans (leftovers). I'm happy for you to proceed with the steps.
  • 0

#38
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Are you still here? Have you peformed the steps?
  • 0

#39
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi there, sorry for the slow responses I have been away with work. I'll hopefully manage to get this done tomorrow and will report back.

Thanks for your patience and help.
  • 0

#40
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP