Ukash Virus

Ukash Virus Description

Ukash Virus Screenshot 1The Ukash Virus is a colloquial nickname for a family of ransomware Trojans that display fraudulent police alerts, block you from using other applications and threaten you with legal action if you don't pay a fee within a short time period. Preferred payment methods for this fine include Paysafecard and Ukash – hence the Ukash Virus's name. The Ukash Virus family is especially notable for tailoring its warning messages to local regions and having many different variants for different countries. SpywareRemove.com malware researchers have noted that the Ukash Virus is particularly widespread in Europe, but there are also variants of the Ukash Virus that are designed for American or Canadian PCs. If you see a warning message that resembles a Ukash Virus's pop-up, you should, firstly, try to disable the Ukash Virus, and secondly, use appropriate anti-malware software to delete the Ukash Virus infection. Under no cases should you ever feel it necessary to pay a Ukash Virus fine, which is, itself, an illegal request.

The Ukash Virus: a Globetrotter with Crime on Its Mind

Variants of the Ukash Virus may be distributed in a number of ways, although SpywareRemove.com malware researchers have noted that many recent Ukash Virus attacks have involved drive-by-download exploits from malicious websites. Ukash Virus infections are immediately noticeable due to their primary symptom: an HTML page that covers your entire desktop and Windows interface. This web page is crafted to look like a country-specific legal warning against embarrassing or common crimes such as child pornography trafficking or illegal music downloads. Most variants of Ukash Virus pop-ups will also display your IP address, some will display a fake 'video recording' notice, and all of them will claim to be from some form of unrelated law enforcement organization.

Examples of the widespread and nationality-tailoring nature of individual Ukash Viruses include:

Where the Buck Stops with the Ukash Virus

Although Ukash Virus pop-ups claim to have legal authority and may even warn you of consequences to your PC (such as file deletion) if you don't pay their fines, you should never feel the need to pay the ransom from Ukash Virus infections or other ransomware attacks. Resolutions to most Ukash Virus problems are easier to find than you might expect, since SpywareRemove.com malware researchers have found that common variants of the Ukash Virus only use their pop-ups to block other programs and, therefore, can be disabled to renew complete access to your PC. No known variants of the Ukash Virus actually possess any ability to carry out their threats, and ignoring their warnings is safer for both your PC and bank account than the converse.

Disabling the Ukash Virus is achievable through various methods, with popular techniques including booting to Safe Mode or booting Windows from a USB-based HD device. Since recent Ukash Virus infections have been distributed via browser exploits, SpywareRemove.com malware research team stresses that having good browser settings and a strong anti-malware program to block drive-by-downloads can help to prevent your PC from being the Ukash Virus's next target. In spite of their nicknames, Ukash Virus-based PC threats aren't true viruses and do not have any known ability to infect wide varieties of other files.

Aliases


Pakes2_c.NRL [AVG]W32/Foreign.AOV!tr [Fortinet]Ransom:Win32/Urausy.E [Microsoft]TR/Urausy.230400Troj/Ransom-AOV [Sophos]Trojan.Winlock.11647 [DrWeb]Gen:Variant.Kazy.515679 (B)Trojan-Ransom.Win32.Foreign.lhds [Kaspersky]Win32:Hoblig-B [Heur] [Avast]TROJ_GEN.R047H09LD14Trojan ( 004b24781 ) [K7AntiVirus]RDN/Suspicious.bfr!bh [McAfee]Gen:Variant.Kazy.515679Trojan.Win32.Tracur.BAMDownloader.Generic14.DSF [AVG]
More aliases (821)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ukash Virus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

sdin.exe File name: sdin.exe
Size: 103.14 KB (103140 bytes)
MD5: c14157edc27bdfd1e4fdc54dd95058cb
Detection count: 85
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: October 23, 2013
MSPAINT.EXE File name: MSPAINT.EXE
Size: 209.4 KB (209408 bytes)
MD5: d3448fb158b500704144fd75ec94c189
Detection count: 82
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: January 9, 2014
tefy.exe File name: tefy.exe
Size: 103.14 KB (103140 bytes)
MD5: 10e9dd643be562b659e29cb5fcbc742b
Detection count: 81
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: October 23, 2013
%ALLUSERSPROFILE%dxrqfya.exe File name: dxrqfya.exe
Size: 57.34 KB (57344 bytes)
MD5: 85f908a5bd0ada2d72d138e038aecc7d
Detection count: 70
File type: Executable File
Mime Type: application/octet-stream
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: January 9, 2014
%APPDATA%\Microsoft\Windows\Templates\securitywindrv.exe File name: securitywindrv.exe
Size: 34.81 KB (34816 bytes)
MD5: 0da8705f12382804c87d20ee58a4674c
Detection count: 56
File type: Executable File
Mime Type: application/octet-stream
Path: %APPDATA%\Microsoft\Windows\Templates\
Group: Malware file
Last Updated: August 22, 2013
%ALLUSERSPROFILE%lwo8z8rcl.dss File name: lwo8z8rcl.dss
Size: 204.8 KB (204800 bytes)
MD5: 496fea09b09d07f7b3a9d3834229702f
Detection count: 53
Mime Type: application/dssc+der
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: November 25, 2013
jnubh.exe File name: jnubh.exe
Size: 103.14 KB (103140 bytes)
MD5: 9d2ca5cb31579b7fc5e49593d3e6b627
Detection count: 46
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: October 23, 2013
bunk.exe File name: bunk.exe
Size: 61.44 KB (61440 bytes)
MD5: bb29ba1cad79dcb26c986ecc92d76b4e
Detection count: 45
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: August 8, 2013
%APPDATA%Other.res File name: Other.res
Size: 70.65 KB (70656 bytes)
MD5: 2122654109b372638bca24f780ea1921
Detection count: 21
Mime Type: unknown/res
Path: %APPDATA%
Group: Malware file
Last Updated: November 11, 2013
C:\ProgramData\F5753306.cpp File name: F5753306.cpp
Size: 241.84 KB (241848 bytes)
MD5: 12f3c8bc428f4e2c2b547cc20ac6db87
Detection count: 20
Mime Type: unknown/cpp
Path: C:\ProgramData\
Group: Malware file
Last Updated: October 31, 2014
%ALLUSERSPROFILE%bf8h8d02hf.exe File name: bf8h8d02hf.exe
Size: 315.9 KB (315904 bytes)
MD5: 1cbe49c0ebbeefbbe9f1c1fda9eebbe6
Detection count: 19
File type: Executable File
Mime Type: application/octet-stream
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: November 13, 2014
%ALLUSERSPROFILE%hwj3ba6j.dss File name: hwj3ba6j.dss
Size: 176.64 KB (176640 bytes)
MD5: 54f1a99f7cb18ed47756bb22e1681766
Detection count: 7
Mime Type: application/dssc+der
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: November 4, 2013
%SystemDrive%\Users\PP.WALSTEDARK\AppData\Local\Temp\xaZYOVJW.exe File name: xaZYOVJW.exe
Size: 133.63 KB (133632 bytes)
MD5: 4382872727fc8c0996fa315c599ecdf0
Detection count: 5
File type: Executable File
Mime Type: application/octet-stream
Path: %SystemDrive%\Users\PP.WALSTEDARK\AppData\Local\Temp\
Group: Malware file
Last Updated: September 16, 2013
%ALLUSERSPROFILE%dqnbdq7.dss File name: dqnbdq7.dss
Size: 175.61 KB (175616 bytes)
MD5: 6514a485b26fcca011121f42f188d3b2
Detection count: 5
Mime Type: application/dssc+der
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: November 18, 2013
%ALLUSERSPROFILE%\ActiveU0\bzsbkotiu.exe File name: bzsbkotiu.exe
Size: 233.47 KB (233472 bytes)
MD5: 35180a38939fe1b4368d804ae25e5a57
Detection count: 5
File type: Executable File
Mime Type: application/octet-stream
Path: %ALLUSERSPROFILE%\ActiveU0\
Group: Malware file
Last Updated: December 2, 2013
%ALLUSERSPROFILE%\Data aplikac?\wjthvwjb.dss File name: wjthvwjb.dss
Size: 221.18 KB (221184 bytes)
MD5: 9f2da2fd4fe9713d74acf0eb8fad8dc3
Detection count: 5
Mime Type: application/dssc+der
Path: %ALLUSERSPROFILE%\Data aplikac?\
Group: Malware file
Last Updated: November 22, 2013
%ALLUSERSPROFILE%r90lwlww.dss File name: r90lwlww.dss
Size: 208.89 KB (208896 bytes)
MD5: dbc66a280086ab3c23c2dca7b49fa96c
Detection count: 5
Mime Type: application/dssc+der
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: November 25, 2013
%USERPROFILE%\Local Settings\Temp\msavfit.exe File name: msavfit.exe
Size: 158.2 KB (158208 bytes)
MD5: 9f5e6c75851b2ee4b10e3e3b783d10b7
Detection count: 5
File type: Executable File
Mime Type: application/octet-stream
Path: %USERPROFILE%\Local Settings\Temp\
Group: Malware file
Last Updated: November 13, 2014
%WINDIR%\system32\audipbrd.exe File name: audipbrd.exe
Size: 347.64 KB (347648 bytes)
MD5: 6ea827e7f4d182b0cb538cb5048bbdb2
Detection count: 5
File type: Executable File
Mime Type: application/octet-stream
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: December 22, 2014

More files

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%ALLUSERSPROFILE%\[RANDOM CHARACTERS].bat%ALLUSERSPROFILE%\[RANDOM CHARACTERS].dot%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS].bat%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS].dot%ALLUSERSPROFILE%\Application Data\dsgsdgdsgdsgw.bat%ALLUSERSPROFILE%\Application Data\dsgsdgdsgdsgw.pad%ALLUSERSPROFILE%\Application Data\ifgxpers.exe%ALLUSERSPROFILE%\Application Data\MigAutoPlay.exe%ALLUSERSPROFILE%\Application Data\Sun\[RANDOM CHARACTERS].exe%ALLUSERSPROFILE%\dsgsdgdsgdsgw.bat%ALLUSERSPROFILE%\dsgsdgdsgdsgw.pad%ALLUSERSPROFILE%\ifgxpers.exe%AllUsersProfile%\Local Settings\Temp\[RANDOM CHARACTERS].pif%ALLUSERSPROFILE%\lsass.exe%ALLUSERSPROFILE%\MigAutoPlay.exe%ALLUSERSPROFILE%\ms[RANDOM CHARACTERS].dat%ALLUSERSPROFILE%\Sun\[RANDOM CHARACTERS].exe%APPDATA%\0_0u_l.exe%APPDATA%\[RANDOM CHARACTERS].cff%APPDATA%\[RANDOM CHARACTERS].dll%APPDATA%\[RANDOM CHARACTERS].mcb%APPDATA%\csrsss.exe%APPDATA%\hleo32.exe%APPDATA%\ifgxpers.exe%APPDATA%\jork_0_typ_col.exe%APPDATA%\msconfig.dat%AppData%\Other.res%APPDATA%\skype.dat%APPDATA%\system\winlogon.exe%APPDATA%\Task Scheduler\Task Scheduler.exe%APPDATA%\toip0_tmp.exe%APPDATA%\updates\[RANDOM CHARACTERS].exe%APPDATA%\wgsdgsdgdsgsd.exe%APPDATA%\wlsidten.exe%APPDATA%\wpbt0.dll%CommonProgramFiles%\svchost.exe%LOCALAPPDATA%\DTS Bootstrap\SessEnv.exe%LOCALAPPDATA%\lollipop\[RANDOM CHARACTERS].exe%LOCALAPPDATA%\Microsoft\Windows\84\SessEnv.exe%LOCALAPPDATA%\Microsoft\Windows\?84\SessEnv.exe%LOCALAPPDATA%\Microsoft\Windows\??84\SessEnv.exe%LOCALAPPDATA%\Temp\ms[RANDOM CHARACTERS].com%PROGRAMFILES%\b34btbztdb0vavaw.exe%PROGRAMFILES(x86)%\b34btbztdb0vavaw.exe%TEMP%\0_0u_l.exe%TEMP%\hleo32.exe%TEMP%\install_0_msi.exe%TEMP%\jork_0_typ_col.exe%TEMP%\msimg32.dll%TEMP%\rundll32.dll%TEMP%\toip0_tmp.exe%TEMP%\wgsdgsdgdsgsd.dll%TEMP%\wgsdgsdgdsgsd.exe%TEMP%\wlsidten.dll%TEMP%\wpbt0.dll%USERPROFILE%\Local Settings\Application Data\lollipop\[RANDOM CHARACTERS].exe%USERPROFILE%\wgsdgsdgdsgsd.dll%UserProfile%\wgsdgsdgdsgsd.exe%WINDIR%\system32\0_0u_l.exe%WINDIR%\system32\toip0_tmp.exe%WINDIR%\system32\wpbt0.dll%WINDIR%\Temp\wgsdgsdgdsgsd.exeDirectory%ALLUSERSPROFILE%\Application Data\CreativeAudio0%ALLUSERSPROFILE%\CreativeAudio0CLSID{51164744-9696-9919-9702-756205740524}Registry key*\shellex\ContextMenuHandlers\ExplorerWAS*\shellex\ContextMenuHandlers\secure_delSoftware\Classes\*\ShellExt\ContextMenuHandlers\ExplorerWASSoftware\Classes\*\ShellExt\ContextMenuHandlers\secure_delRun keysSysyem Cleaner

Related Posts

Posted: July 15, 2012
Threat Metric
Threat Level: 9/10
Infected PCs 19,959

44 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.