This one has beaten me! any thoughts?

[bashinghead]

Hi all,

Awesome forum and advice. While in the past I've been able to use the advice from this forum what happened the other day has me beaten.

I inadvertently click on a "update" something as I was closing the pop up down and got the dreaded Ukash locked screen.

OK have got rid of this before not a problem.

Closed it down, discinnected from the web and restarted in safe mode.

Wouldn't open and restarted immediately as normal but still locked screen.

OK, restarted again in safe mode with command prompt. Same problem.

Start again - fn f8 then I get the following options:

Repair computer

Safe mode

Safe mode with networking

Safe mode with command prompts

Enable boot logging

Enable low res videos

Last known good config (advanced)

Directory services restore mode

Debugging mode

Disable automatic restart on system fail

Disable driver system enforcement

Start windows normally

I only try the safe mode options that shut it down.

I go into repair computer.

Log in with my normal details (don't have any others)

Options give:

Start up repair

System restore

System image recover

Windows memory diagnostic

Command prompt

First 2 options run as a normal system restore then nothing happens as the screen shows the busy line.

Go to command prompt

Usually I can get into safe mode using msconfig or explore.exe

But I get "explore.exe is not recognised as an internal or external command, operable program or batch file.

Then I notice the first line in CMD is saying

X:\windows\system32>

Rather than the c drive

I have spybot and malwarebytes on my laptop but cannot download anything else. I do not have a disk or copy of the programme on anything - and yes I now realise how stupid that is.

The system is a windows 7.

I figure if I can get to the malwarebytes programme I can run it and sort this out but am stuck.

Any help is a massive help.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

See if you can do the following. you will need access to another PC and a USB flash drive (memory stick)

 

Please download Farbar Recovery Scan Tool from here:

                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

• 
  

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

• 
  

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

• 
  

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[bashinghead]

Thanks for the fast reply. I don't have access to another computer. I'm using my tablet as it is to write this.

Is there anything you can recommend without needing to download something else?

[kevinf80]

If you can access the command prompt via F8 have a look at this link: http://www.tech-recipes.com/rx/38039/remove-latest-fbi-money-pack-virus-despite-safe-mode-forced-restart/ the instructions are very straightforward, let me know if that helps....

 

If the above does not help do you have access to a friends PC where you can create a rescue CD such as Kaspersky rescue 10 or Windows Defender offline tool, both are usually successful with the kind of infection you have...

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!