The Ukash Virus or Ransom Virus is an annoying Malware that is spreading widely all over the internet. It used to be only on “suspicious” porn sites, but it’s also known to invade normal download sites displaying only harmless video content.
Please note that Ukash is a respectable online money transfer service taken advantage of by this scam that is in no way affiliated with them.
Fear not …. it is removable !
First, if you see yourself on a webcam on the web site, don’t worry. Its not going to be displayed anywhere. Its just a hoax.
Also, this site does not corporate with any Police force anywhere. The makes of this are just thieves and scam artists … but very clever thieves and scam artists!
All though, the Ukash virus is changing all the time, the below guide is a pretty safe bet and has been tested on all the variants we have found.
Ukash Virus removal process
- Shut down your computer on the ON / OFF button
- Remove / Deactivate any wireless or internet cable.
- Start your computer and keep pressing F8 to active Safe Mode Start options
( some computers like Medion might want you to press something else than F8)
- When Restart in Safe Mode options are available, choose :
– Restart in Safe Mode with COMMAND PROMPT (this is important)
No other Safe Mode or Restore option will work
- When Windows has started in Safe Mode you will only see a Command line
(you might have to log-in using your Windows password first)
- On the command line, write : RSTRUI.EXE
- This will prompt the Windows Restore function to open
8. Choose a Restore file from a time you know your computer was working fine.
9. Let Windows Restore itself …. it might take 20-30 minutes.
When Windows is backed up, you need to clean the Ukash VIRUS leftovers
10. Download and install Chica PC-shield from ChicaLogic.com It’s free!
11. Scan with Chica PC-shield and it should find any leftover threats.
ProgramData\DSGSDGDSGDSGW.PAD (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
Please notice, that in some cases there will not be any leftovers since you have Restored, but in most cases it will.
12. You might also experience a pop-up after reboot that a file with a name like “wgsdgsdgdsgsd.exe” or something related “can not be found”.
Don’t worry about that. Either find the reference in Registry or SLOW-PCfighter to remove the entries.
Note : Your Anti-Virus or Spyware might have been deactivated and the signature database deleted by the Virus so make sure you update or reinstall the product
Good luck, and please be careful out there 🙂
If all else fails use Chica-PCShield which runs on the Malwarebytes engine. This unique program automatically removes most infections instantly for future help as well.