FacebookTwitterLinkedIn

GVU Virus

Also Known As: Bundesamt fur Sicherheit in der Informationtechnik Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is GVU?

If you see this message (screenshot below) blocking your computer screen, your PC is infected with a ransomware infection. This scam originates from a family of ransomware called Adneukine and has been developed by cyber criminals to make money from unsuspecting PC users.

The message states that computer users have been downloading copyrighted content or watching pornography, and must therefore pay a 50 Euro fine. This statement is false. Bundesamt fur Sicherheit in der Informationtechnik (an authority from Germany) does not send messages such as this - it is a scam and computer users should not pay any fines.

Cyber criminals responsible for developing and distributing GVU ransomware hope that computer users will fall for their deceptive message and pay the bogus fine. This particular screen locker is a localized variant targeting computer users from Germany.

GVU MoneyPak virus

The same infection infiltrating a computer from the USA would appear in English as if being sent from the Internet Crime Complaint Center. There are several families of ransomware infections employing various deceptive methods in order to make their fake messages appear authentic.

Note that statements regarding video and sound recording are fake and implemented with the purpose of further intimidating PC users into paying this fake fine.

One screen locker from the Reveton family uses voice messages to scare PC users. If your computer screen is blocked by this fake GVU message, do not pay the fine. The correct way to deal with this deceptive message is to eliminate it from your PC. The first screenshot below is from the Reveton family of ransomware.

Other variants of the GVU ransomware virus:

GVU Ihr Computer ist Gesperrt virus GVU Ihr Computer ist Gesperrt virus

Update 2015/02/05 - Cyber criminals have updated the design of GVU ransomware virus:

germany GVU ransomware virus reveton 2015

GVU ransomware is distributed through 'botnets'. Cyber criminals infect users' computer with Trojans, which download and execute this type of ransomware infection. Other known methods of proliferating the GVU virus include fake software updates, infected video codecs, and drive-by downloads.

Commonly, ransomware infects users' computers by exploiting security vulnerabilities found in flash and java software. To prevent GVU virus infiltration, always use antivirus and antispyware programs to protect your computer. If your PC is already infected with the GVU virus, use the removal guide provided to unlock your PC.

A deceptive message presented by the GVU virus:

Die ganze Tätigkeit dieses Computers ist registriert worden.
Wenn Sie eine Netzkamera verwenden, wurden Videos und Bilder für die Identifizierung gespart
Auf Ihrem Computer wurden illegal heruntergelassene Medien ("Raubkopien") gefunden. Diese sind in Form von Musik. Filmen oder Entertairimentsoftware vorhanden.Durch den Download wurden diese Medien vervielfältigt, so dass ebenfalls eine Strafbarkeit gemäß § 106 Urhebergesetz gegeben he.
Der Download von urheberrechtlich geschützten Medien durch das Internet oder einer Dateitauschbörse (Fiksharing) ist illegal und wird gemäß § 106 Urhebergesetz mit Geldstrafe oder Freiheitsstrafe von bis zu 3 Jahren bestraft. Weiterhin ist der Besitz nach § 184 Absatz 3 StGB strafbar und kann auch zur Einziehung des Rechners führen, mit dem die Dateien heruntergeladen wurden. Eine eindeutige Identifizierung Ihrer Person ist mit hüte Ihrer IP-Adresse und des Host names problemlos möglich. Die gefundenen Raubkopien wurden verschlüsselt und in ein geschütztes Verzeichnis kopiert. Um die Sperre aufzuheben und v/eitere Strafrechtlichen konsequenten aus dem Weg zu gehen, sind Sie verpflichtet eine Mahngebühr M Höhe von 50,- zu bezahlen. Zahlbar durch unseren Payment- Partner Ukash . Nach erfolgreicher Bezahlung wird Ihr Computer automatisch entiperrt. Um die Bezahlung durchzuführen, geben Sie den erworbenen Ukash -Code in das dafür vorgesehene Zahlungsfeld ein, wählen Sie den Wert Ihres Codes und drücken Sie anschliessend auf "Absenden". Gutschein muss mit einem Nennwert von 50 C seinAchtung! Wenn die feinen nicht innerhalb von zwei Tagen zu bezahlen, werden alle Daten an das Gericht übermittelt werden.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

GVU virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with GVU virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


After completing these steps your computer should be clean. Reboot your computer in Normal Mode.

Alternative GVU virus removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the GVU virus.

Other methods used to eliminate this ransomware infection from your PC:

Remove the GVU virus using a Rescue Disk.

Other tools known to remove the GVU virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Bundesamt fur Sicherheit in der Informationtechnik Ransomware QR code
Scan this QR code to have an easy access removal guide of Bundesamt fur Sicherheit in der Informationtechnik Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.