×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

URUASY.A Ransomware Trojan - Help needed with removal

URUASY.A Ransomware Trojan - Help needed with removal

URUASY.A Ransomware Trojan - Help needed with removal

(OP)
I see there's threads about similar ransomware (FBI/MoneyPak) but the wife's son has collected URUASY.A, which is proving impossible so far to remove.

MS recommend running Windows Defender Offline, which I've done, using a bootable USB stick, but nothing is detected. As far as Defender is concerned the laptop is clean.

Switching on and hitting F8 to load Safe Mode is recommended by MalwareEXPERTS but after entering the password, the laptop reboots.

I'm thinking of taking the HDD out, hooking it up to another PC and trying to clean it like that. Is this a sensible option? Will Malwarebytes, for example, detect, remove and correct the trojan?

Any other ides?

Cheers, John.

(And yes, the laptop has several file sharing apps on it, despite many warnings about the risks.)

Iechyd da! John
Glannau Mersi, Lloegr.

RE: URUASY.A Ransomware Trojan - Help needed with removal

Try this Link

RE: URUASY.A Ransomware Trojan - Help needed with removal

(OP)
Sorry, fell at the first hurdle - Ctrl+Shift+Esc does nothing. Ctrl+Alt+Del brings up the menu, but "Start Task Manager" just returns the Ransom page. sad

Also, I forgot to mention, the laptop is Win 7 64bit.

Iechyd da! John
Glannau Mersi, Lloegr.

RE: URUASY.A Ransomware Trojan - Help needed with removal

(OP)
It looks like I've got rid of enough of the trojan for it boot through to the user account.

The only Safe Mode I could load was the Command Prompt. So I entered "control.exe" at the prompt, then created a new user account with full admin privileges. I was then able to download and install Malwarebytes which found 6 nasties. After rebooting, the user account loaded as expected.

Now clean out all the junk and hope the lad learns about safe surfing.

I'd like to add that MS Security Essentials was running and up to date, so a big FAIL for M$.

Iechyd da! John
Glannau Mersi, Lloegr.

RE: URUASY.A Ransomware Trojan - Help needed with removal

(OP)
Everything now works as expected, CCleaner removed almost 5Gb of junk, I've disabled eMule and ĀµTorrent using MSConfig, and all the AV apps I've run find nothing.

How long til next time? neutral


Iechyd da! John
Glannau Mersi, Lloegr.

RE: URUASY.A Ransomware Trojan - Help needed with removal

wow, that was a nasty one....I most likely would have booted to a bootable usb, removed the files I needed, and just nuked the drive, and started over.

RE: URUASY.A Ransomware Trojan - Help needed with removal

(OP)
It was certainly nasty, but kids don't have back ups do they?

Iechyd da! John
Glannau Mersi, Lloegr.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close