Remove “Guardia di Finanza” Ukash Virus (Uninstall “Guardia di Finanza” Ukash Scam)

What is “Guardia di Finanza” Ukash Virus?

“Guardia di Finanza” Ukash Virus is a nasty virus similar to Metropolitan Police Ransomware. Once your computer was infected with “Guardia di Finanza” Ukash Virus, then it has been locked, you need to pay 100 euros or pounds to unlock it within 24 hours or 48 hours over Ukash or Paysafecard; otherwise your computer will be wiped clean.

“Guardia di Finanza” Ukash Virus is an Italian Police fake antivirus software, and the ”Guardia di Finanza” ransomware prevents any actions after normal startup, no task manager, start menu, not anything,  ”Guardia di Finanza” Ukash Virus blocks your internet as well. No ”Guardia di Finanza” Ukash Virus removal tool be able to help.

“Guardia di Finanza” Ukash Virus The ctrl-alt-del isn’t working when you go into start task manager goes back to the same page both in normal mode and safe mode in Windows XP, Windows Vista or Windows 7.

Your computer can be hijacked by “Guardia di Finanza” Ukash Virus when you are on facebook, youtube, MSN, porn sites or when you click on links in your emails as mentioned before.

“Guardia di Finanza” Ukash looks as it is legit but it is a big scam. ”Guardia di Finanza” Ukash Virus is stubborn with its screen and you cant get it off. What you should do is manually get rid of ”Guardia di Finanza” Ukash Virus at a quick time, to completely clean it out.

“Guardia di Finanza” Ukash Virus Step-by-Step Removal Instructions

1.The associated files of ”Guardia di Finanza” Ukash Virus to be deleted are listed below:

%Windows%\system32\[random].exe
%appdata%\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp
%Documents and Settings%\[UserName]\Desktop\[random].lnk

2.The registry entries of “Guardia di Finanza” Ukash Virus that need to be removed are listed as follows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"

(Note: If you haven’t sufficient expertise in dealing with program files, processes, .dll files and registry entries, it may lead to mistakes damaging your system.)

Some simple Swiss Army Knife for Securities Experts:

Command line Tools for Windows:

Ps Tools from SysInternals can help to execute command line commands from remote host: here the command to execute command line:

psexec \\<hostname> -u <user> -p <password> cmd

Regedit — Connection from remote host to open registry

reg — execute query to registry(after psexec connection)

More and more Googling for searching infos on trojan horse virus and its names and registry entries.

Here some other infos http://www.tgsoft.it/italy/news_archivio.asp?id=463

~ di diegotech su aprile 10, 2012.

2 Risposte to “Remove “Guardia di Finanza” Ukash Virus (Uninstall “Guardia di Finanza” Ukash Scam)”

  1. NEWS TIP: Another registry key to check is HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit
    The malware write itself at the end of the value.
    Chwck it out also in HKEY_USERS\
    After this Run Combofix to recover all windows functionalities.

  2. I have got to say I really obsess overf your blog, the way
    you write is fantastic!

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

 
%d blogger cliccano Mi Piace per questo: