Met Police Ukash virus not detected

I just had to manually delete the virus (it sits in the start-up programs) with winpatrolexplorer (which also didn’t stop it getting through and trying to lock up my machine.

Details of virus here: http://malware-removal.windowsupdatesonline.com/pc-locked-by-metropolitan-police-ukash-virus-asking-for-50100-how-to-remove/

Not sure if the the ‘virus’ came from Dailymotion of via email. It’s easier to get rid of than claimed, but it should never have been able to register itself in the first place.

Sorry to hear you got infected by this virus.

Do you still have it or did you send it to Comodo Instant Malware Analysis or Virus Total (and do you have url’s of the reports of CIMA or VT?)?

In what folder was the actual file?

Which security programs did you have installed at that time and how were they configured?

Nasty virus, using flash can bypass antivirus and firewall unless you disable flash and java. the new edition does not allow into safe mode either. The easiest fix is system restore, if not then a boot disk with an antivirus offline tool or use microsoft security essentials offline on cd / usb boot into clean and restart.

My friend got that. But he had other protection not Comodo. I had to fix his PC. What settings are you using?

His post was in march and he hasn’t been back, so I doubt you will get a reply. :slight_smile:

To protects against the ransomware malware you need to raise the automatic sandbox level from Partially Limited to Limited. That will keep them at bay.

This is true for V6.

For V5 you should follow the advice I give in this article.

What happens when you run ransomware fully virtualized. If you have the registry to have that as an option.
sorry if this is off topic.

This is only possible with V6.

With V6 running CIS with any setting higher than Partially Limited (including Fully Virtualized) will protect you from ransomware.

If the ransomware was fully virtualized i would imagine it would be a simple re boot and it would be gone to never never land, as it was not affecting the real system.

Regards
Dave1234.

thanks for the answer. I also was thinking that you would be able to press the home windows button on the keyboard and ctrl alt delete and you would be able to get to it since it is virtualized.