Severity scale:  

IRMA Virus. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Ukash virus | Type: Ransomware

IRMA virus (also called as Information Resources Management Association virus) is a ransomware infection that must be ignored. In fact, the best way to stop this cyber threat is to eliminate all infected files from your computer. However, many users are trapped by its misleading warning that brocks everything. Just like many other threats that hail from the same group of ransomwares (it is called Ukash), IRMA virus displays a warning, which claims to belong for Business software alliance group BSA. In addition, this alert reports that victim has been noticed watching, using and storing pirate software and illegal video and audio content. It explains that this was the reason why user is now blocked. In order to unlock the PC, IRMA virus asks to pay 250 dollars using one of prepayment systems, such as Moneypak or Ukash. Before you do that, note that this is not a real program that belongs to BSA. IRMA virus is a ransomware infection that must be removed as soon as possible.


IRMA virus is spread by fake video/audio codecs, software updates and other downloads that usually come from unofficial sources. Besides, this threat can reach you through spam email, which also looks officially and includes an infected attachment. Once you fall for downloading such file, your PC is infected with malware and completely blocked. As soon as it gets there, IRMA virus locks the system what means that you are left disabled from getting on the internet and reaching your programs. Instead of the desktop, you see such message:

Your personal computer has been noticed in viewing, storing and using of forbidden and pirate software, audio and video content
Now your PC is locked by Business Software Alliance trade group and information resources management Association
You should buy MoneyPack code denominated of 250 dollars.

You should never fall for these misleading words and pay the fine through Ukash or other prepayment system because this is a way how scammers seek to get users out of their money. Be sure that IRMA virus has nothing to do with Information Resources management Association and Business Software Alliance. The only thing it belongs to is a malicious group of viruses, which is called Ukash. You must remove IRMA virus ASAP.


When trying to remove IRMA virus or other Ukashthreat, the most serious problem is that you are blocked from getting on the Internet. In order to unblock the system, follow these options:

* Flash drive method:

1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Ukash virus once more and run a full system scan.

* Users infected with Ukash viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual Ukash virus removal (special skills needed!):

  • Reboot you infected PC to 'Safe mode with command prompt' to disable Ukash virus (this should be working with all versions of this threat)
  • Run Regedit
  • Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  • Search the registry for these files you have written down and delete the registry keys referencing the files.
  • Reboot and run a full system scan with updated Reimage to remove remaining virus files.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.
IRMA Virus snapshot
IRMA Virus

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

Removal guides in other languages