Guide to remove GVU ransomware (GVU trojaner)

Gesellschaft zur Verfolgung von Urheberrethtsverletzungen (GVU), the well-established and reputable German organization, has nothing to do with development, promotion and distribution of the scareware you see at the screenshot. This program is called “ransomware”, i.e. the desktop hijacker that disables your PC and tells you to pay funds as the ransom forfeit (fine) to unlock it. It strikes many PCs in various countries, but primarily the ones where German language is fluently spoken. However, there is a risk of some other non-German regions being affected by this malicious screen locker. Once the scareware enters the system it totally disables it by permanently replacing the custom desktop background with its own one, that states the fake accusation with regard to user of the infected machine.

GVU

As you see, the ransomware says you were noticed of download, storing and distributing illegal multimedia samples, thus resulting in your system being blocked. As a consequence, the malware says, your system is no longer operable, thus you are instructed by the hijacker to effect the payment in order to unlock the machine. It should be also mentioned that rebooting the PC normally doesn’t help. The locked status persists. This circumstance with your system requires more serious procedures to eliminate the blocked status of it.

What you must realize and remember is that this fake notification is developed by online hackers. It has nothing to do with the German law enforcement bodies, so please never effect the payment in favor of these crooks. Instead, remove this scareware by following the guidelines described below.

Ransomware unlocking procedure

Note! This tutorial is effective for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.

  1. Restart your computer and press F8 while it is restarting.
  2. Choose safe mode with networking.
  3. safe mode with networking

  4. Press Start menu and select Run, or press [Win]+R on keyboard.
  5. Run command

  6. Type msconfig
  7. msconfig

  8. Disable startup items rundll32 turning on any application from Application Data.
  9. Restart your system once again.
  10. Scan your system with GridinSoft Trojan Killer to identify file and delete it.

Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:

  1. Reboot normally.
  2. Click Start and choose Run.
  3. Enter the text specified in the quotation below. If malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter.
  4. http://trojan-killer.net/download.php

  5. Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your PC with it.

Download GridinSoft Trojan Killer for thorough system checkup

Alternative removal video:

Leave a Comment

*