Ukash Virus - How to remove?
Ukash Virus is an aggressive group of ransomware scams that tries to swindle your money from you. It is a very convincing virus because it uses alerts presented as given by an official institution, e.g. local or country’s police. It locks your computer completely therefore the only thing you can do is to see the message. If one wants to unlock the computer, the message advices to pay the fine. Of course, this is only a scam and paying the fine will not change anything. The institutions vary from police to copyright ones. However, in many cases the messages and designs are similar or even shared between versions and there are little unique details.
This ransomware is named Ukash Virus under the payment system it requires. The fines are paid using a pre-paid system called Ukash. None of official institutions would ask any payments via systems like this therefore it only confirms that this is not a real warning but a virus used by scammers. One should note, that the payment system Ukash is perfectly legitimate and accepted in some of the countries, mostly European ones, Canada and Australia. Starting of 2013, this ransomware started targeting South American sites as well. Most recent additions include Bolivia and Argentina.
Typically, Ukash Virus will be installed silently when you visit infected website or one displaying malicious advertisements. In most of the cases website owners are not aware of malware and sooner or later clean the site. The risks are increased if you run vulnerable Java or Flash versions. Thus it is impossible to tell which websites are safe or dangerous without good antivirus protection. Additionally, Ukash Virus might be installed by network worms, torrent downloads or email spam.
The biggest problem is that Ukash Virus comes in several flavors and no single approach will be successful in all cases.
Special Removal Instructions for Ukash Virus
If you have access to other account on infected PCs, you should scan whole PC with anti-malware programs, e.g. Spyhunter. This is by far simplest way to remove parasite. System restore would be an option too. However, if you can’t do this, these are several other strategies. To determine which one you should use, do following:
Choose between safe modes in following order : Safe mode, Safe mode with networking and Safe mode with command prompt.
Depending on outcome, use following guides :
Ones that allow booting to Safe mode or Safe mode with networking (Malex / Reveton )
- Restart your computer. Press F8 while it is restarting.
- Choose safe mode or safe mode with networking.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data. Note, that these are typical locations for Ukash Virus but some others might be used.
- Restart the system once again.
- scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify Ukash Virus files and delete it.
Video for one of such ransomwares:
Versions that allow booting to safe mode with command prompt
Gimemo and Epubb trojans are behind this version of Ukash Virus. This is more difficult version to remove.
- Reboot PC in safe mode with command prompt.
- Run Regedit.
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
- Search registry for Ukash Virus files and delete the registry keys referencing the files.
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe).
Ukash Virus that disables all safe modes
Some versions of Ukash Virus Disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
- Reboot normally.
- Enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. The Ukash Virus process should be killed.
Here a video detailing this approach:
Hitman Pro USB disk
Lastly, you might resort to scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Ukash Virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen).
- When USB ready, reboot infected PC with USB attached and press DEL.
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and http://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.