It was relatively easy to get rid off it with F8 and system restore up to its previous version but when I tried to fix again ( yeah this friend has been attracting and hosting all the strains of this piece of malware so far ) a friend' s computer, I was unable to clean the system that easy.
On it's latest version the writers added a little piece of code that simply restarts the system when a user attempts to log in to the GUI safemode.
I tried to log in with the Command Line Safe Mode and disable the restart functionality with msconfig but no cigar.
Finally, while logged in with the Command Line Safe Mode I simply started the restore program rstrui.exe in .\restore\rstrui.exe and I was able to restore the system. Or you could simply type the following upon logging in to Safe Mode with Command Line ;
cd restore rstrui.exe
The Ukash malware attempts a connection with some IP address in Russia when someone enters a number that matches the Ukash or Paysafe format. Disabling the whole scheme and busting the dudes behind it should not be that hard. The incompetence of the e-crime investigation units in Eastern and South Europe lets the people who operate the scam to get away with it.
I would guess that the next strain of this piece of malware will attempt to disable rstrui.exe better, since it stands on its way to take over the world.
Remove ukash paysafe ransomware malware virus v2