Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Garda virus is killing me!!!

  • 03-06-2013 12:45am
    #1
    Registered Users, Registered Users 2 Posts: 21


    OK, so Ive got this bloody thing thats pissing me off. Done nearly everything that people have suggested on here,
    Safe mode, msconfig, startup tab......there is NO file or anything written in Russian for me to unclick. I can open the computer no problem on my wifes user a/c......looked for it there too, nothing. Ran the anti-malware program for 3 hours, it found 3 things, but I still get this bloody screen that locks me out. Where is it???

    PLEASE help guys.....thanks.


Comments

  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    On the wife's account install avast anti virus schedule a boot scan (you will need to uninstall your present anti virus),reboot the pc let the scan run, keep a eye on it.When it aske's what to do with problem files option 4 is the one to go with (move all to virus chest).


  • Registered Users, Registered Users 2 Posts: 21 superhotarrows


    Managed to update my malware anti-virus on her a/c and ran a full scan and it showed up the skype.dat file that others had found, deleted it and everything ok again tg!! Many, many thanks for taking the time out to reply to my problem!!


  • Registered Users, Registered Users 2 Posts: 21 superhotarrows


    Computer running slow now though, any ideas?


  • Registered Users, Registered Users 2 Posts: 7,020 ✭✭✭uch


    Download Spybot search and destroy, install do an update then do a full scan & Clean, then download something like ccleaner and cleanup your registry, should help hopefully

    21/25



  • Registered Users, Registered Users 2 Posts: 1 kingrex


    As a general rule I use a seperate account that I log onto if I'm internet browsing and I've twice been infected with this virus. All I've had to do then is log on to my general account, copy over any files I need from the infected account and then delete the affected account completely.Then I open a new internet account. Painless.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 562 ✭✭✭artvandelay48


    Did you definitely disable the msconfig startup task? My problem startup task was called msconfig and not something Russian. It called a windows exe that used a .dat file in the application data dir for all users that was called something like db0997.dat.


  • Moderators, Regional Midwest Moderators Posts: 11,183 Mod ✭✭✭✭MarkR


    Happened to a guys mates computer in work, I had a look at it. Very pervasive! I was able to run msconfig, stopped all additional applications from running. That stopped the virus screen from loading. After that, i'd recommend deleting all system restore points and running full scans until it's gone.


  • Registered Users, Registered Users 2 Posts: 616 ✭✭✭2pack


    i cant get rid of this and my pc is locked and shuts down in safemode, i tried most of the stuff here mentioned but damn thing wont go


  • Registered Users, Registered Users 2 Posts: 5 fixmypc.ie


    Try booting into safe mode with command prompt option, at command prompt type "explorer" to initiate GUI. Uncheck anything dodgy in the start up (you can use ccleaner software to have a look what is in the startup) or simply Start>Run>msconfig.

    PLEASE DO NOT ATTEMPT THIS IF YOU ARE NOT SURE WHAT YOU ARE DOING.

    I have successfully removed garda virus using malwarebytes, it can be tricky how to run or install malwarebytes on infected machine. I have used the above option, and then installed malwarebytes from external media and it worked!

    Do let me know if need help! :)


  • Registered Users, Registered Users 2 Posts: 81 ✭✭liptonvillag


    Download Free Malwarebytes Anti-Malware 1.74. Worked a Gem. Had to start PC in Safe Mode with Networking. Tried Avast, AVG and several other supposedly free Virus protection. Malwarebytes came up trumps for me.


  • Advertisement
  • Banned (with Prison Access) Posts: 7,102 ✭✭✭Stinicker


    Boot in under safe mode, run a search for *.exe, the last installed *.exe file by date will probably be the virus, delete that and proceed from there. Try using Malwarebytes first but if that fails try the above method. There is several different versions of this with varying degrees of difficulty in removing.


  • Registered Users, Registered Users 2 Posts: 6,766 ✭✭✭RossieMan


    really starting to see a lot of this lately, why hasn't it been stopped yet?


  • Registered Users, Registered Users 2 Posts: 8,066 ✭✭✭youcancallmeal


    Download Free Malwarebytes Anti-Malware 1.74. Worked a Gem. Had to start PC in Safe Mode with Networking. Tried Avast, AVG and several other supposedly free Virus protection. Malwarebytes came up trumps for me.

    Yep this did the trick for me too.
    I see it has made the news now too


  • Registered Users, Registered Users 2 Posts: 1,882 ✭✭✭johndoe99


    1.Start your computer in safe mode with command prompt.
    2. type rstrui.exe and then press ENTER
    3. Choose a restore point from before the Garda ransomware first appeared.
    4. When your PC restarts download Malwarebytes (Free Version), leave the update box ticked.

    Run a scan.


    If you have the latest version of the ransomware virus, which won't allow you to boot into Windows you'll need Hitman Pro (30 days free), it will allow you to make a bootable USB, that bypasses the ransomware and then runs a scan to remove it.

    http://www.surfright.nl/en


  • Registered Users, Registered Users 2 Posts: 81 ✭✭liptonvillag


    Yep this did the trick for me too.
    I see it has made the news now too

    Glad to hear it worked for you. Interesting article. Annoys people got scammed. I would have thrown the lap top in the bin rather then pay it even it was going to be unlocked. Hopefully it raises awareness.

    take it easy


  • Registered Users, Registered Users 2 Posts: 18,067 ✭✭✭✭fryup


    i got the feckin thing on saturday (frighten the life out of me...till i saw they were looking for money then it clicked)

    so i did a safe mode > system restore

    then did a spybot scan and it came back with...fraud-hotspot-shield is this whats behind the garda scam??

    Well i removed it, but now i can't use mobile bb ??


  • Registered Users, Registered Users 2 Posts: 6,766 ✭✭✭RossieMan


    fryup wrote: »
    i got the feckin thing on saturday (frighten the life out of me...till i saw they were looking for money then it clicked)

    so i did a safe mode > system restore

    then did a spybot scan and it came back with...fraud-hotspot-shield is this whats behind the garda scam??

    Well i removed it, but now i can't use mobile bb ??


    i've seen it 10+ times and its always been a file called Skype.dat somewhere in your files.

    Not seen it done with a system restore before.

    Safe mode, run malwarebytes, reboot.
    That's the way i'd recommend someone who doesn't have access to an external caddy to do it.

    With your broadband issue, who knows what you've deleted. Maybe try a system restore to get it back and hope it works? then boot into safe mode, install malwarebytes, delete the file(probably skype.dat) and reboot.

    Then run a well known, trusted spyware to remove any leftovers.


  • Registered Users, Registered Users 2 Posts: 274 ✭✭wilddarts


    I got this Garda virus recently, about a week after my McAfee subscription ran out and I hadn't renewed unfortunately.

    It wouldn't allow Windows to start up in any mode, but I could access Toshiba's HDD Recovery option as well as other options that didn't work, the System Restore showed no previous dates that I could revert back to. Anyway I ran the HDD recovery option as I hadn't anything of critical importance on that laptop and wouldn't be familiar with the remedies posted here.

    To get the point, can anyone please tell me if my McAfee Subscription had been active (Antivirus Plus), would it have picked up this thing or do I need software that's better and probably more expensive to prevent it happening again??

    Thanks in advance for any replies.


  • Registered Users, Registered Users 2 Posts: 1,882 ✭✭✭johndoe99


    I've been hit a few times with that pesky Garda Ransomware, each time I've been Running AVG free edition. However a few days ago an AVG pop-up informed me that the Garda ransomware and been detected and quarantined. AVG must have finally created an update.


  • Registered Users, Registered Users 2 Posts: 18,067 ✭✭✭✭fryup


    where does this virus reside?? does it attach itself to a download? i did come across a hacked website last week was it then that i got it??


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Hard to say for sure, but I'd imagine it uses exploits in javascript or java to get in. Of course, anything you download is a potential entry point, eg: torrents etc.

    wildarts, not many AV's stop, pickup or remove this virus. mcafee isn't very good in the first place though. Check out Avast, its free and excellent, and malwarebytes, and a good browser like chrome


  • Registered Users, Registered Users 2 Posts: 6,766 ✭✭✭RossieMan


    fryup wrote: »
    where does this virus reside?? does it attach itself to a download? i did come across a hacked website last week was it then that i got it??

    never seen the cause of it as i've not had it myself.

    and to answer the question bout Mcafee, it still gets it.
    Nearly all computers i've seen have had anti-virus and it hasn't made a bit of difference. It does seem that most are now releasing updates for it, however.


  • Registered Users, Registered Users 2 Posts: 18,067 ✭✭✭✭fryup


    jsa112 wrote: »
    Hard to say for sure, but I'd imagine it uses exploits in javascript or java to get in.

    websites with live webcams??


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah you are taking a big chance with anything like that, especially if its a pr0n/chatroulette type thing. If it asks you to install programs/toolbars then you are going to get the pc infected.

    if you are suspicious of links you scan them/find out more info with these extensions

    http://www.freedrweb.com/linkchecker/
    https://www.mywot.com/
    http://www.siteadvisor.com/


  • Registered Users, Registered Users 2 Posts: 434 ✭✭TheBoffin


    Hi,

    I have wrote an article on this issue (at least I think its the same issue) - http://social.technet.microsoft.com/wiki/contents/articles/17375.work-around-for-ransomwaremoneypack-issue.aspx


  • Registered Users, Registered Users 2 Posts: 6,766 ✭✭✭RossieMan


    TheBoffin wrote: »
    Hi,

    I have wrote an article on this issue (at least I think its the same issue) - http://social.technet.microsoft.com/wiki/contents/articles/17375.work-around-for-ransomwaremoneypack-issue.aspx

    that's an awful lot of work, when there is much easier ways to get rid of it.


Advertisement