How to Remove the Cybercrime Ukash Virus

Unfortunately, the Cybercrime or Ukash virus is still with us. We just had another couple of computers at the shop come in infected with it. If you live in the Calgary area, bring your computer into our Calgary computer repair shop and we’ll fix it for you tout de suite.

If you don’t live in Calgary then try this, or get a tech to help you do it:

The best way to remove the Cybercrime or Ukash virus is to go into Safe Mode with Networking then download and run Combofix, then run Malwarebytes and SuperAntispyware. After this download either AVG or Avira. They are free for home use.


If you don’t know how to do these things yourself then you might go to the Bleeping Computer website and ask them for help. They are wonderful. And they are the authors of Combofix.


If you are a tech or are tech-savvy enough you can try our removal procedures:
First run Combofix. (I did this in Safe Mode with Networking.)

To get into Safe Mode, tap F8 as the computer boots. If you tap at just the right time, a list of options in black and white is displayed on your screen. If you get the usual Windows boot up, you’ve missed Safe Mode so you’ll have to restart and tap again.
Pick Safe Mode with Networking. Then you’ll see a message asking if you’re sure you want to go into Safe Mode or if you’d rather use System Restore. Click yes you do want to go into Safe Mode. In Safe Mode you can then download and run Combofix.

Next download and run Malwarebytes, then SuperAntispyware.

Next you’ll need a good anti-virus, AVG or Avira.

All the above are free for home use.

Good luck. Let me know if you have any questions. My email is

Read more about the Cybercrime virus.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Good Sites for Techs

I’ve mentioned Technibble before. It’s my favorite site for computer techs, especially those starting a computer repair business. But today I’ve found a new site for new techs called Emerging Techs. It has some good tips for both new and more established techs. Other people besides techies who want to know more about maintaining their computers might find it helpful too.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to Remove Spyware and Viruses Manually with Process Explorer

Here’s a wonderful training video on how to use Process Explorer to remove viruses manually. It’s more for computer technicians than regular computer users, but I’ve found it helpful in removing the more difficult viruses.

You’ll find out how to use the Process Explorer and other Sysinternals tools to identify malware infections, from standard spyware to kernel-mode rootkits, and clean them off your computer.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to Prevent the USB Worm

There’s a new USB worm about. It loads on your computer when you stick an infected USB drive (Flash memory drive) into a USB port or an infected CD into the CD drive. Since it installs through the Autorun function on Windows, this type of worm is easy to prevent. Simply turn off Autorun.

To turn off Autorun do this:

1. Go to Start button then Run.
2. Type in “gpedit.msc” without the quotes.
3. The Group policy window will open.
4. Choose “System” under “Administrative Templates.”
5. Find “Turn off Autoplay” and double-click it.
6. You’ll see three choices with radio buttons (round check boxes) in front of them: Not configured, Enabled, Disabled. Pick “Enabled.”
7. Underneath the radio buttons you’ll see the words “Turn off Autoplay on.” Choose “All drives.”

Not only will this prevent the USB worm, it will also let you play some CDs without all the manufacturers’ restrictions.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

When Spyware gets Bad: What to do when you can’t do anything

Sometimes spyware gets so bad, it’s hard to do anything. You can’t go online and download Malwarebytes or Spybot or any anti-spyware (see this post), because your browser–that is, your Internet Explorer or Firefox–is hijacked and redirected and won’t let you go anywhere of use and certainly won’t let you download anything. So you take the next step, and reboot your computer into Safe Mode with Networking by tapping F8 as the computer restarts. But sometimes even in Safe Mode, the malware keeps you from downloading anti-spyware or, if you manage to download it, running it. So now you face reformatting your hard drive and losing all your data and the programs, at least the programs you’ve lost your disks to, or never had disks for in the first place.

What do you do now? You take the computer to a tech who nine times out of ten will recommend reformatting. Or you find a tech like Ms. Ducktoes who will fight the malware without reformatting. Ask your tech if he or she will do this. Ask if he will use Malwarebytes or SuperAntispyware.

Or…you can do this.
1. Go to the computer store and buy a device that lets your hard drive to another computer by USB. It’s called a USB to IDE/Sata Adapter and costs from $25 to $35 dollars.

This is what you need an IDE to USB converter. There are also ones that work with Sata and laptop drives.

2. Find another Windows computer either your own or a friend’s or relative’s. Download and update Malwarebytes and AVG and SuperAntispyware and Spybot to that second computer. (You have many choices, just make sure you use Malwarebytes and AVG among them.)

3. Turn off the power to badly infected computer and unattach the cables. Open up the case of the and remove the hard drive. Some cases will have large buttons to push–like Dell– others will have screws. Remove the case.

Open the case by unscrewing the screws or pushing a button or lever.

Open the case by unscrewing the screws or pushing a button or lever.

Make sure your computer is turned off and unplugged before you do this.

4. The hard drive will have a wide-band white/gray cable attached to it and a four-prong power cable.

Here is the power cable.  You can see a bit of the ribbon cable in back of it.

5. Remove the cables. (Take a digital photo with your camera or cell phone if you think you may forget how they are attached.

What a ribbon cable looks like

What a ribbon cable looks like

5. You’ll probably have to unscrew the hard drive from the where it is attached to the case.

Use a screwdriver to unscrew hard drive screws.
Use a screwdriver to unscrew hard drive screws.

6. After removed, attach the hard drive to the right (same size) IDE/SATA adapter and plug in the power.

Here the hard drive is attached to the adapter.

Here the hard drive is attached to the adapter.

7. Connect USB cable to the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

The computer should recognize that new hardware has been attached. If you go into My Computer, you’ll see it as a USB mass storage device and listed as a letter such as E, F, G, or H, depending on how many cd/dvd and hard drives are on that computer.

You'll see this in the right-hand corner of your monitor screen.

You’ll see this alert “Found New Hardware” in the right-hand corner of your computer screen.

This window will appear on your desktop.  Choose the

This window will appear on your desktop. Choose the “Open folder to view files” option.

Your hard drive is attached!

7. Now run the anti-spyware and anti-virus programs one at a time. If you can, do a custom scan and single out the attached hard drive. Let each anti-spyware run and then remove or quarantine the viruses.

This is the AVG interface.  It allows you to pick the hard drive you want to scan.  Here E and F are selected.

This is the AVG interface. It allows you to pick the hard drive you want to scan. Here E and F are selected.

8. If you have enough skill, go into the desktop of that drive (the one that is connected by USB) and copy and paste the Malwarebytes installer to the desktop of your user. Find the All Users desktop folder and drag the MBAM installer icon into the window.

Drag Mbam icon into the

Drag Mbam icon into the “All Users” desktop folder.

Then you can run it later when you reattach the hard drive in its own computer.

9. Unattach the hard drive from the USB and put it back into its own case. Reattach the cables all the way so they fit snuggly. Start up the computer. You should now be able to go into Safe Mode with Networking and download the anti-spyware and run it. You still will have a lot of spyware to contend with but now you have more of an edge. If you put the Malwarebytes icon (Mbam) on the desktop you can click on it and run it. Make sure that you update it.

Good luck and let Ms. Ducktoes know how it goes. Please feel free to comment and make suggestions.

See this post for more detailed information on how to download and run the anti-spyware.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather