Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URUASY.A Ransomware Trojan - Help needed with removal

Status
Not open for further replies.

BionicJohn

Technical User
Nov 6, 2002
5,022
GB
I see there's threads about similar ransomware (FBI/MoneyPak) but the wife's son has collected URUASY.A, which is proving impossible so far to remove.

MS recommend running Windows Defender Offline, which I've done, using a bootable USB stick, but nothing is detected. As far as Defender is concerned the laptop is clean.

Switching on and hitting F8 to load Safe Mode is recommended by MalwareEXPERTS but after entering the password, the laptop reboots.

I'm thinking of taking the HDD out, hooking it up to another PC and trying to clean it like that. Is this a sensible option? Will Malwarebytes, for example, detect, remove and correct the trojan?

Any other ides?

Cheers, John.

(And yes, the laptop has several file sharing apps on it, despite many warnings about the risks.)

Iechyd da! John
Glannau Mersi, Lloegr.
 
Sorry, fell at the first hurdle - Ctrl+Shift+Esc does nothing. Ctrl+Alt+Del brings up the menu, but "Start Task Manager" just returns the Ransom page. :-(

Also, I forgot to mention, the laptop is Win 7 64bit.

Iechyd da! John
Glannau Mersi, Lloegr.
 
It looks like I've got rid of enough of the trojan for it boot through to the user account.

The only Safe Mode I could load was the Command Prompt. So I entered "control.exe" at the prompt, then created a new user account with full admin privileges. I was then able to download and install Malwarebytes which found 6 nasties. After rebooting, the user account loaded as expected.

Now clean out all the junk and hope the lad learns about safe surfing.

I'd like to add that MS Security Essentials was running and up to date, so a big FAIL for M$.

Iechyd da! John
Glannau Mersi, Lloegr.
 
Everything now works as expected, CCleaner removed almost 5Gb of junk, I've disabled eMule and µTorrent using MSConfig, and all the AV apps I've run find nothing.

How long til next time? [neutral]




Iechyd da! John
Glannau Mersi, Lloegr.
 
wow, that was a nasty one....I most likely would have booted to a bootable usb, removed the files I needed, and just nuked the drive, and started over.
 
It was certainly nasty, but kids don't have back ups do they?

Iechyd da! John
Glannau Mersi, Lloegr.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top