GVU (Gesellschaft zur Verfolgung von Urheberrechtsverletzungen) Scam is a virus that attacks computers located in Germany. It pretends to work under the name of German Cyber Crime Police. Once installed to a machine, a virus blocks it completely. This scam was made to swindle peoples’ money away by scaring them with many crimes committed. These include illegal usage and distribution of copyrighted content such as movies, music, and illegal software and similar. One might be blamed even for having child pornography related content.
GVU Scam usually gets inside a system through its security holes and vulnerabilities. Cyber criminals use Trojan Horses for this malware distribution. In many cases one can get attacked by this parasite after browsing through infected websites. Another way to get blocked by GVU Scam is by downloading shareware or freeware from untrustworthy sources.
As soon as the scam starts working, you will see a message:
Ihr Computer wurde gesperrt!
Die Funktion ihres Computers wurde aufgrund unerlaubter Internethandlungen außer Kraft gesetzt. im Folgenden werden mögliche Verstöße aufgelistet, die von ihnen begangen werden konnten:
GVU Scam collects 100 EUR from every infected computer – this is the amount of the fine one should pay in order to unblock a system. There is no need to say that paying this money will not remove the malware nor eliminate the problem.
To actually fix your computer and delete GVU Scam, you should do the following:
- Restart your computer; press F8 while it is restarting.
- Choose safe mode with networking.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify the file and delete it.
There is more than one GVU Scam version. Some of them do not let any safe mode to be launched.
If safe mode is not available, reboot into safe mode with command prompt. If it works, remove GVU Ukash scam using these instructions:
- Reboot into safe mode with command prompt.
- Run regedit. Look for Winlogon.
- There will be a key named by Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users’ folders, replace it with explorer.exe. This should stop GVU Scam from launching on reboot
- Save changes and reboot to safe mode with networking.
- Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
- Install and run https://www.sicherpc.net/downloads/spyhunter.exe. Scan with it the PC and remove GVU ransomware files it finds.
For a better understanding follow this video guide:
If no safe mode is available, scan with bootable antivirus scanners like Kaspersky Rescue CD. In some cases you can try to launch your anti-malware program during the gap before the blocking screen shows up and do this:
- Reboot normally.
- Enter http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. GVU Scam should not block your PC anymore.
Automatic Malware removal tools