|
Post by brian on May 21, 2013 16:49:16 GMT
Windows Vista home premium, Sony Vaio VGC-JS1E. Recently got nobbled with the Police Ucash virus. Stopped me being able to boot in safe mode or command prompt. I eventually downloaded a USB boot up program which did clear the problem, but left me with the situation that when booting up, after the welcome and log in screens, I get a DOS box cmd.exe, and I have to type explorer.exe into that to get any further boot up. All works fine after that. Is there anything I can do to get the boot up to work without this intervention?
|
|
|
Post by Admin_Vistamike on May 21, 2013 17:21:12 GMT
brian, welcome to tgigeeks. Recently I have seen quite a few varieties of this nasty Ukash virus in the repairs that come in. To date none of USB tools have worked, in vista and win 7, this little bugger disables that device and it's seems to be getting better in disabling safe mode and and external boot devices. Have not seen the dos box issue you describe, but it suggests that a registry problem may still exist. I have to say, that in the cases I have dealt with to date a reinstall of the OS was the only answer. Backing up your system is so important, perhaps you could look at this option for backing up your system; www.filehippo.com/download_macrium_reflect/ The windows option is extremely unreliable in vista and 7
|
|
|
Post by Lighthouse on May 21, 2013 21:14:59 GMT
I concur with Mike. And if you need to save data, then I would suggest using a Linux live disk. to save it to an external drive, and then totally nuke your drive before you re-install Vista. If you need more help with that, just ask.
|
|
|
Post by warlock on May 21, 2013 21:54:46 GMT
To add, also once you do get your re-install finished. Stop back for recommendations to keep the nasties away from your clean system.
|
|
|
Post by kate on May 22, 2013 6:07:31 GMT
Hi Brian Welcome to tgigeeks
Hope you got sorted. do post back and let us know, it is always helpful for others searching with same problem.
As the guys say any further help...just ask.... Good Luck
|
|
|
Post by mickeyblue on May 22, 2013 6:57:32 GMT
whilst this is indeed a nasty virus, if you say it works fine after typing in the explorer.exe in the cmd prompt, then maybe there are a couple solutions instead of formatting, i presume your laptop came with an OEM install, hence you would need to fork out for a new licence, correct me if im wrong.
It seems like the virus attacked the services, i had an issue where explorer.exe was just not starting up not because of a virus jsut cause it was an old machine and the user might have corrupted it. so i created a batch file, and placed it in the sysvol folder, made it start up automatically. and it worked.
also you can try autoruns, to see if there are any remainders of the virus startup entry. also try ccleaner to remove all rubbish files, and do a registry clean. i find its the safest registry cleaner around.
Just spitballing here but, im sure you not keen on forking out for a win7 licence, that is if you can still find them.
|
|
|
Post by Lighthouse on May 22, 2013 8:09:20 GMT
|
|
|
Post by brian on May 22, 2013 8:46:31 GMT
Thanks for the response. No I'm not keen on paying for a new licence, but was thinking of upgrading to W7 at some time anyway, so that is probably the route I will take. I'm currently searching Ebay. The USB boot program which I found to work was Hitman pro. I previously tried the Anvi one but this had no effect. I then did a scan with Malwarebyte and this cleared a few more bits. I also ran AVG, but that found no more. This isn't exactly a laptop, its one of those all in one desktop units, but it does have laptop internals. But you just made me search for the paperwork I got when I bought it, and have just discovered the recovery discs, which I made back then. Back to the manual then.
|
|
|
Post by Admin_Vistamike on May 22, 2013 13:04:34 GMT
Have to agree with the cleanup www.piriform.com/ccleanerThe registry option is one of the kindest I've seen. AVG, a once superb AV has now become really overbloated and the scan time is like watching the proverbial paint dry, while channel 2 is showing grass growing without the timelapse feature! I recently tried hitman pro from usb but on trying to boot, usb option was disabled as was the optical drive so I had to reinstall the OS, which the client(s) preferred. Data was brought back. Yes, it's a nasty for sure. BTW, a win 7 upgrade is not a good idea, better to fresh install a new OS from scratch in my opinion
|
|
|
Post by brian on May 25, 2013 13:11:24 GMT
Why is an upgrade not a good idea? The thought of having to spend even more hours to restore all the software without losing any data really worries me.
Did a bit more research yesterday, and ran SFC.exe. Then had problems accessing the CBS.log file, but got there in the end. Still none the wiser, though it said it had fixed some problems, but not all. I was expecting it to ask for the OS disc, but it didn't. It restarted in the process and I had to type in explorer.exe again. Looking at the log, I found two entries at the time I typed in the DOS box, you will see there was a time delay between the two, I wasn't watching so it was a little later when I reacted.
2013-05-24 18:56:29, Info CBS Startup: Waiting for SC autostart event 2013-05-24 18:58:56, Info CBS Startup: SC autostart event signaled
|
|
|
Post by Lighthouse on May 25, 2013 13:37:40 GMT
What sort of price were you thinking of for an Upgrade ? ( and I guess it is to W7)
|
|
|
Post by Admin_Vistamike on May 25, 2013 13:42:01 GMT
Hi Brian. Following a few incidents some years ago I found ( from XP to Vista ) remaining problems fro the previous OS and I did this on a few machines. So I never went down that road again. Too many XP registry files were left over and not always certain apps would work. And you make a very valid point installing everything again is time consuming and frustrating for sure. Tis important to keep copies of software and the keys. My reason / preference for clean install is that the HDD is formatted / reformatted to really ensure previous records are lost. Then I make an image of the new install, apps installed, everything happily working etc and that image I can bring back in a disaster situation. That image is a day one install but you can reimage anytime so you always have an image to fall back on. Once a week I do this, saves just so much stress! Software used is www.macrium.com/reflectfree.aspxMike
|
|
|
Post by brian on May 25, 2013 20:14:52 GMT
Thanks, what you say makes total sense. I do have a set of image discs which I made when I bought this as suggested by the manual. I have later backups too, but need to save lots of stuff before I go back to the OEM state. I do also have a W7 Pro disc, bought for another purpose but not used. Can't upgrade from this Vista but can of course do a clean install. Again need to make sure I don't lose anything.
|
|
|
Post by brian on May 29, 2013 16:21:01 GMT
Well I get more confused. I created a new user with admin control since this affair. I now find that it boots up perfectly when the new user is selected, but not when my original user is.
|
|
|
Post by Lighthouse on May 29, 2013 16:39:53 GMT
That is definitely a re-install job. You can remove a virus, but not repair the damage it has left behind !
|
|