GVU virus is a screen-lock ransomware similar to other numerous ransomware scams spread in Europe recently. GVU Gesellschaft zur Verfolgung von Urheberrechtsverletzungen is a German Cyber Crime Police agency, and anyone who understands German might get scared with allegations that in a blink of an eye make criminals out of normal people that somehow run into this infection. Usually, this program comes with Trojans from infected or malicious websites. Clicking links in email from unknown source might be the way to malicious website that spread GVU virus. They also might offer a free download programs for spreading this virus with installation wrappers. When GVU virus is installed, it is set to run on Windows startup, and as soon as it starts it completely locks user access to the infected computer. Then, a message with accusations in violation of a law related to prohibited content is shown to the shocked user. Some people get scared and ready to pay a ransom presented as a fine for violation. They are trying to avoid trouble promised to ones who do not pay quickly. Though, governmental agencies do not use untraceable money transfers such as Ukash or Paysafe card for collecting fines, and they wouldn’t lock computers for such a reason. Criminals extort money by scaring people and promise to unlock computer after the payment is made. However, they do not bother with unlocking, and victims are left short of 100 EURO with a need to somehow remove GVU virus and unlock computers themselves. This guide might help you to get rid of Gesellschaft zur Verfolgung von Urheberrechtsverletzungen ransomware.
GVU Removal Guide
What is GVU virus?
GVU is a classic ransomware scam designed for scaring people and extorting money out of scared victims. When GVU virus infects computer, it blocks user’s access to the desktop and then, it asks for ransom that is presented as a fine for some unknown law violation supposedly committed by the victim. The web cam activity and threats with more serious than a fine legal actions are used to apply pressure on victims and push them to pay money with a payment system that wouldn’t let to trace the receiver. Do not expect to get rid of the screen below for paying 100 Euro to criminals. It is just a useless money waste since you computer is left locked and you need to remove this GVU virus by yourself or find some help around.
If your computer is not infected, then use some precaution while browsing the Internet or opening your email. GVU virus is spread with Trojans and your computer might get infected if you visit suspicious websites or make a free downloads from unknown sources. Use your antivirus program to scan downloads and email. This will increase your chance to avoid GVU scam. If your computer is somehow infected, do not believe the claim and do not pay any money since it wouldn’t help you to get your computer back.
GVU virus Removal Tool
GVU virus is difficult to remove because the access to computer is locked. This program blocks even a Windows Safe Mode that commonly is used for fighting malware manually. The only option is left available is a Safe Mode with Command prompt, and you need to use it for the removal. Computer users might find this task difficult since they seldom use system administration tools, and working with system registry presents some risk of damaging the whole system. It might make computer inoperable and require reinstalling operating system. Professionally designed removal tool is a better choice for users without prior experience in malware removal or, at least, some background in computer science.
GVU Virus Removal Tool helps to remove GVU virus and other computer threats. It offers real-time protection and free professional support for malware removal. Free scanner let you discover all the necessary information that can help to remove viruses manually for those who have advanced knowledge and experience.
Remove GVU virus manually
The first thing that might help you with GVU virus removal is your Windows System Restore utility. When it is properly set, it saves your system image taken at some specific date and time, and the system might be restored to the state it has then. Try to access Windows System Restore while your system is started in a Safe Mode with Command prompt. Choose a restore point that is set right before your system was infected, and run the restore process. This way is a simplest of all other way with exception of running a removal tool that automatically finds and deletes GVU virus.
If the System Restore cannot be used for some reason, then try to remove GVU virus in the following way:
1. To avoid tricks that criminals might use for protecting GVU virus, first you need to check and repair proxy settings for your browser to prevent redirecting your computer to malicious websites that might help to reinstall malware being removed. It is just a precaution needed in a case of this malware foreseen future development, but it will protect you against spyware programs that come along with GVU virus or installed later.
2. When done with fixing proxy settings, start your computer in a Safe Mode with a Command Prompt and log as a system administrator. Open Startup folder and remove suspicious files out there.
For this click Start, select All Programs and find Startup folder. Look at the startup folder and remove any suspicious program that you cannot identify. GVU uses random name that consist of characters and numbers. It might be also named as well-known windows files for hiding in a disguise. These malicious programs usually have different extension names and are placed in a different location as compared to real files. After you remove GVU virus from the startup list, restart your system and see if it helps to stop the virus.
3. If removing suspicious files from the Startup list doesn’t help to block this virus, than check and fix registry keys commonly used by malicious programs for the automatic start settings. To remove this keys:
Click Start and type regedit.exe in the search field below. Then, press Enter. (On windows XP you need to click Run in the menu and type regedit.exe in the input field of the Run utility.
Press OK button, or Enter key, when done.)
In Registry Editor Look for the keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [some path to randomly named GVU executable file]
Note: Write this path and file name down. It will help you to find and remove GVU virus main executable file later.
Expand the key:
Look for Shell subkey in the right pane. It should be set to “Explorer”. If there is some other file or some additional string placed after “Explorer”, then remove any extras and leave only “Explorer” as a subkey value.
IMPORTANT: Before you make changes to your system registry, please make a backup file for the key that you are going to change or remove. You can do this by opening File menu in the Registry Editor and clicking Export. Then follow instructions on the screen. If something goes wrong, you can restore the registry key by double clicking saved file. If no problems are found, then you can discard backup files later.
Kill GVU malicious processes
Note: The file is located in either %AppData% or %Temp% directory in the current user profile.
GVU virus entries from system registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [path to random]\[random chars].exe
Delete GVU file and folders:
%UserName%\%Application Data%\[random chars folder name]\[random chars].exe
%UserName%\%Temp%\[random chars folder name]\[random chars].exe
Complete GVU removal
GVU might come with other malware, and it is often the case with infected and malicious websites. After you remove GVU virus, you need to update your antivirus software and run a deep scan for viruses. You can also use some free antivirus scanner from trusted vendors to double check the result of the removal. Some malicious programs might be bundled with spyware programs, and you need to remove these spyware with some antispyware program.
Find more about computer system protection against malicious programs.