Virus.Lehzub.A

The malicious Virus.Lehzub.A is part of the devious Gimemo Trojan which may lock down your computer and produce fictitious information in order to lure out your personal savings. The clandestine threat has been created to perform a few different tasks. First of all, it can initiate the lock-down of the computer and demand a ransom pay. Secondly, it may corrupt your personal online accounts to spread malware to other systems. The infection is also known as Win32:LockScreen-MZ, Trojan/Win32.Gimemo and Trojan-Ransom.Win32.Gimemo, and if you have already detected it within the computer – rush the necessary removal procedures. Do you know how to remove Virus.Lehzub.A? Please continue reading to learn more about the threat and necessary removal procedures.

Needless to say, Virus.Lehzub.A is composed of highly malignant components. As research shows, the malicious APBackUp.exe, sysctrl.exe (%WINDIR%) and uaccache.exe (%APPDATA%) are extremely important to the smooth running of the entire infection. They all have rootkit capabilities to hide the computer threat from detection and removal. Additionally these files can record your keystrokes to discover login data and take over your virtual email and IM chat accounts. This can be used to spread the ransomware virus to other computers. Regardless, there are tens of other files you will also need to remove, including notepad.exe which can download malware and disable the Registry Editor. Svchost.exe (%APPDATA%) is also dangerous because it can release fake system pop-ups, disable safe mode and even corrupt USB drives. Note that even though the latter two files use the names of authentic Windows components, they are malicious and require removal.

Once the dangerous Virus.Lehzub.A components take over the system, they can block access to the desktop and present you with a notification supposedly forwarded by the Police. This is not the truth and you should ignore the demands of Ihr Computer wurde gesperrt Virus, Green dot Moneypak Virus, Spautores Virus, GVU Virus and other infections also known by the names Ukash Virus or Moneypak Virus. Here is an example of the fictitious screen-locking notification:

Your computer has been locked!
Illegally downloaded material (MP3’s, Movies or Software) has been located on your computer. […]
To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will automatically unlock.

These accusations are bogus and paying no attention to them is exactly how you should handle the situation. Of course, you should not ignore the ransomware itself, as Virus.Lehzub.A removal should be performed without further delay. The infection is catastrophic to your virtual security and you should employ automatic spyware removal software to delete it from the computer. If you think you are skilled enough to succeed manually, please find the list of all files that should be deleted below. If you want to delete the infection using an automatic remover, follow these instructions.

How to delete Virus.Lehzub.A?

Delete from Windows 8:

1. Tap the Windows key to access the Metro UI start screen.
2. Move the cursor to the bottom right corner of the screen to access the Charm Bar.
3. Click Settings -> Change PC Settings -> General.
4. Move to Advanced Startup and click Start Now.
5. Click Troubleshoot -> Startup Settings -> Restart -> F5.
6. Once the PC boots up launch a browser and visit http://www.pcthreat.com/download-sph .
7. Download and install the automatic spyware removal tool onto the computer.

Delete from Windows Vista or Windows 7:

1. Restart the computer.
2. The moment BIOS loads up – start tapping the F8 key.
3. Use arrow keys to select Safe Mode with Networking and tap Enter.
4. Download SpyHunter.
5. Immediately install the application to delete running malware.

Delete from Windows XP:

1. Restart the PC.
2. Once BIOS screen disappears – start tapping F8.
3. Use arrow keys to select Safe Mode with Networking.
4. Tap Enter.
5. When a desktop alert shows up – click Yes.
6. Open the Start menu.
7. Launch RUN.
8. Enter msconfig and click OK to open the System Configuration Utility.
9. Click the Startup tab.
10. Select Disable All and click OK.
11. Download SpyHunter from http://www.pcthreat.com/download-sph .
12. Restart the PC (normally).
13. Install the downloaded tool to delete running PC infections.