Stubborn Garda virus

You could try downloading the Kaspersky rescue disk (If you have another PC spare ofcourse)

https://support.kaspersky.com/4162

Burn it to a CD/DVD and then boot your computer from it (usually F12 as the PC is booting up)

You can then run a scan.

got this last night, AVG spotted it but didnt remove it.

temp fix worked for me here

reboot.
F8 on boot to enter safemode
open msconfig and click startup
unselect the russian font name program (you'll know it when you see it, it was at the very end of the list)

I've just updated AVG and running a full scan again to see if i can get rid of it while it's been disabled

degrassinoel wrote: »

got this last night, AVG spotted it but didnt remove it.

temp fix worked for me here

reboot.
F8 on boot to enter safemode
open msconfig and click startup
unselect the russian font name program (you'll know it when you see it, it was at the very end of the list)

This worked recently for me also.

Gekko wrote: »

Thanks for all replies. I forgot to say I tried opening msconfig a swell from the C Prompt in safe mode but it wouldn't work.

I'll try and create a bootable USB and then use AVG

The AVG software sets your USB key up as a bootable drive automatically....magic

Well im just about to have a crack at this nasty piece of work.

Hope they have a good stock of coffe in the press for me

Gekko wrote: »

Good luck, had no joy so had to take it to local computer repair place.

They couldn't sort it either so they're doing a complete recovery of the laptop :-(

I'll be €80 poorer as a result

Sorry to hear that man:mad:

Took me 2 hours but i managed to get it off the pc by using mbam in safe mode after stoping all procceses to do with the malware.


Not meaning to be bad but if they couldnt sort the virus out there is no way i would let them do any kind of reinstall.

Really impressive bit of software cant help but tip my cap to the creator.

Wow this thing is nasty I have to say I'm impressed.

Old XP machine.
Web page pops up shortly after boot you don't have to click anything.
The web page cannot be escaped with "Ctrl+alt+del" "Alt+f4" "Win+R" or anything like that.
Will not allow me to boot into safe mode with command prompt my computer just hangs and restarts.
Allows me to boot into "safe mode" or "safe mode with networking" but gives me the web page almost straight away still.
I have system restore switched off as my SSD drive is small enough as is.
On boot managed to get up task manager quick and kill "explorer" which stops it dead, first tried the regedit fix I found online. This version does not change the reg like the fix said so no joy.
Then got into msconfig from their with task manager and switched off everything in start tab as switching off just the suspicious ones did nothing.
The Damm thing is still their when I boot up again only now with nothing else to load on boot it gets the web page up so fast I don't have time to get up task manager and kill explorer anymore. :P

Round of applause for this evil thing.
Anyway in temp accomadation right now so no access to reinstall CD and usb cd drive (its a web book). Will get access to them this weekend so wipe reinstall. Can get my files off with bootable Linux key. So I will live but just wanted to point out this thing got nasty with age so some of the old fixes will not work anymore.

Ps got it from a torrent site. Went to site, download torrent, no exe involved and the torrent file was passed straight to bittorrent. (Was a song not porn in case your wondering, who even torrents porn?) Have Microsoft security essentials installed but was not really serious about security on my web book not enough resources on them to be wasting on Anti-virus and Anti-Malware.

Gekko wrote: »

To make it worse I have lost a lot of MS Outlook emails despite the guy at the repair centre telling me he'd be able to save all my data...

if the repair guys saved your outlook.pst & archive.pst files you can import the emails into your new outlook file.

1. find out where the repair guy saved your old outlook.pst & archive.pst files
2. open outlook and choose import/export
3. select the option that says "import from another file or program"
4. select "personal folder file (.pst)"
5. browse to where the repair guy saved your old outlook.pst file and open.
6. then choose the root folder (mailbox) to import to.

it will start importing all your old emails.

repeat the same steps to import all your archived emails but select "archive.pst" instead of "outlook.pst".

once everything is back restored run the archiver in outlook to move any old emails into a new archive folder.

Had a last shot at it and got rid of it, by doing the following.

CTRL+ALT+Del immediatly on start
End task Explorer
Went into msconfig via task manager and found an item had reticked itself and it looked as follows.
runctf C:\windows\system32\rundll32.exeC:\DOCUME~1\Admin\wgsdgsdgdsgsd.exe,H1N1
Started command prompt from task manager and deleted wgsdgsdgdsgsd.exe

On restart I appear to be free of it but I'm still going to wipe and reinstall. Hope this helps someone.

Newest version of the virus locks down the computer in Safe Mode as well...only way is to make a bootable USB or CD/DVD from either Kaspersky (v good) or AVG site, This virus can come from reputable sites which have been hijacked but I find that once this Garda Virus is cleared I usually find lots of other spyware etc on the infected computers and laptops, if the owner is used to looking up "alternative sites" or using torrents etc then there will always be other spyware etc to be removed. Run command was also disabled in Safe Mode with this new strain of the Virus.. tough one(-;