GVU Virus – Ihr Computer wurde von der GVU gesperrt
GVU warning message stating that “Ihr Computer wurde von der GVU gesperrt” is a ransom program. It will force victim to pay for the unlock code to regain access on the affected computer.
GVU virus will display a German message “Ihr Computer wurde von der GVU gesperrt.” In English, it can be translated as “Your computer was locked by the GVU.”
This GVU ransom program will lock the screen and make your desktop unusable. It disguises as a message from Gesellschaft zur Verfolgung von Urheberrechtsverletzungen e.V. (Society for the Prosecution Association of Copyright Infringement) to mislead computer users. On the other hand, GVU confirms from their web site that the message did not originate from their office. GVU is a legitimate bureau and is not part of any online criminal activities.
GVU pointed out that at present; there are variants of these attacks trying to extort money from computer users. Since 2011, almost a huge number of this malicious software is in circulation. Once it enters the system, the malware will disable Windows and all programs within it. Then, it will prompt user to pay a sum of money as a penalty for having unlawful copy of software.
The fake GVU warning statement contains message:
“Ihr Computer wurde von der GVU gesperrt. Auf Ihrem Comptuer wurden illegal heruntergeladene Medien (Raubkopien) gefunden.
“Your computer was locked by the GVU. Illegally downloaded materials (pirated) were found on your computer.”
This intimidating message attempts to let user pay for a fine of 50 Euro through recommended payment scheme. Authors of GVU virus will send the code after the transaction to unlock the computer.
We highly discourage you to pay for this ransom program. Instead, remove the GVU desktop lock by following the procedures below.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
[cf]regis[/cf] [cf]files[/cf]How to Remove GVU Virus – Ihr Computer wurde von der GVU gesperrt
Download Kaspersky Rescue Disk
1. Download the ISO image of Kaspersky Rescue Disk 10 (kav_rescue_10.iso) from this link.
2. Download the Kaspersky Rescue Disk Maker (rescue2usb.exe) from this link.
Create A Bootable USB Drive
3. Insert a clean USB flash drive to available slot. To record the ISO file and create a bootable USB drive, double-click on rescue2usb.exe. It will extract the files and create a folder called Kaspersky Rescue2Usb.
4. Kaspersky USB Rescue Disk Maker should run after the extraction. If not browse the Kaspersky Rescue2Usb folder and run the rescue2usb file.
5. From Kaspersky USB Rescue Disk Maker console, click on Browse and locate the file kav_rescue_10.iso.
6. On USB Medium, select the USB drive you wanted to make as bootable Kaspersky USB Rescue Disk. This will become a bootable virus scanner.
7. Click in Start to begin the process.
8. When the process is complete, it will display a notification message. Your tool to remove GVU Virus is now ready.
Boot The Computer From The USB Kaspersky Rescue Disk 10
9. Since GVU Virus uses a rootkit Trojan that controls Windows boot functions, we need to reboot the computer and select the newly created Kaspersky USB Rescue Disk as first boot option. On most computers, it will allow you to enter the boot menu and select which device or drives you wanted to start the PC. Refer to your computer manual.
10. If you successfully enters the boot menu, choose the USB flash drive. This will boot the system on Kaspersky Rescue Disk. Press any key to enter the menu.
12. It will display End User License Agreement. You need to accept this term to be able to use Kaspersky Rescue Disk 10. Press 1 to accept.
13. The tool will prompt for various start-up methods. We highly encourage you to choose Kaspersky Rescue Disk Graphic Mode.
Remove GVU Virus Using Windows Unlocker
14. Once the tool is running, you need to run WindowsUnlocker in order to delete registry that belongs to GVU Virus. On start menu located at bottom right corner of your screen, select the K icon or select WindowsUnlocker if it is present on the Menu.
15. Select Terminal from the list. A command prompt will open.
18. This utility will start removing any components that blocking you from accessing the computer. It will display a log file containing actions performed on the infected computer like deleted infected file and removed registry entries.
19. After removing components of GVU Virus. You need to scan the system using the same tool. On start menu, select Kaspersky Rescue Disk.
20. Be sure to update the program by going to My Update Center tab. Click on Start update.
21. After the update, go to Object Scan tab and thoroughly scan the computer to locate other files that belong to GVU Virus.
22. Restart the computer normally when done.
Alternative Removal Method for GVU Virus – Ihr Computer wurde von der GVU gesperrt
Option 1 : Use Windows System Restore to return Windows to previous state
If GVU Virus – Ihr Computer wurde von der GVU gesperrt enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before GVU Virus – Ihr Computer wurde von der GVU gesperrt infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : GVU Virus – Ihr Computer wurde von der GVU gesperrt manual uninstall guide
IMPORTANT! Manual removal of GVU Virus – Ihr Computer wurde von der GVU gesperrt requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to GVU Virus – Ihr Computer wurde von der GVU gesperrt.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for GVU Virus – Ihr Computer wurde von der GVU gesperrt files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by GVU Virus – Ihr Computer wurde von der GVU gesperrt.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
j heelan
May 18, 2012 @ 13:59:48
i found file called ksprskylabs1.exe in AppData>Roaming directory; had to show hidden files/folders to see AppData directory under the username. renamed this file, deleted recent temp files, rebooted normally and it appears to have resolved problem