Skip to main content
Microsoft Security Intelligence
Published Nov 29, 2012 | Updated Sep 15, 2017

Ransom:Win32/Urausy

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Windows Defender Antivirus detects and removes this threat. 

This family of ransomware locks your PC and displays a full-screen message (commonly called a "lock screen").

It pretends to be from a national police force and tries to scare you into paying a fine to unlock your PC.

See the Technical information tab for examples of the lock screen.

It is distributed by various exploit kits, such as Blacole and Exploit:JS/Coolex.A, and is often disguised as an Adobe Flash installer or video file to trick you into downloading and running it.

You can read more on our ransomware page.

Do not pay the fee or fine that this threat asks for. The message is a fraud.

If you've already paid, see our ransomware page for help on what to do now.

Run antivirus or antimalware software

The following Microsoft software detects and removes this threat:

However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use Windows Defender Offline:

The following articles may help if you're having trouble getting the tool to work:

After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.