Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URUASY.A Ransomware Trojan - Help needed with removal

Status
Not open for further replies.
BionicJohn

BionicJohn

Technical User
Nov 6, 2002
5,022
GB
I see there's threads about similar ransomware (FBI/MoneyPak) but the wife's son has collected URUASY.A, which is proving impossible so far to remove.

MS recommend running Windows Defender Offline, which I've done, using a bootable USB stick, but nothing is detected. As far as Defender is concerned the laptop is clean.

Switching on and hitting F8 to load Safe Mode is recommended by MalwareEXPERTS but after entering the password, the laptop reboots.

I'm thinking of taking the HDD out, hooking it up to another PC and trying to clean it like that. Is this a sensible option? Will Malwarebytes, for example, detect, remove and correct the trojan?

Any other ides?

Cheers, John.

(And yes, the laptop has several file sharing apps on it, despite many warnings about the risks.)

Iechyd da! John
Glannau Mersi, Lloegr.
 
Sort by date Sort by votes
Sorry, fell at the first hurdle - Ctrl+Shift+Esc does nothing. Ctrl+Alt+Del brings up the menu, but "Start Task Manager" just returns the Ransom page. :-(

Also, I forgot to mention, the laptop is Win 7 64bit.

Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
It looks like I've got rid of enough of the trojan for it boot through to the user account.

The only Safe Mode I could load was the Command Prompt. So I entered "control.exe" at the prompt, then created a new user account with full admin privileges. I was then able to download and install Malwarebytes which found 6 nasties. After rebooting, the user account loaded as expected.

Now clean out all the junk and hope the lad learns about safe surfing.

I'd like to add that MS Security Essentials was running and up to date, so a big FAIL for M$.

Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
Everything now works as expected, CCleaner removed almost 5Gb of junk, I've disabled eMule and µTorrent using MSConfig, and all the AV apps I've run find nothing.

How long til next time? [neutral]




Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
wow, that was a nasty one....I most likely would have booted to a bootable usb, removed the files I needed, and just nuked the drive, and started over.
 
Upvote 0 Downvote
It was certainly nasty, but kids don't have back ups do they?

Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sentrif
  • Locked
  • Question
New laptop win7, antivirus needed 2
2
Replies
21
Views
257
goombawaho
goombawaho
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
280
2ffat
2ffat
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
153
DrB0b
DrB0b
izzer43
  • Locked
  • Question
Manual Removal of Virus "TIDSERV 2" required by Norton
Replies
0
Views
81
izzer43
izzer43
BadBigBen
  • Locked
  • News
Crossplatform Trojan...
Replies
2
Views
80
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top