CashU virus is dangerous group of ransomwares, which acts exactly as the negatively famous Ukash virus. However, there is one difference between these two groups of threats – CashU virus spreads in Arabic countries, such as Morocco, Palestine and Israeli. If your PC is located in these or other eastern countries, you should be aware that there is a great danger of being locked by a virus, which additionally shows a huge notification reporting about different kinds of law violations. Typically, CashU virus presents for its victims as a governmental authority, such as police or security department. It uses local computer's language and claims that its owner has been blocked for violating certain laws. Just like Ukash virus, it names the use of copyrighted content and the distribution of spam or malware. Remember, the main reason why CashU virus locks the system is the money. After scaring the victim, it asks paying a certain fee via CashU system and promises that this will unblock the system. However, you have to remove CashU virus for that.
HOW CAN I GET INFECTED WITH CASHU VIRUS?
CashU virus is spread with a help of Trojan horse. There is much information on how this virus spreads: you may download it in a bundle of freeware, shareware or spam email's attachment. Besides, illegal websites and commercial pop-up ads have also been reported to act an important role in the distribution of this ransomware. As soon as it gets inside, it the affected computer down and demands a fee, which should be paid via CashU system. Remember, when dealing with Morocco Sûreté Nationale CashU virus, Palestinian Civil Police Force CashU virus or other CashU virus, you should never follow its commands and pay the fine because it won't help you to restore the access to your PC. For that, you have to remove CashU virus from your computer. Follow a detailed guide bellow and know more about the removal of this ransomware.
HOW TO REMOVE CASHU VIRUS?
When trying to remove CashU virus, the most important thing is to unblock the PC. The easiest way to do that is to change PC's date to the previous one. However, viruses keep mutating and and this may fail to work with your variant of CashU virus. In order to recover your ability to get on the Internet and launch anti-spyware, you can alternatively try one of these methods:
* Flash drive method:
1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with CashU virus once more and run a full system scan.
* Users infected with CashU virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual CashU virus removal:
- Reboot you infected PC to 'Safe mode with command prompt' to disable CashU virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage to remove remaining virus files.