Severity scale:  

Arestocrat virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as Ukash virus, Police virus | Type: Ransomware

Arestocrat virus is a dangerous ransomware, which attacks poorly protected computers and locks them down after that. In addition, it shows a huge alert, which claims that user has been noticed by FBI or other governmental authority for his/hers law violations. Sometimes this alert is titled: You have 48 hours to pay the fine and has a Submit button. Of course, this scam alert also mentions that user can remove the system's block by paying the fine of $300 via Moneypak, Ukash or similar prepayment system. Of course, Arestocrat virus is released for trying to get the money from unaware PC users, so, please, never follow its commands. In order to unblock your PC and start using it as always, we recommend eliminating Arestocrat virus from the system.


Similarly to FBI virus, Arestocrat virus is spread by trojan horse. Just like many other similar viruses, trojan exploits security vulnerabilities and gets inside the system without user's permission asked. As soon as it attacks the system, it downloads malicious Arestocrat virus files and modifies PC for blocking it down. As a result, ransomware starts showing its fake message just after a few seconds when user reboots his/hers computer. Some victims have also reported about a window that says “Arestocrat”. If you know what we are talking about and you want to remove Arestocrat virus from your computer, you should follow a special guide, which explains how to unblock the system and eliminate malicious files from it.

HOW TO REMOVE Arestocrat virus?

When trying to remove Arestocrat virus, you should firstly remove the block from your computer. Check whether you can you reboot your machine to safe mode with networking or safe mode with command prompt and follow these steps:

1. Take another machine and use it to download Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Arestocrat virus once more and run a full system scan.

* Users infected with ransomware viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual Arestocrat virus:

  • Reboot you infected PC to 'Safe mode with command prompt' to disable Ukash virus (this should be working with all versions of this threat)
  • Run Regedit
  • Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  • Search the registry for these files you have written down and delete the registry keys referencing the files.
  • Reboot and run a full system scan with updated Reimage to remove remaining virus files.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

Removal guides in other languages