FacebookTwitterLinkedIn

GEMA Virus

Also Known As: GEMA Ransomware
Damage level: Severe

What is GEMA?

GEMA is one of the largest societies of authors for works of music worldwide. Cyber criminals, however, are using the name of GEMA in their ransomware to trick unsuspecting PC users into paying a bogus fine, supposedly for downloading copyrighted material from the Internet.

GEMA has no connection with this computer locker - Cyber criminals exploit the name of this company in order to make their deceptive message appear authentic. The text within this fake message asserts that you have downloaded copyrighted material from the Internet, thereby committing a criminal offence.

This message is a scam - do not trust it.

gema your computer has been locked scam

If you pay this fine you will send your money to Cyber criminals and your computer will remain locked. This ransomware is categorized as a Euro Winlocker and previous variants of this scam exploited the name of the International Police Association.

Commonly, ransomware infections such as Gema - Your computer has been locked!  are localized. These PC infections are able to identify your computer's IP address and thus present the deceptive message in your language.

To distribute GEMA ransomware, Cyber criminals use Trojans and malicious websites. To prevent these infections from entering your computer, use legitimate antivirus and anti-spyware software.

Ransomware infections have become a profitable business for Internet criminals and they continue to develop and distribute new versions of these computer lockers. Do not trust any screen lockers - no authorities use these methods to collect fines for infringements.

If your PC is already infected with this ransomware, use this removal guide to eliminate it and unlock your PC.

A fake message shown within the GEMA ransomware:

GEMA
All activity of this computer has been recorded. If you use a web cam, video and pictures were saved for identification. You can be clearly identified by resolving your IP address and the associated host-name. Your computer has been locked! Illegally downloaded material (MP3's, Movies or Software) has been located on your computer. By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act. The downloading of copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 206 of the Copyright Act subject to a fine or imprisonment for a penalty of up to 3 years. Furthermore, possession of illegally downloaded material is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded. To unblock your computer and to avoid other legal consequences you are obligated to pay a release fee of 100 euro. Payable through Paysafecard or Ukash. After successful payment your computer will automatically unlock. Failure to adhere to this request could involve criminal charges and possible imprisonment.
To unlock your computer and to avoid other legal consequences you are obligated to pay a release fee of 100 euro. Payable through Paysafecard or Ukash. After successful payment your computer will automatically unlock. Failure to adhere to this request could involve criminal charges and possible imprisonment.To perform the payment, enter the acquired Paysafecard or Ukash code in the designated payment field and Press the "OK" button.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

GEMA ransomware removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with GEMA ransomware. Start your Internet browser and download a legitimate anti-spyware program.

Update the anti-spyware software and start a full system scan. Remove all the entries detected.


After completing these steps your computer should be clean. Reboot your computer in Normal Mode.

Alternative GEMA ransomware removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file).

Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of GEMA ransomware.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated.

For this step, you need access to another computer. After removing GEMA ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove GEMA ransomware:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
GEMA Ransomware QR code
Scan this QR code to have an easy access removal guide of GEMA Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.