Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Changes background
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

Trojan.Urausy.A

Trojan.Urausy.A is a trojan, that distribute ransomware applications known as screen-lockers. They infect target computer to steal money from unsuspecting computer users. When Trojan.Urausy.A delivers a ransomware infection, it does not allow the user to access his desktop anymore, and instead it displays a fullscreen notification that is supposedly sent by the local police office. Trojan.Urausy.A asks for money to be transferred in order to regain computer access.

The ransomware infections distributed by Trojan.Urausy.A belong to the Ukash Virus group. There are quite a few threats delivered by this trojan, including the FBI Virus, GVU Virus, Cuerpo National de Policia Virus, Polska Policja Virus and so on. When the desktop access is blocked, Trojan.Urausy.A expects the user to pay a ransom fee that ranges from 100 USD to 100 euro via alternative payment systems. For example, MoneyPak, Ukash, PaysafeCard and so on (but these services are in no way related to Trojan.Urausy.A ). Thus, it doesn't require credit card information, and even users that do not have bank accounts can become targets of this infection.

Trojan.Urausy.A is usually downloaded and run by an exploit that the user catches if he or she visits a compromised website. The exploit changes your registry entries allowing Trojan.Urausy.A to run automatically each time Windows starts. Once the Trojan is run, it locks the computer and the user cannot do anything about it. You will see a fake security message in various languages (depending on your location), asking you to pay a ransom fee, accusing you of copyright infringement and other serious crimes.

Also, Trojan.Urausy.A can connect to the Internet behind your back and send out various information to remote servers at tcenj.ru, fsbps.ru and cremk.ru. It is important that you do not pay a single cent to the scammers behind Trojan.Urausy.A.

Remove Trojan.Urausy.A from your computer following the instructions below to bypass be the screen-lock:

Windows Vista & Windows 7

1. Restart the computer and press F8 repeatedly until Advanced Boot Options menu show up.
2. Use arrow keys to navigate to select Safe Mode with Networking and press Enter.
3. Go to http://www.pcthreat.com/download-sph and download SpyHunter.
4. Install the program and run a full system scan.

Windows XP

1. Follow the steps 1 and 2 above.
2. When a confirmation dialog box appears, click Yes.
3. Download SpyHunter .
4. Open Start menu and launch Run.
5. Type "msconfig" and press Enter.
6. Click Startup tab on the System Configuration Utility.
7. Click Disable all, click OK and exit the menu.
8. Restart your computer in Normal mode.
9. Install SpyHunter and run a full system scan to detect Trojan.Urausy.A.

Invest in a reliable antimalware tool that will help you to protect your computer from malware.

Download Spyware Removal Tool to Remove* Trojan.Urausy.A
  • Quick & tested solution for Trojan.Urausy.A removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.Urausy.A

Files associated with Trojan.Urausy.A infection:

RRT.exe
RRT.exe
saiAE7.exe
msconfig.dat
msconfig.dat
saiAE7.exe

Trojan.Urausy.A processes to kill:

saiAE7.exe
RRT.exe
saiAE7.exe
RRT.exe
Disclaimer

Comments

  1. John Jun 4, 2013

    The latest version of Urausy.A will not allow Safe Mode to load - it reboots the PC.

    So far I have not found how to remove it - even Microsoft Defender run from a bootable USB drive fails to find it.

  2. Pcthreat Jun 5, 2013

    John,

    Did you try Safe Mode with command prompt?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.