How to remove Ukash Virus?
What is Ukash Virus?
Ukash Virus is an aggressive group of ransomware scams that tries to swindle your money from you. It is a very convincing virus because it uses alerts presented as given by an official institution, e.g. local or country’s police. It locks your computer completely therefore the only thing you can do is to see the message. If one wants to unlock the computer, the message advices to pay the fine. Of course, this is only a scam and paying the fine will not change anything. The institutions vary from police to copyright ones. However, in many cases the messages and designs are similar or even shared between versions and there are little unique details.
This ransomware is named Ukash Virus under the payment system it requires. The fines are paid using a pre-paid system called Ukash. None of official institutions would ask any payments via systems like this therefore it only confirms that this is not a real warning but a virus used by scammers. One should note, that the payment system Ukash is perfectly legitimate and accepted in some of the countries, mostly European ones, Canada and Australia. Starting of 2013, this ransomware started targeting South American sites as well. Most recent additions include Bolivia and Argentina.
Typically, Ukash Virus will be installed silently when you visit infected website or one displaying malicious advertisements. In most of the cases website owners are not aware about malware and sooner or later clean the site. The risks are increased if you run vulnerable Java or Flash versions. Thus it is impossible to tell which websites are safe or dangerous without good antivirus protection. Additionally, Ukash Virus might be installed by network worms, torrent downloads or email spam.
The biggest problem is that Ukash Virus comes in several flavors and no single approach will be successful in all cases.
Special Removal Instructions for Ukash Virus
If you have access to other account on infected PCs, you should scan whole PC with anti-malware programs, e.g. Spyhunter. This is by far simplest way to remove parasite. System restore would be an option too. However, if you can’t do this, these are several strategies. To determine which one you should use, do following:
Choose between safe modes in following order : Safe mode, Safe mode with command prompt
Depending on outcome, use following guides :
Ones that allow booting to Safe mode or Safe mode with networking (Malex / Reveton )
- Restart your computer; press F8 while it is restarting;
- Choose safe mode or safe mode with networking
- Launch MSConfig;
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Ukash Virus but some others might be used
- Restart the system once again.
- scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify Ukash Virus files and delete it.
Video for one of such ransomwares:
Versions that allow booting to safe mode with command prompt
Gimemo and Epubb trojans are behind this version of Ukash Virus. This is more difficult version to remove.
- Reboot PC in safe mode with command prompt.
- Run Regedit
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Ukash Virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
Ukash Virus that disables all safe modes
Some versions of Ukash Virus Disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following
- Reboot normally.
- enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. The Ukash Virus process should be killed.
Here a video detailing this approach:
Hitman Pro USB disk
Lastly, you might resort to scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Ukash Virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and http://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Ukash Virus is Dangerous
Ukash Virus may display fake security & messages
Ukash Virus may display numerous annoying advertisements
Ukash Virus may be remotely controlled by a malicious person
Ukash Virus may spread additional spyware
Ukash Virus may repair its files, spread or update by itself
Ukash Virus may prove difficult or impossible to remove
Ukash Virus violates your privacy and compromises your security
for Ukash Virus detection
Note: Spyhunter trial provides detection of parasite like Ukash Virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
Ukash Virus screenshots
Manual Ukash Virus removal
Important Note: Although it is possible to manually remove Ukash Virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these Ukash Virus processes:
Remove these Ukash Virus files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Ukash Virus infected files and get help in Ukash Virus removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing Ukash Virus and similar threats.
Such Trojans as Ukash Virus generally infect your system while you are installing a game, opening a picture or playing a video file.
Some Trojans such as Ukash Virus masquerade themselves as useful freeware programs or plug-ins, but are actually bundled Trojans.
As soon as it infects your system, Trojan Ukash Virus gives COMPLETE control over your system to a hacker using the Trojan, who may cause serious damage to your system. A Trojan may alter your desktop or add undesirable shortcuts to various commercial and marketing sites; Ukash Virus is no exception. It may create a backdoor to your system, allowing the hacker to control your system and steal your personal information. Unlike viruses and worms, Trojans like Ukash Virus do not reproduce by infecting other files nor do they self-replicate and each new victim must run the infected file.