I have this stupid virus too. But now whenever windows starts, the screen goes white. And whenever I start it in safe mode, it just shuts itself down automatically.
Of the suggestions above, could somebody please give a step-by-step version of what buttons to press and what exactly to click? I'm not tech savvy, and saying something like "open MSconfig" means nothing to me. How do you open MSconfig? I'd really, really appreciate it.
just got rid of this using ye're help so thanks guys. A very clever but nasty bug.
opened in safe mode
in search box type run enter
when run box opens type msconfig enter
when window opens select start tab
scroll down til until you see an option written in Russian (sample, образец
un-tick this option
open internet and go to malware site identified above in other posts, download, run and 3hrs later when run is complete it is gone
1) How do you start a computer in safe mode? The only way I can do it is by taking out the battery and forcing a shutdown, and the the next time I start it, it gives me a safe mode option. But other than that, how do you do it?
2) I managed to start in "safe mode with command prompt", using method above. The old MS Dos type screen came up. On this screen, I typed in "msconfig", and I got a window with various menus, one of which was called "start". I went through it, there are boxes to check and uncheck alright, but no russian writing. I went through all the menus and sub-menus, no russian anywhere.
3) Using another PC, I downloaded that AVL CD rescue in the link above. It took about 8 hours. I put the USB stick into my laptop, booted from it, and another ms dos looking window came up, with various options, eg scan, view scan results etc. I highlighted the top one, "run scan", and pressed enter. It ran a scan, took about an hour, and it found 1 trojan horse. More options were presented, the one I chose was called something like "heal issue". It did its job, and I chose "shutdown system". The I started the laptop up as normal, but no difference. It still goes to a white screen after the screen asking for your password.
What should I do?
"Santa" brought my daughter a laptop (Toshiba)this christmas and before dinner on christmas day she got this nasty annoying virus (the garda one)that was looking for money to get rid of it.I know a bit about computers but I couldnt get rid of it actually I couldnt get past the screen that pops up.Now bear in mind this laptop was only in use for probably 10 hours and mcafee security software did not catch it.There were only two sites visited on it one was facebook and the other was a radio communications related site but what i did notice is that on both sites there was a banner selling T-shirts I didnt click the banner but she could have eventhough she said she didnt thats the only place it could have come from I think.
Anyway I done a complete factory reset of the computer with the
HDD Recovery system phew we were all delighted when it started up fine again
1) press the power on button, then tap F8
2) there probably will not be Russian per say but there will be a start programme with a name made up of numbers and letters (it will not be a word)
3)Superanti spyware or maywarebyts is they only software I know that will help.
If you can get into safe mode try the following http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/ restart(in safe mode) and you will have a clean acc to work with.Dont forget to hide the admin acc when you are done.
Finally cracked it!
I did a system restore from a week ago, while in safe mode. Now everything is completely back to normal, and the machine seems way faster! Wayhey! Thanks everybody.
Wow this thing is nasty I have to say I'm impressed.
Old XP machine.
Web page pops up shortly after boot you don't have to click anything.
The web page cannot be escaped with "Ctrl+alt+del" "Alt+f4" "Win+R" or anything like that.
Will not allow me to boot into safe mode with command prompt my computer just hangs and restarts.
Allows me to boot into "safe mode" or "safe mode with networking" but gives me the web page almost straight away still.
I have system restore switched off as my SSD drive is small enough as is.
On boot managed to get up task manager quick and kill "explorer" which stops it dead, first tried the regedit fix I found online. This version does not change the reg like the fix said so no joy.
Then got into msconfig from their with task manager and switched off everything in start tab as switching off just the suspicious ones did nothing.
The Damm thing is still their when I boot up again only now with nothing else to load on boot it gets the web page up so fast I don't have time to get up task manager and kill explorer anymore.
Round of applause for this evil thing.
Anyway in temp accomadation right now so no access to reinstall CD and usb cd drive (its a web book). Will get access to them this weekend so wipe reinstall. Can get my files off with bootable Linux key. So I will live but just wanted to point out this thing got nasty with age so some of the old fixes will not work anymore.
Ps got it from a torrent site. Went to site, download torrent, no exe involved and the torrent file was passed straight to bittorrent. (Was a song not porn in case your wondering, who even torrents porn?) Have Microsoft security essentials installed but was not really serious about security on my web book not enough resources on them to be wasting on Anti-virus and Anti-Malware.
I used this link and te steps set out: http://malwaretips.com/blogs/an-garda-siochana-virus/
Had to restore windows in safe state and then run malware virus checker. Im not very pc savvy but was able to follow all steps and seems to have corrected the issue. As previous poster said, must have come from a torrent, prob need to avoid these for quiet a while now as a result!
if the repair guys saved your outlook.pst & archive.pst files you can import the emails into your new outlook file.
1. find out where the repair guy saved your old outlook.pst & archive.pst files
2. open outlook and choose import/export
3. select the option that says "import from another file or program"
4. select "personal folder file (.pst)"
5. browse to where the repair guy saved your old outlook.pst file and open.
6. then choose the root folder (mailbox) to import to.
it will start importing all your old emails.
repeat the same steps to import all your archived emails but select "archive.pst" instead of "outlook.pst".
once everything is back restored run the archiver in outlook to move any old emails into a new archive folder.
just got rid of mine on win7 home premium by starting in safe mode with networking,updated my avg anti virus and ran full scan,avg found it and killed it.
rkill.exe is brilliant for other types of virus also, try www.bleepingcomputer.com for all fixes went on last year because i got that antivirus program which is a very damaging virus and this site guided me step by step to get rid of it.
got my garda one on a torrent site also so watch out and update any antivirus software you have.
Had a last shot at it and got rid of it, by doing the following.
CTRL+ALT+Del immediatly on start
End task Explorer
Went into msconfig via task manager and found an item had reticked itself and it looked as follows.
Started command prompt from task manager and deleted wgsdgsdgdsgsd.exe
On restart I appear to be free of it but I'm still going to wipe and reinstall. Hope this helps someone.
This might sound like a weird request but is it possible to get a copy of the files/code of the virus without wrecking my comp by vistiting porn/torrent sites unprotected to find it.
Would love to throw it into a virtualbox environment and dissect it
Newest version of the virus locks down the computer in Safe Mode as well...only way is to make a bootable USB or CD/DVD from either Kaspersky (v good) or AVG site, This virus can come from reputable sites which have been hijacked but I find that once this Garda Virus is cleared I usually find lots of other spyware etc on the infected computers and laptops, if the owner is used to looking up "alternative sites" or using torrents etc then there will always be other spyware etc to be removed. Run command was also disabled in Safe Mode with this new strain of the Virus.. tough one(-;
Right so,a relative arrived down earlier with the garda virus on it and some sort of "Fix it" sheet he printed off the internet and said "here fix that" and off he toddled.
Anywhy had a look at it and its the garda virus alright.Had a look at the "fix it" and basically its saying start it up in safe mode and go into registry and remove a series of files associated with the virus.
Now I don't exactely feel too comfortable with going into the registry and messing about with it so I tried the avg fix first.
Made the usb boot,started it up and got this error
smartctl reports some problems with disk
Moving on from the that,within the scan section the hard drive doesn't in the volumes or directory menus only the usb drive does.(although appear in the scan boot sector section)
I should mention its also a company laptop(although its pretty old and on its last legs anyway) but even when I go into the Bios to make a change to the boot order I need a password,so maybe there's some sort of confliction there.
Anyway I haven't tried the msconfig and deleting the russian font yet so I guess thats the next option
I cleared a laptop this week. The avg usb rescue worked for me. Then I ran malwarebytes then I found icons and menus all gone.
I did a restore to repair them from a december restore point.