How To Remove Ukash Virus

The Ukash virus is a “ransomware” virus that got its name from the Ukash money transfer system that the virus tells computer users to use in order to pay the ransom and unlock their system.  Typically this virus will display a splash screen that claims it’s a part of the Metropolitan Police (or other federal institution such as the FBI, Royal Canadian Police, and more.  There are quite a few variants of this virus designed to target specific countries and regions.  The malware will then block most of the access to a computer, including the desktop, command prompt, task menu, and more.  It’s one of the more annoying viruses out there.

ukash_virusOne of the hallmarks of this virus is that it poses as a law enforcement agency claiming the user’s computer was involved in illegal activities and demanding payment through Ukash or Moneypak or another online money transfer service.

Obviously this is NOT a legitimate program and we advise against paying any money to “unlock” your computer.  These types of malware programs have been around for years and it’s annoying to see them still proliferating and fooling people.  Unfortunately it’s a bit sticky to get this particular virus off your computer, but there are a few ways that you can remove this particular threat.

How To Get Rid Of The Ukash Virus

The first thing to try would be to boot your computer in Safe Mode with Command Prompt and use System Restore to restore to an earlier point before the computer got infected with this virus.

To start System Restore using the Command prompt, follow these steps:

  1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
  2. Use the arrow keys to select the Safe mode with a Command prompt option.
  3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
  4. Log on as an administrator or with an account that has administrator credentials.
  5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
  6. Follow the instructions that appear on the screen to restore your computer to a functional state.

Scan Your PC With Spyhunter 4

After reverting to a prior restore point then we strongly encourage you to run Spyhunter 4 in order to sweep for any additional viruses or Trojans to ensure that it doesn’t re-install itself.

icon_green_arrow_rightClick Here To Download Spyhunter 4


icon_green_arrow_rightClick Here to visit the Spyhunter 4 main website


If you had a problem with this virus you should contact Ukash and give them any relevant information:

How Did It Get There?

The Ukash / Moneypak virus is distributed using exploit kits and typically gets onto a PC through visiting infected websites or opening infected email or downloads that install this virus through a backdoor.  Ways to prevent these types of infections are to keep all software up to date, such as web browsers, Java, etc.  Also, using an antimalware software tool with real time protection such as Spyhunter 4 is an excellent safeguard.

About the Author

Roger Feinstein has grown up with computers his entire life and strives to help others understand what goes on behind the scenes in their PCs. He's been writing tech articles for websites for over 5 years.

Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.