How to kill a GUV virus

-Realise it’s a fake message
-Restart the PC in safe mode
-Clear the whole autostart and ignore the “you’re not administrator” message
-Restart the PC in safe mode
-Virus is deactivated, proceed with re-enabling the correct autostart-options and kill it with fire/Anti-Malware tools

But I admit, the first 20 seconds I thought it was the real deal :O

FYI: GUV-Virus is a virus imitating some random German government association, launching itself via autostart on PC boot. It kills TaskManager whenever you open it, attempts to disable adminright for any user and whenever your internet is active, it will display a large white window explaining child porn has been found on your harddrive and you may unlock your PC by paying them 100€ via PaySafe.
Seriously, PaySafe? Everyone stupid enough to fall for that thing is probably too stupid to use PaySafe in first place :O

This entry was posted in News. Bookmark the permalink.

65 Responses to How to kill a GUV virus

  1. Yellowbear says:

    Yeah, there are plenty of tutorials out there how to remove such a virus.
    Although there are many variations out there, I’m pretty sure it’s “GVU” not “GUV”.

    • Alblaka says:

      Oh right… whatever, annoying malware deserves to be misspelled :3

      • Rgamer says:

        Indeed they do. Indeed they do. Say, is AlbOS still in the works? Don’t care about release date, just would be reassured to know it’s still being worked on.

  2. Maximax says:

    I started my PC with the Windows CD new and load an restore point… Everything was fixed^^ … But in the first 10 seks I was realy shocked… The Virus killed the Task Manager, my Anti virus and everything other. I tryed to switch to the desktop or something other, but the Virus put the Website always in front of your display…

  3. Techmago says:

    Or you can use linux and forget about what “virus” mean.

    • Clearshot says:

      whats a virus? 🙂 Linux ftw

    • Alblaka says:

      Jep, but I’m too lazy to bother with Linux.

      • Techmago says:

        It only give you trouble in the start. After you learn it, you will find windows difficult to use: it does not make any sensem, and it waste a hell lot of recurses.

        • Killra Stealer says:

          Well linux rules. One of the main reason i use linux is that i don’t have to bother with viruses. An other is that imo it’s easier to fix problems in linux then windows and when it works it WORKS not giving you some random freezes, crashes, spikes or anything like that.

  4. Tim says:

    lol, Windows.

  5. dedecou says:

    Never had a virus in my entire PC life.

    It’s very easy to avoid them.

    • Alblaka says:

      I would disagree there. Unless you unplug your PC from the internet as whole, you can never claim to be entirely safe. It’s not like I’ve catched the virus by executing random lol.exe files or opening up suspicious E-Mails…

      • dedecou says:

        So how did you catch it Alblaka?
        And those things that you mention are how most virus are distribued.

        • ViPeR says:

          I had the GEMA variant of this virus a few months ago. Where to get? …. While loading Minecraft mods from adfly links in the Minecraft Forums.

          Now i use AdBlock, Noscript and WOT to get a little bit more secure.

        • Alblaka says:

          No clue. I assume it sneaked in via cookies or something.

          • pop1040 says:

            chrome has a safe-mode option that disables cookie making and makes it invisible to alot of stuff

            might be helpfull

      • Clearshot says:

        exactly, tho its easy to reduce the chance of getting a virus by not going to dodgy sites, it doesn’t remove the chance completely

  6. 1234 says:

    use AVAST or AVIRA noobs… (they free you dont need to pirate em)

    if you running hayo pc with 128 ram – avz4 or alkidcd

    • zjohn4 says:

      AVAST did nothing for me when i got a trojan a while back…sooo ive never used it again

      • Rgamer says:

        Why? It’s free, and you can tell it to run alongside other anti-malware software. Norton disables it, but other than that, it’s great. Besides, not using an antivirus software because it didn’t work against one thing is like not wearing a hard hat because you got a concussion with one on. No antivirus/antimalware software is going to protect you from everything.

        • Corey says:

          Antivirus software doesn’t protect against stupidity. Stupidity is the reason people get viruses in the first place. Antivirus software is a worthless waste of resources and nothing more than a hassle.

          • UrzhadOwning says:

            With is not true at all. A virus can be hidden so many places that you can’t be Smart to avoid them. It is more about luck for most ppl.

      • pop1040 says:

        AVG free addition, never a single problem

  7. KArach says:

    Your procedure can as well be applied to any malware, except maybe for those that prevents you from logging into safe mode. 😉

    I wonder if there will ever be any viruses for AlbOS or RedPower’s computers. 😀

    • Rgamer says:

      Someone theoretically could… But what would it do? (Stick to RedBus, as we know its capabilities)

  8. 1234 says:

    press shift multiple times, sometimes (if not disabled) it will bring stikykeys dialog from you able to run any application or cmd, this will allow you to download cureit and run it on locked machine.

    • Alblaka says:

      That’s a fun trick.
      Wouldn’t work on my PC though, I think I’ve all stickydialogs disabled by now.

      • pop1040 says:

        how did you do that? :O
        plz tell

        • Alblaka says:

          When you hit a stick-able button 8 times for the first time (dunno about consecutive times), a dialog will pop up, asking you whether you want to activate the sticky-function. As well it offers an “options” button. Simply click there and uncheck “enable …” (however it’s called).

  9. BASE_SEVEN says:

    Antivirus programs are only a waste of resources if you PAID for them. Most paid antivirus companies ironically use similar tactics to the viruses that they were built to destroy by convincing computer illiterate users that free antivirus programs are useless. Avast or AVG are really all you need (although i would be careful about avg it broke windows once for me) Additionally you do not have to be stupid to acquire a virus according to statistics from norton most viruses are acquired from legitimate sites that have been taken over by hackers. And no macs are not virus proof contrary to your possible beliefs.

  10. Groll says:

    Oh, you my little porn lover 😉
    Use free home version of AVAST as mentioned above, its really good. And can you tell us, what version of windows you using?

  11. 1234 says:

    if your dad installed 2000 it does not make 2000 good…
    seven 32 bit is useless, just like xp but with useless whistles that drain resources.

    seven 64 only alternative for xp.

    • Groll says:

      Why u say so? All that damn whistles can be turned off easily, and stability of system is just greater than in XP (don’t blame me, I’m M$ fan, ha ha)

  12. seiji007 says:

    I have Kaspersky, adblock, noscript, LOT of things like this and I am safe! MUAHUAHUAHUA!!!!! Btw, why someone will pay 100€ because something like this? Just use a antivirus(AVG)…..

  13. Velcio says:

    I had also such a virus once but the message was from my anti-virus, I knew it was a virus because the message was in english but my anti-virus is dutch :p

  14. XFmax-o-l says:

    You would think they would try harder…
    Alot of this scamware/scareware makes me facepalm more than believing it.

  15. Shepherd says:

    i had the same shit 2 years ago. i had avast at that time.. didn’t work, ofcourse. i found a tutorial what used an antivirus called ‘malwarebytes’. i used it and the whole virus was deleted. it found like 120 files.. i still use it as anti virus and since i never had problems with viruses. it’s very unpopular, and i have no clue why.

    never had problems again. I’m still using it and its the best antivirus program ever seen.

  16. edison says:

    I know this is a bit outdated, but i freelance malware removal. and this is what i do when someone brings me their computer after i’ve decided manual removal is too time consuming.
    1) use rkill to stop any malicious malware from running.
    2) run malwarebytes (solves 90 percent of the issues)
    3) run dr web cure it (has really good root kit detection) also do quick scans with gmer or tdss killer
    4) use Microsoft’s RegDelNull to find any undetectable Reg keys
    5)Update or install new AV and do a scan with that (less experinced users i install MSE because its less annoying about things)
    6) If all the above fails use combofix(because it has screwed up user permisons in the past for me) or use windows recovery disk to rebuild windows without losing user data

    I personally recommend the pro version of malwarebytes to people all the time. It runs well with other Antivirus installed and has very good detection rates; solves most problems

  17. tehftw says:

    It’s karma – if you watch child porn, you’ll find small messages informing you of crime.

    • Alblaka says:

      I feel honestly offended by you implying I would be watching child porn.

      • Paul says:

        You gotta admit though, who the fuck would POSSIBLY believe that if the government discovered you had child porn on your HDD, they’d send you a small carefully worded message and demand a 100 euro fine?

        Seriously. I have a hard time believing they’re actually making any money out of this scam.

        • XFmax-o-l says:

          Seeing how honking without good reason in holland fines you 350€…
          Yes, it’s a bit weird.

          • Alblaka says:

            Wow, and I thought Germany’s laws were evil…

            If you would loose 350€ everytime you honk without reason… German government could pay up all debts of Europe with the income gained in a few days :O

  18. Dan_Crane says:

    Ugh, I once had Security Master AV on my old computer, and it was a pain in the rear to remove. I’m not good at removing viruses.

  19. Shiding says:

    It’s been quite sometime since you’ve updated this page with some new information about the mod and it’s development, how come?

    • Alblaka says:

      Because, in all honesty, there isn’t that much developement progress to report about. We’re fixing some minor stuff, but whenever we decide on doing X, something interfers. F.e. my personal plans for IC² 2.0 content got messed up by 1.3 overhauling the SSP/SMP handling. It’s pretty much waiting for Forge 1.3 now, before anything can be properly done in that regard.

  20. trololol says:

    “But I admit, the first 20 seconds I thought it was the real deal :O”

    Is worried that you thought this virus was “the real deal” at all since you state:

    “whenever your internet is active, it will display a large white window explaining child porn has been found on your harddrive and you may unlock your PC by paying them 100€ via PaySafe”

    Tke note of the implictions, and tell me why did you think this was real again? >>

  21. Union says:

    The American (FBI) version of this virus has claimed a few customers at my workplace. It’s funny how simple it is to by-pass something like this (and end up making $150~$200 bucks in the process)…

Comments are closed.