Current category:General

How to remove the Ukash Virus

The Ukash Virus or Ransom Virus is an annoying Malware that is spreading widely all over the internet. It used to be only on “suspicious” porn sites, but it’s also known to invade normal download sites displaying only harmless video content.

Please note that Ukash is a respectable online money transfer service taken advantage of by this scam that is in no way affiliated with them.

Fear not …. it is removable !

Ukash virus removal

First, if you see yourself on a webcam on the web site, don’t worry. Its not going to be displayed anywhere. Its just a hoax.

Also, this site does not corporate with any Police force anywhere. The makes of this are just thieves and scam artists … but very clever thieves and scam artists!

All though, the Ukash virus is changing all the time, the below guide is a pretty safe bet and has been tested on all the variants we have found.

Ukash Virus removal process

  1.  Shut down your computer on the ON / OFF button
  2.  Remove / Deactivate any wireless or internet cable.
  3.  Start your computer and keep pressing F8 to active Safe Mode Start options
    ( some computers like Medion might want you to press something else than F8)
  4. When Restart in Safe Mode options are available, choose :
    – Restart in Safe Mode with COMMAND PROMPT (this is important)
    No other Safe Mode or Restore option will work
  5. When Windows has started in Safe Mode you will only see a Command line
    (you might have to log-in using your Windows password first)
  6. On the command line, write : RSTRUI.EXE
  7. This will prompt the Windows Restore function to open

 Ukash virus System restore

8. Choose a Restore file from a time you know your computer was working fine.
9. Let Windows Restore itself …. it might take 20-30 minutes.

When Windows is backed up, you need to clean the Ukash VIRUS leftovers

10. Download and install Chica PC-shield from It’s free!
11. Scan with Chica PC-shield and it should find any leftover threats.

Filesystem scanning for Ukash virus
ProgramData\DSGSDGDSGDSGW.PAD (Exploit.Drop.GSA) -> Quarantined and deleted successfully.

Users\(yourname)\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen)

Please notice, that in some cases there will not be any leftovers since you have Restored, but in most cases it will.

12. You might also experience a pop-up after reboot that a file with a name like “wgsdgsdgdsgsd.exe” or something related “can not be found”.

RunDLL popup from Ukash virus

Don’t worry about that. Either find the reference in Registry or SLOW-PCfighter to remove the entries.

Note : Your Anti-Virus or Spyware might have been deactivated and the signature database deleted by the Virus so make sure you update or reinstall the product

Good luck, and please be careful out there 🙂

If all else fails use Chica-PCShield which runs on the Malwarebytes engine. This unique program automatically removes most infections instantly for future help as well.

GD Star Rating
How to remove the Ukash Virus, 3.6 out of 5 based on 122 ratings

About Philip Mahler

VP of Marketing at SPAMfighter. Find me on Google+, Twitter or LinkedIn
This entry was posted in General. Bookmark the permalink.


Leave a Reply

Your email address will not be published. Required fields are marked *