Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
18-01-2013, 19:32   #16
newmug
Registered User
 
Join Date: Sep 2010
Posts: 2,694
I have this stupid virus too. But now whenever windows starts, the screen goes white. And whenever I start it in safe mode, it just shuts itself down automatically.

Of the suggestions above, could somebody please give a step-by-step version of what buttons to press and what exactly to click? I'm not tech savvy, and saying something like "open MSconfig" means nothing to me. How do you open MSconfig? I'd really, really appreciate it.
newmug is offline  
Advertisement
19-01-2013, 07:58   #17
nizarol
Registered User
 
Join Date: Nov 2009
Posts: 22
just got rid of this using ye're help so thanks guys. A very clever but nasty bug.
opened in safe mode
in search box type run enter
when run box opens type msconfig enter
when window opens select start tab
scroll down til until you see an option written in Russian (sample, образец)
un-tick this option
open internet and go to malware site identified above in other posts, download, run and 3hrs later when run is complete it is gone
nizarol is offline  
Thanks from:
20-01-2013, 15:21   #18
newmug
Registered User
 
Join Date: Sep 2010
Posts: 2,694
Quote:
Originally Posted by nizarol View Post
just got rid of this using ye're help so thanks guys. A very clever but nasty bug.
opened in safe mode
in search box type run enter
when run box opens type msconfig enter
when window opens select start tab
scroll down til until you see an option written in Russian (sample, образец)
un-tick this option
open internet and go to malware site identified above in other posts, download, run and 3hrs later when run is complete it is gone

Right!

1) How do you start a computer in safe mode? The only way I can do it is by taking out the battery and forcing a shutdown, and the the next time I start it, it gives me a safe mode option. But other than that, how do you do it?

2) I managed to start in "safe mode with command prompt", using method above. The old MS Dos type screen came up. On this screen, I typed in "msconfig", and I got a window with various menus, one of which was called "start". I went through it, there are boxes to check and uncheck alright, but no russian writing. I went through all the menus and sub-menus, no russian anywhere.

3) Using another PC, I downloaded that AVL CD rescue in the link above. It took about 8 hours. I put the USB stick into my laptop, booted from it, and another ms dos looking window came up, with various options, eg scan, view scan results etc. I highlighted the top one, "run scan", and pressed enter. It ran a scan, took about an hour, and it found 1 trojan horse. More options were presented, the one I chose was called something like "heal issue". It did its job, and I chose "shutdown system". The I started the laptop up as normal, but no difference. It still goes to a white screen after the screen asking for your password.


What should I do?
newmug is offline  
20-01-2013, 15:47   #19
RealExpert
Registered User
 
Join Date: Mar 2012
Location: The Posh part of Co Galway
Posts: 114
"Santa" brought my daughter a laptop (Toshiba)this christmas and before dinner on christmas day she got this nasty annoying virus (the garda one)that was looking for money to get rid of it.I know a bit about computers but I couldnt get rid of it actually I couldnt get past the screen that pops up.Now bear in mind this laptop was only in use for probably 10 hours and mcafee security software did not catch it.There were only two sites visited on it one was facebook and the other was a radio communications related site but what i did notice is that on both sites there was a banner selling T-shirts I didnt click the banner but she could have eventhough she said she didnt thats the only place it could have come from I think.
Anyway I done a complete factory reset of the computer with the
HDD Recovery system phew we were all delighted when it started up fine again
RealExpert is offline  
20-01-2013, 15:49   #20
mp22
Moderator
 
Join Date: Nov 2008
Location: west cork
Posts: 5,159
1) press the power on button, then tap F8

2) there probably will not be Russian per say but there will be a start programme with a name made up of numbers and letters (it will not be a word)

3)Superanti spyware or maywarebyts is they only software I know that will help.

If you can get into safe mode try the following http://www.howtogeek.com/howto/windo...windows-vista/ restart(in safe mode) and you will have a clean acc to work with.Dont forget to hide the admin acc when you are done.
mp22 is online now  
Thanks from:
Advertisement
20-01-2013, 16:29   #21
newmug
Registered User
 
Join Date: Sep 2010
Posts: 2,694
Finally cracked it!

I did a system restore from a week ago, while in safe mode. Now everything is completely back to normal, and the machine seems way faster! Wayhey! Thanks everybody.
newmug is offline  
25-01-2013, 09:53   #22
Vulture
Registered User
 
Vulture's Avatar
 
Join Date: Jun 2002
Location: In the daily grind
Posts: 314
Wow this thing is nasty I have to say I'm impressed.

Old XP machine.
Web page pops up shortly after boot you don't have to click anything.
The web page cannot be escaped with "Ctrl+alt+del" "Alt+f4" "Win+R" or anything like that.
Will not allow me to boot into safe mode with command prompt my computer just hangs and restarts.
Allows me to boot into "safe mode" or "safe mode with networking" but gives me the web page almost straight away still.
I have system restore switched off as my SSD drive is small enough as is.
On boot managed to get up task manager quick and kill "explorer" which stops it dead, first tried the regedit fix I found online. This version does not change the reg like the fix said so no joy.
Then got into msconfig from their with task manager and switched off everything in start tab as switching off just the suspicious ones did nothing.
The Damm thing is still their when I boot up again only now with nothing else to load on boot it gets the web page up so fast I don't have time to get up task manager and kill explorer anymore.

Round of applause for this evil thing.
Anyway in temp accomadation right now so no access to reinstall CD and usb cd drive (its a web book). Will get access to them this weekend so wipe reinstall. Can get my files off with bootable Linux key. So I will live but just wanted to point out this thing got nasty with age so some of the old fixes will not work anymore.

Ps got it from a torrent site. Went to site, download torrent, no exe involved and the torrent file was passed straight to bittorrent. (Was a song not porn in case your wondering, who even torrents porn?) Have Microsoft security essentials installed but was not really serious about security on my web book not enough resources on them to be wasting on Anti-virus and Anti-Malware.
Vulture is offline  
25-01-2013, 17:50   #23
Qwerty27
Registered User
 
Join Date: Jul 2007
Posts: 358
I used this link and te steps set out: http://malwaretips.com/blogs/an-garda-siochana-virus/

Had to restore windows in safe state and then run malware virus checker. Im not very pc savvy but was able to follow all steps and seems to have corrected the issue. As previous poster said, must have come from a torrent, prob need to avoid these for quiet a while now as a result!
Qwerty27 is offline  
26-01-2013, 10:43   #24
Freddy Smelly
Registered User
 
Join Date: Oct 2012
Posts: 978
Quote:
Originally Posted by Gekko View Post

To make it worse I have lost a lot of MS Outlook emails despite the guy at the repair centre telling me he'd be able to save all my data...
if the repair guys saved your outlook.pst & archive.pst files you can import the emails into your new outlook file.

1. find out where the repair guy saved your old outlook.pst & archive.pst files
2. open outlook and choose import/export
3. select the option that says "import from another file or program"
4. select "personal folder file (.pst)"
5. browse to where the repair guy saved your old outlook.pst file and open.
6. then choose the root folder (mailbox) to import to.

it will start importing all your old emails.

repeat the same steps to import all your archived emails but select "archive.pst" instead of "outlook.pst".

once everything is back restored run the archiver in outlook to move any old emails into a new archive folder.
Freddy Smelly is offline  
Advertisement
26-01-2013, 13:53   #25
daveob007
Registered User
 
Join Date: Jan 2009
Location: kerry
Posts: 845
just got rid of mine on win7 home premium by starting in safe mode with networking,updated my avg anti virus and ran full scan,avg found it and killed it.
rkill.exe is brilliant for other types of virus also, try www.bleepingcomputer.com for all fixes went on last year because i got that antivirus program which is a very damaging virus and this site guided me step by step to get rid of it.
got my garda one on a torrent site also so watch out and update any antivirus software you have.
daveob007 is offline  
26-01-2013, 14:49   #26
Vulture
Registered User
 
Vulture's Avatar
 
Join Date: Jun 2002
Location: In the daily grind
Posts: 314
Had a last shot at it and got rid of it, by doing the following.

CTRL+ALT+Del immediatly on start
End task Explorer
Went into msconfig via task manager and found an item had reticked itself and it looked as follows.
runctf C:\windows\system32\rundll32.exeC:\DOCUME~1\Admin\wgsdgsdgdsgsd.exe,H1N1
Started command prompt from task manager and deleted wgsdgsdgdsgsd.exe

On restart I appear to be free of it but I'm still going to wipe and reinstall. Hope this helps someone.
Vulture is offline  
28-01-2013, 21:52   #27
Sparks43
Registered User
 
Join Date: Jul 2008
Posts: 3,345
This might sound like a weird request but is it possible to get a copy of the files/code of the virus without wrecking my comp by vistiting porn/torrent sites unprotected to find it.

Would love to throw it into a virtualbox environment and dissect it
Sparks43 is offline  
28-01-2013, 22:38   #28
HelpWithIT
Registered User
 
Join Date: Apr 2011
Location: dublin
Posts: 270
Newest version of the virus locks down the computer in Safe Mode as well...only way is to make a bootable USB or CD/DVD from either Kaspersky (v good) or AVG site, This virus can come from reputable sites which have been hijacked but I find that once this Garda Virus is cleared I usually find lots of other spyware etc on the infected computers and laptops, if the owner is used to looking up "alternative sites" or using torrents etc then there will always be other spyware etc to be removed. Run command was also disabled in Safe Mode with this new strain of the Virus.. tough one(-;
HelpWithIT is offline  
01-02-2013, 22:15   #29
johnjameson
Registered User
 
Join Date: Oct 2012
Posts: 3
Right so,a relative arrived down earlier with the garda virus on it and some sort of "Fix it" sheet he printed off the internet and said "here fix that" and off he toddled.
Anywhy had a look at it and its the garda virus alright.Had a look at the "fix it" and basically its saying start it up in safe mode and go into registry and remove a series of files associated with the virus.
Now I don't exactely feel too comfortable with going into the registry and messing about with it so I tried the avg fix first.
Made the usb boot,started it up and got this error

smartctl reports some problems with disk
-UTILITIES_SMARTCTL_ERROR

Moving on from the that,within the scan section the hard drive doesn't in the volumes or directory menus only the usb drive does.(although appear in the scan boot sector section)
I should mention its also a company laptop(although its pretty old and on its last legs anyway) but even when I go into the Bios to make a change to the boot order I need a password,so maybe there's some sort of confliction there.

Anyway I haven't tried the msconfig and deleting the russian font yet so I guess thats the next option
johnjameson is offline  
01-02-2013, 22:34   #30
superscouse
Superscouse unLTD
 
superscouse's Avatar
 
Join Date: Mar 2006
Posts: 3,109
Quote:
Originally Posted by johnjameson View Post
Right so,a relative arrived down earlier with the garda virus on it and some sort of "Fix it" sheet he printed off the internet and said "here fix that" and off he toddled.
Anywhy had a look at it and its the garda virus alright.Had a look at the "fix it" and basically its saying start it up in safe mode and go into registry and remove a series of files associated with the virus.
Now I don't exactely feel too comfortable with going into the registry and messing about with it so I tried the avg fix first.
Made the usb boot,started it up and got this error

smartctl reports some problems with disk
-UTILITIES_SMARTCTL_ERROR

Moving on from the that,within the scan section the hard drive doesn't in the volumes or directory menus only the usb drive does.(although appear in the scan boot sector section)
I should mention its also a company laptop(although its pretty old and on its last legs anyway) but even when I go into the Bios to make a change to the boot order I need a password,so maybe there's some sort of confliction there.

Anyway I haven't tried the msconfig and deleting the russian font yet so I guess thats the next option
I cleared a laptop this week. The avg usb rescue worked for me. Then I ran malwarebytes then I found icons and menus all gone.

I did a restore to repair them from a december restore point.
superscouse is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet