What is Ukash virus?
Ukash virus is a ransomware that prevents you from accessing your desktop by covering the desktop with a certain image. It's from the family of Trojan:Win32/Reveton. It targets Europeen users. It locks your computer and displays a fake EUROPOL or fake Local Police warning that covers your desktop and demands the payment of a ransom of 100EUR in the form of a Ukash for the supposed possession of illicit material.
The EUROPOL or Local Police Ransomware is configured to start automatically when you login to Windows. It displays a large warning that pretends to be from the EUROPOL or Local Police and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM, or copyrighted content. In order to regain access of your computer you must first pay a fine of 100EUR in the form of a Paysafecard or Ukash or it will be confiscated and you will be arrested, charged and convicted for up to 5 years in prison time and registered as a thief for the rest of your life. This alert is a scam and should be ignored.
Your PC is blocked due to at least one of the reasons specified below: Your computer has been trying to download and/or to install pirated software or multimedia files protected by international laws and has been blocked. According to EU legislation you are required to pay 100 EUR administrative fees if this is the first time you have violated the copyright law. Downloading, installing and distributing such materials is highly punishable and may leave a long lasting effect on your job and on your friends and relatives. If we don't receive a payment within 48 hours your personal information will be sent to your local police authorities. Your hardware used for distribution of pirated software will be confiscated and you will be arrested, charged and convicted for up to 5 years in prison time and registered as a thief for the rest of your life.
To help you make your payment faster and totally anonymous to you, we decided to accept vouchers that are spread nationwide and can be purchased in all major stores.
Legislation s. 163.1 (3) Every person who transmits, makes available, distributes, sells, advertises, imports, exports or possesses for the purpose of transmission, making available, distribution, sale, advertising or exportation any child pornography is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years and to a minimum punishment of imprisonment for a term of five years.
These warnings and anything they state is just a scam to trick you into paying the ransom. Fortunately, it is not necessary to pay the ransom as we have described a method below that can be used to remove this malware from your computer. Once again, Ukash virus is a scam and should be ignored.
Associated Ukash virus System Entries and files
Ukash virus Processes
Ukash virus Files
Ukash virus Registry Entries
How to Stop Ukash virus Fake Alerts
To register Ukash virus and stop its fake warnings, use the following fake license key.
Ukash virus registration code: 6337180116517630998
NOTE: this code will NOT remove Ukash virus from your computer, it will JUST stop the annoying alerts and messages.
Ukash virus Removal Instructions
Step 1: Reboot in Safe Mode with Networking
To restart your computer in Safe Mode with networking:
Restart your computer.
When you see the computer manufacturer's logo, press and hold the F8 key.
On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
Log on to your computer with a user account that has administrator rights.
Step 2: Stop Ukash virus processes
In order to stop Ukash virus from interfering with our removal procedure, we need to end and kill its processes. For this, we will use a FREE powerful utility called RogueKiller.
RogueKiller (by Tigzy) is a tool written in C++, which scans the running processes, and kills those which are malicious. This tool was developed based on speed execution, which will clean the running processes before being killed.
To terminate Ukash virus process:
Always in Safe Mode Download RogueKiller to your desktop from the following link:
RogueKiller Download link
RogueKiller is a portable application, so you don't need to install anything.
Ukash virus may block all executable files, so when you launch the RogueKiller file, it will execute itself. So Rename RogueKiller.exe to RogueKiller.com or winlogon.exe or iexplore.exe
At this point a "pre-scan" will complete and stop any malicious process. Also a list of options will appear along the right-hand side.
Step 3: Remove Ukash virus registry keys
To remove Ukash virus malicious registry entries, we will need RogueKiller again.
RogueKiller also checks for rogue Registry entries, rogue drivers, and Master Boot Record (MBR) issues, so rootkits will be cut.
RogueKiller can also fix and restore a Host file, delete any Proxy entries, repair shortcut problems and unhide files.
CAUTION: This tool is not for beginners. In this step we will ONLY use the Registry tab.
To Delete Ukash virus Registry entries:
Always in Safe Mode run a scan, open RogueKiller and click on Scan.
After a while, you should see a screen with scan results like the following one:
Click on the Registy tab, then click on the Delete button.
Don't Reboot you computer yet, please stay in Safe Mode.
Step 4: Remove Ukash virus files
Malwarebytes Anti-Malware is simply the best known FREE malware removal tools online.
To remove Ukash virus files:
Download Malwarebytes to your desktop from the following link:
Malwarebytes Anti-Malware Download link
Just Follow the easy setup process. Do not make any changes to the default settings
When the setup is finished, make sure you leave both the Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware checked.
You can check or uncheck the Enable free trial of Malwarebytes Anti-Malware PRO as the malware removal is FREE.
Then click on the Finish button. If Malwarebytes prompts you to reboot, please do not do so.
When Malwarebytes is launched, it will ask you to update the databse. Just click OK.
On the Scanner tab,select Quick scan and then click on the Scan.
When the scan is finished a message box will appear, click OK to continue.
Then the screen results will show the various malware infections including Ukash virus that Malwarebytes has found on your computer.
the image below is just an example, your results will be different.
Click on the Remove Selected button.
After Malwarebytes has finished the removal of Ukash virus, you will get a message stating that you need to reboot your computer.
Just Do so, and restart your computer in Normal Mode.
Step 5: Check for any Ukash virus left over
To make sure that your computer is now completely free of Ukash virus, redo a Malwarebytes scan in Normal Mode.
After your are finished, Reboot your PC as asked by Malwarebytes anti-malware.