A new and very malicious ransomware virus is spreading on the internet. Previously it was only found on dodgy sites like porn or illegal download pages. Not it has unfortunately also begun to populate on normal sites and on pages with videos being played.
But, luckily with a little work it can be removed
The first thing one notice is that a webcam picture of you has been taken. This is very disturbing to see but fear not this will not be displayed anywhere. This is just a way for the perpetrators to scare you to pay.
Not all sites where the virus is placed are helpful in closing them down. This makes it very difficult for the police, FBI and investigators to shut them down. These scam artists are furthermore almost impossible to find.
Removing the Ukash Virus
Although there are reports of different kinds of Ukash virus, this guide should help most people out there who have been infected by this horrible virus. Please read through the entire guide before starting.
1. Close down your computer with a hard reboot (pressing down on the OFF button).
2. Remove or turn of any wireless or internet cable connection.
3. Startup your computer while pressing down F8 to activate Safe Mode options (a few computers like Medion you might have to press something else).
4. When in the Safe Mode Options menu choose: "Restart in Safe mode with COMMAND PROMPT (very important).
5. You will see a Command Line when your Windows has booted in Safe Mode (there is a chance you have to login with your Windows password first).
6. In the command line window, write: RSTRUI.EXE which will prompt the Windows Restore function to open.
1. Choose a Restore file from a time you know your computer was working properly (to be safe go at least a couple of days back).
2. Windows will not restore itself. This might take up to 20-30 minutes depending on size.
3. Now you have to clean the virus leftovers when your Windows is backed up.
4. Download and install the free ChicaPC-Shield and do a scan to find any leftover threats.
ProgramDataDSGSDGDSGDSGW.PAD (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
Users(yourname)AppDataRoamingMicrosoftWindowsStartMenuProgramsStartup unctf.lnk (Trojan.Ransom.SUGen)
If you are lucky enough there will be no leftovers since the restoration cleared everything. However in most cases there will be files to clean.
1. After your reboot you might experience a popup with a random file name like "wgsdhsagss.exe" or something related, which says "can not be found". This is nothing to be worried about. You can manually find this reference in the Registry or use SLOW-PCfighter to remove these entries.
NB. Your antivirus or spyware program might have been turned off and the signature database deleted from the system. Just reinstall the product and you are good to go.
We hope this guide helped you get the best of the virus and cross our fingers you are more careful in the future.