Ukash Virus Description
The Ukash Virus is a colloquial nickname for a family of ransomware Trojans that display fraudulent police alerts, block you from using other applications and threaten you with legal action if you don’t pay a fee within a short time period. Preferred payment methods for this fine include Paysafecard and Ukash – hence the Ukash Virus’s name. The Ukash Virus family is especially notable for tailoring its warning messages to local regions and having many different variants for different countries. SpywareRemove.com malware researchers have noted that the Ukash Virus is particularly widespread in Europe, but there are also variants of the Ukash Virus that are designed for American or Canadian PCs. If you see a warning message that resembles a Ukash Virus’s pop-up, you should, firstly, try to disable the Ukash Virus, and secondly, use appropriate anti-malware software to delete the Ukash Virus infection. Under no cases should you ever feel it necessary to pay a Ukash Virus fine, which is, itself, an illegal request.
The Ukash Virus: a Globetrotter with Crime on Its Mind
Variants of the Ukash Virus may be distributed in a number of ways, although SpywareRemove.com malware researchers have noted that many recent Ukash Virus attacks have involved drive-by-download exploits from malicious websites. Ukash Virus infections are immediately noticeable due to their primary symptom: an HTML page that covers your entire desktop and Windows interface. This web page is crafted to look like a country-specific legal warning against embarrassing or common crimes such as child pornography trafficking or illegal music downloads. Most variants of Ukash Virus pop-ups will also display your IP address, some will display a fake ‘video recording’ notice, and all of them will claim to be from some form of unrelated law enforcement organization.
Examples of the widespread and nationality-tailoring nature of individual Ukash Viruses include:
- The Scotland Yards Ukash Virus, West Yorkshire Ransomware, Metropolitan Police Ukash Virus, Police Central e-crime Unit (PCEU) ransomware ransomware, which target the United Kingdom.
- Athens Security Prosecution of Electronic Crime Ransomware, which targets Greece.
- Bundespolizei National Cyber Crimes Unit Ransomware, one of the earliest detected variants of the Ukash Virus, which targets Germany.GVU Gesellschaft zur Verfolgung Ransomware.
- ‘Attention! Votre ordinateur a ete pour violation’ ransomware, Votre ordinateur est bloqué Gendarmerie Ransomware, Police Nationale FR Ransomware, Office Central de Lutte contre la Criminalité Ransomware, Gendarmerie Nationale Ransomware and Sacem Police Nationale Ransomware, all of which target France.
- ‘Votre ordinateur est bloqué’ Belgium Ransomware, which targets Belgium.
- Polícia de Segurança Pública Portuguese Virus, which targets Portugal.
- Royal Canadian Mount Police (RCMP) Ransomware and the Canadian Security Intelligence Service (CSIS) Ransomware, which target Canada.
- Poliisi Tietoverkkorikos Tutkinnan Yksikkö Ransomware, which targets Finland.
- The Cuerpo Nacional de Policia Virus
- Guardia di Finanza Ransomware, Polizia postale e delle communicazioni Ransomware and ‘Il Suo computer e’stato bloccato’ Ransomware, which target Italy.
- ‘Computer Crime & Intellectual Property Section’ Ransomware, which targets the United States.
- Computerkriminalitat Des Criminal Intelligence Service Ransomware, which targets Austria.
- Politie Federal Computer Crime Unit Ransomware, which targets the Netherlands.
- Polisen Enhetnen för Databrott Ransomware, which targets Sweden.
Where the Buck Stops with the Ukash Virus
Although Ukash Virus pop-ups claim to have legal authority and may even warn you of consequences to your PC (such as file deletion) if you don’t pay their fines, you should never feel the need to pay the ransom from Ukash Virus infections or other ransomware attacks. Resolutions to most Ukash Virus problems are easier to find than you might expect, since SpywareRemove.com malware researchers have found that common variants of the Ukash Virus only use their pop-ups to block other programs and, therefore, can be disabled to renew complete access to your PC. No known variants of the Ukash Virus actually possess any ability to carry out their threats, and ignoring their warnings is safer for both your PC and bank account than the converse.
Disabling the Ukash Virus is achievable through various methods, with popular techniques including booting to Safe Mode or booting Windows from a USB-based HD device. Since recent Ukash Virus infections have been distributed via browser exploits, SpywareRemove.com malware research team stresses that having good browser settings and a strong anti-malware program to block drive-by-downloads can help to prevent your PC from being the Ukash Virus’s next target. In spite of their nicknames, Ukash Virus-based PC threats aren’t true viruses and do not have any known ability to infect wide varieties of other files.
W32/Injector.AAPK!tr [Fortinet]Trojan-Dropper.Win32.Injector.ifcn [Kaspersky]Ransomer.BJT [AVG]Win32/Reveton.N [ESET-NOD32]Trojan:Win32/Reveton.P [Microsoft]Win32.Troj.Injector.GX.(kcloud) [Kingsoft]Gen:Variant.Kazy.134631 [BitDefender]Trojan-Dropper.Win32.Injector.gxvk [Kaspersky]TROJ_GEN.RCBH1AC [TrendMicro-HouseCall]W32/Suspicious_Gen4.BZNTZ [Norman]
More aliases (764)
Ukash Virus Automatic Detection Tool (Recommended)
Is your PC infected with Ukash Virus? To safely & quickly detect Ukash Virus, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Ukash Virus What happens if Ukash Virus does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\updates\[RANDOM CHARACTERS].exe 586 2 %UserProfile%\wgsdgsdgdsgsd.exe 586 3 %WINDIR%\Temp\wgsdgsdgdsgsd.exe 447 4 %APPDATA%\Task Scheduler\Task Scheduler.exe 234 5 %ALLUSERSPROFILE%\lsass.exe 190 6 %CommonProgramFiles%\svchost.exe 169 7 %LOCALAPPDATA%\lollipop\[RANDOM CHARACTERS].exe 110 8 %LOCALAPPDATA%\Temp\ms[RANDOM CHARACTERS].com 103 9 %APPDATA%\system\winlogon.exe 87 10 %ALLUSERSPROFILE%\Application Data\dsgsdgdsgdsgw.bat 7
Posted: July 15, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 399,663