Ukash Virus is an aggressive group of ransomware scams that tries to swindle your money from you. It is a very convincing virus because it uses alerts presented as given by an official institution, e.g. local or country’s police. It locks your computer completely, therefore, the only thing you can do is to see the message. If one wants to unlock the computer, the message advises paying the fine. Of course, this is only a scam and paying the fine will not change anything. The institutions vary from police to copyright ones. However, in many cases, the messages and designs are similar or even shared between versions and there are few unique details.
Ukash Virus quicklinks
- How Ukash virus is categorized
- Special Removal Instructions for Ukash Virus
- Automatic Malware removal tools
This ransomware is named Ukash Virus under the payment system it requires. The fines are paid using a pre-paid system called Ukash. None of the official institutions would ask any payments via systems like this, therefore, it only confirms that this is not a real warning but a virus used by scammers. One should note, that the payment system Ukash is perfectly legitimate and accepted in some of the countries, mostly European ones, Canada and Australia. Starting of 2013, this ransomware started targeting South American sites as well. Most recent additions include Bolivia and Argentina.
Ukash Virus has a few features to recognise it by. They reveal that this ransomware’s warnings should be ignored:
|Behaviour of the ransomware||
|Spreading of the virus||
|Removal of Ukash virus|
How Ukash virus is categorized
There are 2 distinct types of ransomware: “Police” one or crypto one. The first one extorts money by using someones else authority to justify paying (not necessarily police, but it can be some copyright authority too), the second one holds ones data hostage. While payment methods might vary, Ukash was used for Police viruses the most.
The lockers that encrypt your data are very dangerous because they may as well have deleted it. But most Ukash viruses are screen lockers that stop you from accessing your computer by displaying various fake warnings and don’t corrupt your files.
The exact name of parasite depends on several things. For one, there are various independent straits of this ransomware. Secondly, it will change name depending on the country the computer runs in even if the text used is basically the same one (although it might be translated). In most of the cases, the law will be cited incorrectly, as it is translations from single source mostly. They don’t bother to check local law.
Typically, Ukash Virus will be installed silently when you visit an infected website or one displaying malicious advertisements. In most of the cases, website owners are not aware of malware and sooner or later clean the site. The risks are increased if you run vulnerable Java or Flash versions. Thus it is impossible to tell which websites are safe or dangerous without good antivirus protection. Additionally, Ukash Virus might be installed by network worms, torrent downloads or email spam.
The biggest problem is that Ukash Virus comes in several flavours and no single approach will be successful in all cases. Due to the fact that the virus is really diverse, it can affect various systems and even programs.
For instance, some users on Apple support forum are complaining that Ukash virus hit their Mac computer. Also there have been reports of the virus infecting Android phones and tablets, so basically no one is safe.
Also known as Metropolitan Police virus (because declares to come from them), Ukash virus adapted to specific countries and the name varies – it is called GVU trojanner or Bundesamt für Polizei in Germany, Police Nationale in France and Polizia Di Stato in Italy.
This variety shows that the ransomware must have affected some people enough for them to actually pay the ransom. Unfortunately, that’s unsurprising — invoking the names “violation of federal law”, “FBI”, and other trusted and powerful institutions will strongly affect a lot of people.
Special Removal Instructions for Ukash Virus
If you have access to other accounts on the infected PCs, you should scan the whole PC with anti-malware programs, e.g. spyhunter This is by far the simplest way to remove the parasite. System restore would be an option too. However, if you can’t do this, there are several other strategies. To determine which one you should use, do the following:
Choose between safe modes in the following order : Safe mode, Safe mode with networking and Safe mode with command prompt.
Depending on the outcome, use the following guides :
Ones that allow booting to Safe mode or Safe mode with networking (Malex / Reveton )
- Restart your computer. Press F8 while it is restarting.
- Choose safe mode or safe mode with networking.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data. Note, that these are typical locations for Ukash Virus but some others might be used.
- Restart the system once again.
- scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Ukash Virus files and delete it.
Video for one of such ransomwares:
Versions that allow booting to safe mode with command prompt
Gimemo and Epubb trojans are behind this version of Ukash Virus. This is more difficult version to remove.
- Reboot PC in safe mode with command prompt.
- Run Regedit.
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
- Search registry for Ukash Virus files and delete the registry keys referencing the files.
- Try to reboot and scan with Spyhunter.
- If this fails, try doing a system restore from safe mode with command prompt (rstrui.exe).
Ukash Virus that disables all safe modes
Some versions of Ukash Virus Disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
- Reboot normally.
- Enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. The Ukash Virus process should be killed.
Here a video detailing this approach:
Hitman Pro USB disk
Lastly, you might resort to scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Ukash Virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen).
- When USB ready, reboot infected PC with USB attached and press DEL.
- Choose USB as the primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Remove Ukash virus from MAC
- Download and scan your computer with Combo Cleaner;
- Restore locked files by following this “Restore Mac to a Previous Date” guide.
Automatic Malware removal tools