Windows Anytime Upgrade Ukash Virus. Successful elimination.

Lately the virus called Windows Anytime Upgrade Ukash Virus has been spreading through the web with great power infecting more and more users all over the world. As any other virus this one penetrates inside your system without your knowledge or permission. It provides you with lots of different pop-ups and fake messages. You just need to ignore everything Windows Anytime Upgrade Ukash Virus shows you. This virus should be deleted as soon as possible from the system.

Windows Anytime Upgrade Ukash Virus
Windows Anytime Upgrade Ukash Virus

The virus replaces some of your files on its similar. They can look like these:

  • locked-TDSSKiller.exe.ajhy
  • locked-Blue hills.jpg.nzpq
  • locked-Sunset.jpg.womn
  • locked-RegHive.LOG.pea

If you try to run your system in safe mode and delete the virus you will not be able to do this. Because Windows Anytime Upgrade Ukash Virus shows you the blue screen of death and restarts pc. When your pc will be restarted you need to click on Directory Services Restore Mode (Windows domain controllers only)

Directory Services Restore Mode (Windows domain controllers only)
Directory Services Restore Mode (Windows domain controllers only)

Next you need to download GridinSoft Trojan Killer directly from our official site. Or you can download the program from another pc and then transfer it onto your infected one with the help of a flash drive onto your infected one. Update the antivirus database in Trojan Killer and scan your system. When the scanning is over you will be provided with the list of threats Trojan Killer finds.

List of threats
List of threats

Delete the threats. You need to insert the activation code to proceed the elimination process if you have one. If you don’t you click on Purchase License! Purchase the program and get your personal activation code.

Purchase License
Purchase License

After the threats are removed reboot your system. Maybe you will have to press RESTART button on your processor. You need also restore the work of Regedit and Task Manager. That is why:

1. Enable the display extensions in the system function:

extensions in the system
extensions in the system

My Computer → Tools → Folder Options → View tab → remove the tick of Hide extensions for known file types → Ok
2. Create a text document and write the following:

  • REG DELETE “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /v DisableRegistryTools /f
  • REG DELETE “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /v DisableTaskMgr /f
  • REG DELETE “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe” /f
  • REG DELETE “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe” /f
  • REG DELETE “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe” /f
  • REG DELETE “HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe” /f
  • REG DELETE “HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe” /f
  • REG DELETE “HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe” /f

After that you need to rename this document into Restore.cmd. Run the file.

Then you need to replace the files Windows Anytime Upgrade Ukash Virus has replaced earlier manually (locked-TDSSKiller.exe.ajhy, locked-Blue hills.jpg.nzpq, locked-Sunset.jpg.womn, locked-RegHive.LOG.pea). Use this utility for this:
http://support.kaspersky.com/faq/?qid=208286527  (Do not forget to follow the instructions).

Windows Anytime Upgrade Ukash Virus manual remover:

Delete Windows Anytime Upgrade Ukash Virus files:
%AppData%\[random]\[random].exe
Delete Windows Anytime Upgrade Ukash Virus registry files:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[random]: “%AppData%\[random].exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegedit 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger P9KDMF.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger P9KDMF.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger P9KDMF.EXE
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger P9KDMF.EXE
HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger P9KDMF.EXE
HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKCU \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger P9KDMF.EXE

Leave a Comment

*