Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Block exe files from running
  • Connects to the internet without permission
  • Installs itself without permissions
  • Slow Computer

Virus.Lehzub.A

The malicious Virus.Lehzub.A is part of the devious Gimemo Trojan which may lock down your computer and produce fictitious information in order to lure out your personal savings. The clandestine threat has been created to perform a few different tasks. First of all, it can initiate the lock-down of the computer and demand a ransom pay. Secondly, it may corrupt your personal online accounts to spread malware to other systems. The infection is also known as Win32:LockScreen-MZ, Trojan/Win32.Gimemo and Trojan-Ransom.Win32.Gimemo, and if you have already detected it within the computer – rush the necessary removal procedures. Do you know how to remove Virus.Lehzub.A? Please continue reading to learn more about the threat and necessary removal procedures.

Needless to say, Virus.Lehzub.A is composed of highly malignant components. As research shows, the malicious APBackUp.exe, sysctrl.exe (%WINDIR%) and uaccache.exe (%APPDATA%) are extremely important to the smooth running of the entire infection. They all have rootkit capabilities to hide the computer threat from detection and removal. Additionally these files can record your keystrokes to discover login data and take over your virtual email and IM chat accounts. This can be used to spread the ransomware virus to other computers. Regardless, there are tens of other files you will also need to remove, including notepad.exe which can download malware and disable the Registry Editor. Svchost.exe (%APPDATA%) is also dangerous because it can release fake system pop-ups, disable safe mode and even corrupt USB drives. Note that even though the latter two files use the names of authentic Windows components, they are malicious and require removal.

Once the dangerous Virus.Lehzub.A components take over the system, they can block access to the desktop and present you with a notification supposedly forwarded by the Police. This is not the truth and you should ignore the demands of Ihr Computer wurde gesperrt Virus, Green dot Moneypak Virus, Spautores Virus, GVU Virus and other infections also known by the names Ukash Virus or Moneypak Virus. Here is an example of the fictitious screen-locking notification:

Your computer has been locked!
Illegally downloaded material (MP3’s, Movies or Software) has been located on your computer. […]
To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will automatically unlock.

These accusations are bogus and paying no attention to them is exactly how you should handle the situation. Of course, you should not ignore the ransomware itself, as Virus.Lehzub.A removal should be performed without further delay. The infection is catastrophic to your virtual security and you should employ automatic spyware removal software to delete it from the computer. If you think you are skilled enough to succeed manually, please find the list of all files that should be deleted below. If you want to delete the infection using an automatic remover, follow these instructions.

How to delete Virus.Lehzub.A?

Delete from Windows 8:

  1. Tap the Windows key to access the Metro UI start screen.
  2. Move the cursor to the bottom right corner of the screen to access the Charm Bar.
  3. Click Settings -> Change PC Settings -> General.
  4. Move to Advanced Startup and click Start Now.
  5. Click Troubleshoot -> Startup Settings -> Restart -> F5.
  6. Once the PC boots up launch a browser and visit http://www.pcthreat.com/download-sph .
  7. Download and install the automatic spyware removal tool onto the computer.

Delete from Windows Vista or Windows 7:

  1. Restart the computer.
  2. The moment BIOS loads up – start tapping the F8 key.
  3. Use arrow keys to select Safe Mode with Networking and tap Enter.
  4. Download SpyHunter.
  5. Immediately install the application to delete running malware.

Delete from Windows XP:

  1. Restart the PC.
  2. Once BIOS screen disappears – start tapping F8.
  3. Use arrow keys to select Safe Mode with Networking.
  4. Tap Enter.
  5. When a desktop alert shows up – click Yes.
  6. Open the Start menu.
  7. Launch RUN.
  8. Enter msconfig and click OK to open the System Configuration Utility.
  9. Click the Startup tab.
  10. Select Disable All and click OK.
  11. Download SpyHunter from http://www.pcthreat.com/download-sph .
  12. Restart the PC (normally).
  13. Install the downloaded tool to delete running PC infections.
Download Spyware Removal Tool to Remove* Virus.Lehzub.A
  • Quick & tested solution for Virus.Lehzub.A removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Virus.Lehzub.A

Files associated with Virus.Lehzub.A infection:

sysctrl.exe
XhsX.exe
hubusb.sys
5D5A9D.exe
23E5.exe
vso.convertxtodvd.5.x-patch.exe
APBackUp.exe
CLAgent.dll
WinPro.dll
sysctrl.exe
YEkZgzU.exe
vzvgg6zew6l3.exe
howcodecsrv.exe
H-9-b_DKx.dll
XhsX.exe
notepad.exe
oleeres.dll
svchost.exe
9AEB.exe
uaccache.exe
5D5A9D.exe
notepad.exe
23E5.exe
vzvgg6zew6l3.exe
oleeres.dll
CLAgent.dll
WinPro.dll
9AEB.exe
H-9-b_DKx.dll
vso.convertxtodvd.5.x-patch.exe
svchost.exe
YEkZgzU.exe
howcodecsrv.exe
hubusb.sys
uaccache.exe
APBackUp.exe

Virus.Lehzub.A DLL's to remove:

CLAgent.dll
WinPro.dll
H-9-b_DKx.dll
oleeres.dll
WinPro.dll
oleeres.dll
CLAgent.dll
H-9-b_DKx.dll

Virus.Lehzub.A processes to kill:

notepad.exe
23E5.exe
vzvgg6zew6l3.exe
5D5A9D.exe
APBackUp.exe
vso.convertxtodvd.5.x-patch.exe
uaccache.exe
9AEB.exe
svchost.exe
sysctrl.exe
5D5A9D.exe
23E5.exe
vso.convertxtodvd.5.x-patch.exe
APBackUp.exe
sysctrl.exe
YEkZgzU.exe
vzvgg6zew6l3.exe
howcodecsrv.exe
XhsX.exe
notepad.exe
svchost.exe
9AEB.exe
uaccache.exe
XhsX.exe
YEkZgzU.exe
howcodecsrv.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.