What is the GVU virus?

The GVU virus (Gesellschaft zur Verfolgung von Urheberrechtsverletzungen virus) is ransomware that uses ransom lock Trojans to block (lock) computer systems from functioning while utilizing a fake alert screen disguised as the Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU Germany). The fake GVU screen makes (false) claims that there is illegally downloaded (pirated) music on your computer which is a criminal offense under Section 106 of the Copyright act, and demands a fine of 50 – 200. Depending on the geo-location of the infected system, and determined by IP address, the victim infected by the GVU virus can pay the fine using Paysafe card, Green Dot Monepak Cards, Ultimate Game Cards, UKash Vouchers, and other online payment systems. Please note, paying the fine using the allowed payment system will not remove the GVU virus.

GVU Virus

Please note the claims made by the GVU virus on the fake Gesellschaft zur Verfolgung von Urheberrechtsverletzungen alert screen are false, you are not in trouble with Gesellschaft zur Verfolgung von Urheberrechtsverletzungen but you are infected with dangerous ransomware.

If you are infected with the GVU virus. Use the instructions provided on this page to easily remove the GVU virus from your computer system before further complications arise.

If the GVU virus is not removed, the GVU infection is capable of destroying complete computer functionality. The GVU virus, as well as all ransomware puts you at a very high risk of cyber criminal attacks concerning identity theft, credit theft, extortion schemes, and more. The GVU virus is capable of recording keystrokes and viewing victims through connected web cams.

How did my computer become infected with the GVU virus?

The GVU Gesellschaft zur Verfolgung von Urheberrechtsverletzungen virus may have been contracted by visiting a website hosting malware, visiting a drive-by-download website, malicious social media links in familiar posts, or falling victim to online phishing techniques such as spam mail or rogue software.

What is GVU (Gesellschaft zur Verfolgung von Urheberrechtsverletzungen)?

The GVU covers copyright infringement in the film – on and entertainment software and support law enforcement.

GVU Virus Dangers, Symptoms

The GVU virus is dangerous ransomware controlled by Trojans capable of many dangerous and stealth attacks. Even if there is no sign of an infection Trojans are still capable of controlling and “seeing” everything on an infected computer system. This includes personal data and all computer activity. Ransom lock style Trojan horses allow the GVU virus to take complete and/or remote control of a system. 

Once infected with the GVU virus/Gesellschaft zur Verfolgung von Urheberrechtsverletzungen virus a computer system becomes locked and a fake alert screen or page depicting Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU) is promptly displayed stating a fake alert message, most likely in German:

German version:

GVU Gesellschaft zur Verfolgung von Urheberrethtsverletzungen
Auf Ihrem Computer wurden illegal heruntergeladene Medien (“Raubkopien”) gefunden.
Diese sind in Form von Musik, Filmen oder Entertainmentsoftware vorhanden. Durch den Download wurden diese Medien vervielfältigt, so dass ebenfalls eine Strafbarkeit gemäß § 106 Urhebergesetz gegeben ist.
Der Download von urheberrechtlich geschützten Medien durch das Internet oder einer Dateitauschbörse (Filesharing) ist illegal und wird gemäß § 106 Urhebergesetz mit Geldstrafe oder Freiheitsstrafe von bis zu 3 Jahren bestraft. Weiterhin ist der Besitz nach § 184 Absatz 3 StGB strafbar und kann auch zur Einziehung des Rechners führen, mit dem die Dateien heruntergeladen wurden.
Eine eindeutige identifizierung Ihrer Person ist mit hilfe Ihrer IP-Adresse und des Hostnames problemlos mögliach.
Die gefundenen Raubkopien wurden verschlüsselt und in ein geschütztes Verzeichnis kopiert.
Um die Sperre aufzuheben und weiteren Strafrechtlichen konsequenzen aus dem Weg zu gehen, sind Sie verpflichtet eine Mahngebühr in Höhe von € 50,- zu bezahlen. Zahlbar durch unseren Payment- Partner Paysafecard. Nach erfolgreicher Bezahlung wird Ihr Computer automatisch entsperrt.
Um die Bezahlung durchzuführen, geben Sie den erworbenen Paysafecard-Code in das dafür vorgesehene Zahlungsfeld ein, wählen Sie den Wert Ihres Codes und drücken Sie anschliessend auf “Absenden”.
Die GVU ist gesetzlich legitimiert – und steht in engem Kontakt zu den Gesetzgebern.

English version:

GVU Society for the Prosecution of Urheberrethtsverletzungen
On your computer illegally downloaded media (“pirated”) were found.
These are available in the form of music, movies and entertainment software. By downloading these media were duplicated, so that is also a criminal offense under § 106 of the Copyright Act is given.
The download of copyrighted media through the Internet or a file swap meet (file sharing) is illegal and punishable under § 106 of the Copyright Act by a fine or imprisonment of up to 3 years. Furthermore, the property is in accordance with § 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer with which the files were downloaded.
A unique identification of your person is mögliach easily with the help of your IP address and the hostname.
The found pirated copies are encrypted and copied to a protected directory.
To unlock and other criminal consequences to go out of the way, you are required a late fee of € 50, – to pay. Payable by our payment partner Paysafecard. After successful payment, your computer is automatically unlocked.
To perform the payment, enter the acquired Paysafecard code in the designated payment field, select the value of your code, and then press “Submit”.
The GVU is legitimized by law – and is in close contact to the legislators.

How To Remove The GVU Virus

  1. Malware Removal Software  – Scan and remove malware
  2. System Restore – Restore PC to date and time before infection
  3. Safe Mode With Networking – Troubleshoot internet access, remove malware

1. Malware Removal Software – Tools

Malwarebytes is the most recommended Antivirus – Anti-Malware software used to scan, detect, and remove ransomware. View other Antivirus recommendations.
Remove Koda Virus

2. System Restore

Perform a system restore to an automatic restore point created by Window’s each week or during system updates.

Windows Recommended Restore And Choose A Restore Point

3. Safe Mode With Networking

If internet access is difficul to accomplish, Safe Mode with Networking can be used to troubleshoot internet and network connectivity. This will allow you to manually detect the GVU virus or download and use software to remove the GVU virus.

1. Reboot your computer in “Safe Mode with Networking”. As the computer is booting (when it reaches the manufacture’s logo) tap the F8 key continuously to reach the correct menu. On the Advanced Boot Options screen, use your keyboard to navigate to “Safe Mode with Networking” and press Enter. Shown below.

Safe mode with networking

Make sure to log into an account with administrator rights.

The screen may appear black with the words “safe mode” in all four corners. Click your mouse where windows start menu is to bring up necessary browsing.

2. If you are able to, access the internet, install software such as Malwarebytes and remove the GVU ransomware virus.

3. If you still can’t access the Internet after restarting in safe mode, try resetting your Internet Explorer proxy settings. These 2 separate options and following steps will reset the proxy settings in the Windows‌ registry so that you can access the Internet again.

How To Reset Internet Explorer Proxy Settings
  • Option 1

In Windows 7 click the Start button . In the search box type run and in the list of results click Run.
In Windows Vista click the Start button and then click Run.
In Windows XP click Start and then click Run.

Copy and paste or type the following text in the Open box in the Run dialog box and click OK:

reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyEnable /t REG_DWORD /d 0 /f

In Windows 7 click the Start button. In the search box type run and  in the list of results click Run.
In Windows Vista click the Start button and then click Run.
In Windows XP click Start and then click Run.

Copy and paste or type the following text in the Open box in the Run dialog box and click OK:

reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyServer /f

Restart Internet Explorer and then follow the steps listed previously to run the scanner

  • Option 2

Launch Internet Explorer. In Internet Explorer go to: Tools >Internet Options >Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.


4. It is now recommended to download Malwarebytes (free or paid version, or other software) and run a full system scan to remove the GVU virus.

Extra Removal Tips:
  • Users infected with the GVU virus may be allowed to access other user accounts on Windows. If such accounts have administrator rights (at least one account), you should be able to launch an Anti-malware program if access to the system has been compromised.
  • Some ransomware use flash when infecting systems. Try to deny Flash to make the GVU ransomware stop functioning as they  intended it to. In order to disable Flash, go to Macromedia support and select ‘Deny’: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing so, run a full system scan with anti-malware program suggested in this article.
  • To learn more about similar ransomware and the instructions involved in removing the infections check out our previous article on FBI ransomware removal. This article includes steps to use a flash drive and blank CD to remove ransomware.
GVU Virus Screenshots

Reader Interactions

Leave a Reply

Your email address will not be published.