Garda Virus

Sir Osis of Liver.

I accidentally clicked on an ad earlier and something similar to this popped up
<snip>
It was accusing me of all sorts.
It had a picture of a garda car,a tricolour and the president.
Much as I struggled I couldn't get it to fcuk off my screen.
I manually shut it down and ran an antivirus.
Anyone ever come across this?
(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)
What in the name of Michael D"s little hairy arse is going on?

Fr_Dougal

It's known malware, delete the link before others click on it.

PizzamanIRL

Heard of something similar before.

How to remove it http://stephensheil.com/GardaBlog.html

Br4tPr1nc3

burn it with fire!
they're onto you!

Banjo String

Happy year new ya drunken claim.

lostdisk

You get in Coppers off nurses?

Is it an itch or a scratch?

PirateShampoo

Did it ask you to buy a Anti virus?

Karl Stein

Stop hurting children.

The One Who Knocks

Ugh that was one of the worst I had to deal with before, nothing worked..eventually had to make a kaspersky recovery disk, then boot into safemode and do a full system scan.. managed to get it in the end though!

Edit: Malwarebytes was the only one that detected it in the end,..don't bother with a system restore, just go straight for the recovery disk and then boot into safe and install malwarebytes.

LETHAL LADY

I'm scared, he had his USB stick in one of my ports tonight, I may be infected.

Professey Chin

Some bastard of malware
No Cryptolocker but still a bastard :pac:

Sir Osis of Liver.

PirateShampoo wrote: »

Did it ask you to buy a Anti virus?

No,I just shut my laptop down and ran my own Anti-virus.
Havent seen it since.

Mint Aero

It's the millennium bug! Eh....14 years late that is.

BofaDeezNuhtz

Sir Osis of Liver. wrote: »

(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)

Just pmsl

deblacker

Jaysus someone's gonna be glad to see the back off 2014 anyway

Jester252

Had something similar happen to me, except it was all in bad Irish. Gave my housemate a right laught when he translated it. Now I'm known as horse porn to that group of mates.

ted1

Fr_Dougal wrote: »

It's known malware, delete the link before others click on it.

This virus is actual known as ransomware.

Generally got from looking at dodgy porn sites. Advice stricken to reputable sites like redtube

FanadMan

search the Virus & Malware Removal threads here http://www.boards.ie/vbulletin/forumdisplay.php?f=1009 and you'll find that loads of people got it. Been on the go for a couple of years.

OneArt

Haha. I got the German version of that. Big picture of Angela Merkel and all.

eigrod

Sir Osis of Liver. wrote: »

I accidentally clicked on an ad earlier and something similar to this popped up
<snip>
It was accusing me of all sorts.
It had a picture of a garda car,a tricolour and the president.
Much as I struggled I couldn't get it to fcuk off my screen.
I manually shut it down and ran an antivirus.
Anyone ever come across this?
(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)
What in the name of Michael D"s little hairy arse is going on?

This happened me too last night. All sorts of FBI warnings Wasn't sure if I had clicked on an ad or not but it definitely happened from a boards.ie page. Were you on boards.ie when it happened?

Sir Osis of Liver.

eigrod wrote: »

This happened me too last night. All sorts of FBI warnings Wasn't sure if I had clicked on an ad or not but it definitely happened from a boards.ie page. Were you on boards.ie when it happened?

Yes,I was browsing the satellite forum when it just flashed up.
Like you,I wasn't entirely sure if I clicked on anything.

Benteke

Stay of the porn sites

biko

PM me your bank details and I'll have an Indian fellow from Microsoft ring you to sort your computer out.

bigpink

Got this also and and now a thong bout bad image.exe coming up what should I do

FanadMan

bigpink wrote: »

Got this also and and now a thong bout bad image.exe coming up what should I do

FanadMan wrote: »

search the Virus & Malware Removal threads here http://www.boards.ie/vbulletin/forumdisplay.php?f=1009 and you'll find that loads of people got it. Been on the go for a couple of years.

This is After Hours! You've been here for a while so I sure that you should know that this isn't the place for proper answers. Unless you want to hear

"Sure just send me your credit card details and we'll get rid of it for ya!"

As I posted earlier/above - go to the Virus & Malware Removal threads and get real help. All you are gonna get here is people taking the p!ss

huddledDuke12

This happened to me 2 years ago. It's a form of ransom-ware that hijacks your computer by locking you out of it until you pay a "fine:rolleyes:". Based on the location of the computer, it usually uses the local law enforcement logo (in this case, the official Garda logo) to make it seem legit. Similarly, if the computer is based in Los Angeles, the LAPD logo will be used. DO NOT TRUST IT AND ABOVE ALL, DO NOT GIVE OUT ANY BANK INFORMATION!

The picture at the below address shows the virus in action:

http://www.anvisoft.com/static/team/2012/0726/13432849063344.png

Anyway, I hope this helps.

Sir Osis of Liver.

bigpink wrote: »

Got this also and and now a thong bout bad image.exe coming up what should I do

But I wasn't looking at bad thong images,in fact no porn whatsoever.

NuckingFacker

I got one earlier - The lockout virus - "your pc will lock in 5 days time unless you pay €300"...fk off - safe mode, malwarebites, chamaeleon1 -run scan. Bite me.

Deliverance XXV

Cryptolocker is one that's doing the rounds at the moment where your AntiVirus or MBAM won't help you (once it announces itself). It lies in the background and encrypts anything that meets its criteria (images, movies, docs, etc.) It gives you X amount of time to pay money before it destroys the key needed to decrypt your data. It also copies itself to removable media/network shares, etc.

Security software company Symantec this month named Cryptolocker the “Menace of the Year”.

Bitdefender logged over 12,000 victims in a week last month.

For anyone who hasn’t been paying attention, Cryptolocker is a variant of ransomware that unlike its predecessors does not work by locking a computer. Instead, it encrypts all data and demands a ransom in Bitcoins for the user to regain access.

It is usually distributed as an executable attachment disguised as a Zipped document and presented as an invoice or report or similar via a spam campaign.

All of that would be frightening enough for individual users, but Cryptolocker more than most trojans is a threat to businesses too. that's because it not only attacks data on the PC on which the executable was opened, but also on devices and drives connected to that PC.

Sir Arthur Daley

Would antibiotics work on this virus?

Lennyzip

Sir Osis of Liver. wrote: »

I accidentally clicked on an ad earlier and something similar to this popped up
<snip>
It was accusing me of all sorts.
It had a picture of a garda car,a tricolour and the president.
Much as I struggled I couldn't get it to fcuk off my screen.
I manually shut it down and ran an antivirus.
Anyone ever come across this?
(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)
What in the name of Michael D"s little hairy arse is going on?

Accidentally clicked on it ....not been funny but people should be a lot more aware of these types of malicious malware viruses . However it keeps me in work with the publics general lack of PC care . So proceed :-)

Diageio_Man

WikiHow wrote: »

Would antibiotics work on this virus?

antibiotics dont work on viruses, so doubt they'll work on a computer :rolleyes:

NuckingFacker

Deliverance XXV wrote: »

Cryptolocker is one that's doing the rounds at the moment where your AntiVirus or MBAM won't help you (once it announces itself). It lies in the background and encrypts anything that meets its criteria (images, movies, docs, etc.) It gives you X amount of time to pay money before it destroys the key needed to decrypt your data. It also copies itself to removable media/network shares, etc.

That's what I was referring to. It arrived chez Facker uninvited. Malwarebites running chamaeleon 1 in safe mode will deal with.

anotherposter

Sir Osis of Liver. wrote: »

I accidentally clicked on an ad earlier and something similar to this popped up
<snip>
It was accusing me of all sorts.
It had a picture of a garda car,a tricolour and the president.
Much as I struggled I couldn't get it to fcuk off my screen.
I manually shut it down and ran an antivirus.
Anyone ever come across this?
(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)
What in the name of Michael D"s little hairy arse is going on?

garda virus comes from porn sites mostly. they only real way to get rid of it is boot into safe mode and run the removal tool or wipe the c drive and reinstall windows

dr strangelove

Was it the Blue Flu?

anotherposter

dr strangelove wrote: »

Was it the Blue Flu?

no he got it from going to the blue oyster bar

lazybones32

Sir Osis of Liver. wrote: »

I accidentally clicked on an ad earlier and something similar to this popped up
<snip>
It was accusing me of all sorts.
It had a picture of a garda car,a tricolour and the president.
Much as I struggled I couldn't get it to fcuk off my screen.
I manually shut it down and ran an antivirus.
Anyone ever come across this?
(Im generally law abiding apart from my car tax being a month out of date and being a bit pissed over Christmas)
What in the name of Michael D"s little hairy arse is going on?

This is a worldwide scam - originating from Russian territory - and has become known as the "police trojan". It says your PC has been used for illegal activity and will be frozen unless you pay 100 euro. (BS of course)

Here is the Gardai's web response to it...more than a few citizens have been affected
http://www.garda.ie/Controller.aspx?Page=9445

The Backwards Man

What sites do people be on to get this virus? I must live a very sheltered life. .

Ciderswigger

The Backwards Man wrote: »

What sites do people be on to get this virus? I must live a very sheltered life. .

Look at you, pretending to be all innocent. :-D

The Backwards Man

Ciderswigger wrote: »

Look at you, pretending to be all innocent. :-D

I am innocent! If it's not on boards, Donedeal, or eBay then I'm lost.

Potential-Monke

The Backwards Man wrote: »

I am innocent! If it's not on boards, Donedeal, or eBay then I'm lost.

I've heard most viruses come from Religious websites. Can't verify that, but paid porn sites wouldn't have that many (as they need repeat custom). Emphasis on the paid, not the free sites with links to videos on the paid sites after 6-10 redirects!

You'd think someone would have invented something like AdBlock for redirects?!

FanadMan

lazybones32 wrote: »

This is a worldwide scam - originating from Russian territory - and has become known as the "police trojan". It says your PC has been used for illegal activity and will be frozen unless you pay 100 euro. (BS of course)

Here is the Gardai's web response to it...more than a few citizens have been affected
http://www.garda.ie/Controller.aspx?Page=9445

Have never seen that page before and have researched/removed that crap from dozens of computers.

Is a good one to bookmark to show to very worried customers lol

B.A._Baracus

Just got the page myself.
Been reading about this fake garda virus for the last few minutes and people talk about getting totally locked out of their computer, having to restart in safe-mode, etc.

I just used the task manger to close firefox. Running a scan now with avg. I guess I am one of the lucky ones? :P

safetyboy

B.A._Baracus wrote: »

Just got the page myself.
Been reading about this fake garda virus for the last few minutes and people talk about getting totally locked out of their computer, having to restart in safe-mode, etc.

I just used the task manger to close firefox. Running a scan now with avg. I guess I am one of the lucky ones? :P

AVG more than likely wont recognize it, Malwarebytes in safemode and be prepared to be shocked with what it will find.

major bill

Malwarebytes is the best for picking it up and deleting it...I'd recommend running a C-Cleaner straight after aswell (Download from the net)

There's a new virus which has been causing problems in the corporate world since september...it's set to target domestic machines/laptops this year....It's called Cryptolocker. It's usually sent via an email pretending to be from a bank or other public service, the email looks legit but if unsure do not open any attachments as this is how the virus gets on the machine, when on the machine you have little time to stop it before it encrypts your files, once this happens a message will pop up on the screen saying you have 72 hours to pay 300 euro or your files will be lost. at this point all anti viruses are useless.

Very clever virus!!!

Goodluck

Santa Cruz

major bill wrote: »

Malwarebytes is the best for picking it up and deleting it...I'd recommend running a C-Cleaner straight after aswell (Download from the net)

There's a new virus which has been causing problems in the corporate world since september...it's set to target domestic machines/laptops this year....It's called Cryptolocker. It's usually sent via an email pretending to be from a bank or other public service, the email looks legit but if unsure do not open any attachments as this is how the virus gets on the machine, when on the machine you have little time to stop it before it encrypts your files, once this happens a message will pop up on the screen saying you have 72 hours to pay 300 euro or your files will be lost. at this point all anti viruses are useless.

Very clever virus!!!

Goodluck

Whatever about the above advice the Cilit Bang was useless

The_Valeyard

To ensure success use Malwarebytes in win safe mode. Couple of other programs you should download such TDSSKILLER and Combofix

Stavros Murphy

major bill wrote: »

Malwarebytes is the best for picking it up and deleting it...I'd recommend running a C-Cleaner straight after aswell (Download from the net)

There's a new virus which has been causing problems in the corporate world since september...it's set to target domestic machines/laptops this year....It's called Cryptolocker. It's usually sent via an email pretending to be from a bank or other public service, the email looks legit but if unsure do not open any attachments as this is how the virus gets on the machine, when on the machine you have little time to stop it before it encrypts your files, once this happens a message will pop up on the screen saying you have 72 hours to pay 300 euro or your files will be lost. at this point all anti viruses are useless.

Very clever virus!!!

Goodluck

Wull, I got cryptolocker-ised. I shut er darn, fired the engine in safe mode, ran malwarebytes(fresh updated) and cccleaner, changed the oil, cleaned the carbs and she fired up good as new.

Fred Swanson

This post has been deleted.

weiland79

I too got this last year. Fecking thing took a picture of me sitting on my couch ****praying and displayed it on my screen with the Garda letter. Accused me of watching known child abuse sites.
I won't lie to you. frighted the sheeite out of me.

Stavros Murphy

weiland79 wrote: »

I too got this last year. Fecking thing took a picture of me sitting on my couch ****praying and displayed it on my screen with the Garda letter. Accused me of watching known child abuse sites.
I won't lie to you. frighted the sheeite out of me.

All sunni now?