Can't remove RCMP Ukash virus

Twinbird24

Member
I've been trying to remove this virus with no avail.

The problem: RCMP Ukash virus. When XP (32bit) attempts to start up, the desktop background appears and nothing else except this fake page telling me to send money to have my PC unlocked (looks like this http://tinyurl.com/cdyb567). There is a short period in which the taskbar and icons do load (during this time I can open up task manager, my computer, etc., this is for about half a minute and then the virus takes over and locks the PC). I am not able to start safe mode.

What I've tried: I've ran the bootable Windows Defender Offline which found a lot of things and apparently removed them. I've removed the HDD and scanned it with Malwarebytes and Avast which didn't help either. I used the Kaspersky Rescue Disc 10 (bootable) to run a scan (still didn't fix the problem). I used the AVG rescue disc, didn't fix the problem. I used the Anvi Rescue disc and ran a scan... virus still starts up.

All of these scans have detected problems and reported fixing them but the virus still starts up every-time on reboot (how, I don't know).

Any help would be appreciated!
 
Last edited:
Thank you for the response, I will try option 2 from the link you sent me (since safe mode doesn't work) and post back here with the results.
 
I followed the link you gave me. The scan results showed me that it found infections (just like every other program I've scanned with has) and then I clicked to fix it and it told me it successfully removed the problem (just like every other program) but when I restart I still get the same thing (taskbar and desktop appears for about half a minute or so and then the PC locks).

I don't know how this virus is still starting up, I've ran so many scans (avast and malwarebytes on the infected HDD when it was hooked up to a working PC, and 4 scans using bootable versions of AV software).
 
Can you boot to safe mode with command prompt and due the system restore that way?

Another thing to do would be to put the drive back in a different system and run tdsskiller but click on change parameters and check TDLFS file system.

In fact I highly suggest running tdsskiller in that way.
 
I can't boot into safe mode with command prompt. I tried to run tdsskiller with the HDD hooked up to another PC but the program always scans the system drive only (the C drive). How would I get it to scan the connected HDD (which would be K).

Thanks.
 
As I noted in my previous post.

click on change parameters and check TDLFS file system.
 
The only other thing I can think of is to again have the drive in a different system and do an online scan.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

If this doesn't work then you are forced to do a backup and reinstall of windows.

Like I said, this type of infection is hit or miss.

wait,wait,wait...

You said this is XP correct? Do you have the xp install cd? If so, try the method of doing a system restore.

http://www.myfixes.com/articles/system

follow from resolution B
 
Good to know. I did notice in the log you posted that you are running an old version of AVG or at least you have remnants of it installed. It would be in your best interest to get rid of it and use an updated antivirus program.
 
Ah yes thank you! It has AVG 9 on it, I'll just replace it with the latest version of avast free - I've been happy with it on my other PCs.
 
Back
Top