Stubborn Garda virus

Ashbourne hoop · 27-04-2013 11:27am

ASJ112 wrote: »

can you run this on the infected account

download and run combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I'll try and see if I can and I'll let you know how it goes. Cheers

Ashbourne hoop · 27-04-2013 11:41am

ASJ112 wrote: »

can you run this on the infected account

download and run combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Actually couldnt do that. Running avg on affected account now. Will that work do you know ?

ASJ112 · 27-04-2013 12:07pm

might do, post the avg log before you let it fix anything

also try this for combofix, rename it to "explorer.exe", does it run then ?

Ashbourne hoop · 27-04-2013 12:18pm

ASJ112 wrote: »

might do, post the avg log before you let it fix anything

also try this for combofix, rename it to "explorer.exe", does it run then ?

Ok it didn't work. Can't get onto Internet in safe mode on infected account to-download and run anything. Any ideas ?

fruitman · 27-04-2013 12:36pm

Got Norton anti virus on computer when bought, will this catch these virus?

Ashbourne hoop · 27-04-2013 12:40pm

fruitman wrote: »

Got Norton anti virus on computer when bought, will this catch these virus?

I have norton antivirus and still got it

fruitman · 27-04-2013 12:42pm

What would you put on aswell as norton to stop it?

Ashbourne hoop · 27-04-2013 1:07pm

ASJ112 wrote: »

can you run this on the infected account

download and run combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ran this. It's now offering me a sale items. Do I need to buy this ?

Ashbourne hoop · 27-04-2013 2:39pm

Ashbourne hoop wrote: »

Ran this. It's now offering me a sale items. Do I need to buy this ?

Got as far as PC stability level which is near the bad side of bar and tells me I need to buy a download. Is this purchase necessary ? Don't mind if it is to get rid tbh

ASJ112 · 27-04-2013 4:04pm

combofix is free so not sure why its asking you to buy something.

can you go into safe mode and run combofix. Also are you sure you downloaded combofix and not something else ?

Diairist · 27-04-2013 4:11pm

Is this the garda one that says you'll be convicted as a kiddy offender? With the pictures of Her Majesty's police?

I ahd to bring my pc to someone who did the whole malware thing but a few icons disappeared.

Ashbourne hoop · 27-04-2013 7:35pm

ASJ112 wrote: »

combofix is free so not sure why its asking you to buy something.

can you go into safe mode and run combofix. Also are you sure you downloaded combofix and not something else ?

Got rid of it using the download on the met police website. Should I be doing something to try make sure it doesn't come back ? Thanks for your help btw

ASJ112 · 27-04-2013 10:27pm

install malwarebytes, update it, run a quick scan with it

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

corm500 · 10-05-2013 9:58am

I too have this bloody virus. I downloaded hit man pro to a USB flash stick, but my pc does not have USB set up as one of its bootable drives. I can not open the pc even in safe mode as the virus screen is in that too so I need something that will kill it from boot. Is there any way of getting hit man to boot from a cd? Or is there any other cd based program that I can use to boot from?

ASJ112 · 10-05-2013 11:53pm

do the step in post #2 here

http://www.geekstogo.com/forum/topic/288388-unbootable-system-tutorial/

mp22 · 17-05-2013 9:55am

Just a update to this.A friend dropped in there laptop last night locked up with the ukash virus.Samsung laptop on win 7.

Steps taken enable hidden admin account using trinity rescue kit,install malwarebytes run a full scan,did not remove the virus.Installed avast set it to do a boot scan 4 hours later all sorted.

frash · 17-05-2013 11:37am

My sister dropped off her laptop with this virus on it earlier this week and I removed it using some Norton Rescue tool that I had to hand.
All good I thought but now she's saying that she can't connect to her wireless network - it's not seen at all.

Anyone else seen this?

jimmurt · 20-05-2013 4:26pm

I'm after getting rid of it by doing a system restore.

However, it's getting a message saying this version of windows is not genuine at the bootm right hand corner of the screen.

Is this something I should be worried about?

Lelantos · 20-05-2013 4:37pm

jimmurt wrote: »

I'm after getting rid of it by doing a system restore.

However, it's getting a message saying this version of windows is not genuine at the bootm right hand corner of the screen.

Is this something I should be worried about?

Did you enter a genuine Windows product key? If so, you shouldn't get this message, if you used a keygen you will see this message constantly until it's rectified

iggy · 20-05-2013 7:42pm

Got rid of this nasty bugger today.
Ran hitman pro on use stick and deleted the Skype.dat file.
I was able to run malware bytes then.
It wouldn't allow me enter safemode, it would just shutdown laptop.
Hopefully it's gone for good.

jimmurt · 22-05-2013 1:57am

Lelantos wrote: »

Did you enter a genuine Windows product key? If so, you shouldn't get this message, if you used a keygen you will see this message constantly until it's rectified

I got the key off the back of the laptpo near the battery but it's not accepting it after a minute of verification.

superhotarrows · 02-06-2013 9:25pm

iggy wrote: »

Got rid of this nasty bugger today.
Ran hitman pro on use stick and deleted the Skype.dat file.
I was able to run malware bytes then.
It wouldn't allow me enter safemode, it would just shutdown laptop.
Hopefully it's gone for good.

HI, mine keeps shutting down also in safe mode, how do I run the usb before if shuts down? Have Hitman Pro on the usb, Thanks

CHLuke · 13-06-2013 1:53pm

Hi all,
Just wanted to thank the posters who gave some information on how to remove this virus for 'non-techies', really helped out.

Just in case others have encountered this, I found that when I ran the anti-malware, a programme that called itself 'MSConfig' was left over and ran at start up. Once I figured out this wasn't the legit MSconfig and 'ticked it' not to run at start up I had no further problems with it. I think I'll have to go and actively delete it now, but was confused for a while as to why msconfig was giving problems.

Thanks again,
CHLuke

artvandelay48 · 14-06-2013 7:38am

CHLuke wrote: »

Hi all,
Just wanted to thank the posters who gave some information on how to remove this virus for 'non-techies', really helped out.

Just in case others have encountered this, I found that when I ran the anti-malware, a programme that called itself 'MSConfig' was left over and ran at start up. Once I figured out this wasn't the legit MSconfig and 'ticked it' not to run at start up I had no further problems with it. I think I'll have to go and actively delete it now, but was confused for a while as to why msconfig was giving problems.

Thanks again,
CHLuke

Hi,
I had this as well and found that it had installed a startup task called msconfig that ran a window exe using a .dat file in the application data directory. I disabled the task and ran mbam, spy bot and ccleaner. On normal restart, I downloaded and ran combofix and it deleted another few .dat files. It's a bit of a bugger to fix (I had it fixed when I inadvertently ran the msconfig link thinking it was the normal msconfig, der) but you should be able to fix it without taking it to the repair guy.
Thanks for the help,
Art

FireBreather · 03-10-2013 8:02pm

Got one of these today, didn't read it to see the fine, cause i will admit it give me a freight at first haha

All i read is that Gardia has encrypted all my eyes files, shutting down my computer will lead to serious consequences, best thing is, im a Mac, so they couldn't l9ock Malware, but my god this is coming and i can see how it can trick something

In anyway i think people should know straight away, since this is against the law, for The Guards to do that,

this page looked alot more convincing than the images of the one i seen

SamAK · 11-02-2014 1:50am

My question is - what sites were people visiting and HOW do they end up contracting this virus?

I don't have it, just wondering where it comes from..

11-02-2014 8:14am

SamAK wrote: »

My question is - what sites were people visiting and HOW do they end up contracting this virus?

I don't have it, just wondering where it comes from..

Usually sites that claim to provide "free" access to watch sporting events and the like, bypassing subscription services.

sawdoubters · 11-02-2014 8:23am

https://support.norton.com/sp/en/us/home/current/solutions/v71075396_EndUserProfile_en_us

Whatsisname · 18-02-2014 7:32pm

Has anyone gotten this without the garda picture? unzipped a zip file earlier and got a pop up, which shut down everything else and told me to complete a survey and it would unlock my laptop. It had cryptolocker as the popups heading so I'm presuming its that.

I'm in safe mode now running malwarebytes, hoping it works. Has only found 2 threats out of 91k files scanned though.

TheDoc · 28-02-2014 10:59am

Yo

I got the same virus last night., My first virus ever in over 15 years of home computing : /

Dropped my firewall and my anti virus protection on my main pc, trying to resolve an internet connectivity issue on my laptop. Was google hoping trying to find an solution ( had installed ubuntu onto my old laptop but couldnt get internet) and went to a site that said it had a solution then bang my PC restarted, and when I boot up the desktop this thing is locking me down.

I can boot into safe mode with networking so I can download things to remove it, just so far no luck.

Tried Malwarebytes which located some stuff and removed it, but virus is still present when I boot up into normal windows.
I ran spybot search and destroy and same thing.

Would appreciate some recommendations of tools that will remove it, and if anyone who got it, successfully removed it and what you did to do so.

I'm in work until this evneing but please reply, and I'll try everything when I get home and let you know how I get on.

I see a few things in here that looks positive, and I can fully boot into safemode with networking so hopefully can get it removed.

The disabling the Russian font looks like a good shout I didn't catch.

I'm worried that I ran two relatively strong anti-virus scanners which caught somes tuff, but then failed to remove it entirely.

Thanks,
Doc.

Nijinksky · 01-03-2014 11:56pm

If you've tried combofix, mbam, mbam+chameleon, etc, I always keep a cd with Trinity on it.
http://www.tomsguide.com/us/download/Trinity-Rescue-Kit,0301-32458.html

Don't worry if its out of date, when you run it, it auto updates all 5 A/Vs and A/Ts, and runs them.

Please please everyone remember that malware stores itself in your "system restore" also. Open system restore, turn it off for a few minutes (you could disconnect from the net if you're nervous) and turn it back on again.

Careful with Trinity,,, just run the antivirus - no need to do anything else -
Cheers
Tommy

L.Jenkins · 10-03-2014 5:13pm

Wife contracted the nasty little bástard of a virus this evening. Removing it now. Appears to be similar to the FBI virus.

ppshay · 27-05-2014 10:17pm

Trying to clean this at the minute. Booted to Kaspersky Rescue Disk first, no joy. Running Trinity now. Clam AV found some infections but not the Garda Virus. F-Prot found no infections. Running bit defender at now.

This is a slow process.

Can Hitman Pro run from CD?

tippguy2 · 27-05-2014 10:28pm

ppshay wrote: »

Trying to clean this at the minute. Booted to Kaspersky Rescue Disk first, no joy. Running Trinity now. Clam AV found some infections but not the Garda Virus. F-Prot found no infections. Running bit defender at now.

This is a slow process.

Can Hitman Pro run from CD?

Malwarebytes

Nijinksky · 27-05-2014 11:36pm

tippguy2 wrote: »

Malwarebytes

I recommend the following in case I havent posted this before

Go to someone elses computer and download Trinity rescue CD
or if you favour a different boot CD try this site - - - >
xxx technibble.com/large-list-of-useful-computer-repair-cds/

Go to xxx malwarebytes.org and d/l chameleon -
also download and run mbam (you get a months trial of the payware0

If you cant access another computer, then try d/l this

xxx bleepingcomputer.com/download/rkill/

If you've been following this thread, you have enough information now to write a book on FBI/Garda virus

Please insert www dotbefore the addresses I [printed above as it keeps telling me I'm anew user and wont allow me to post URLs

Stubborn Garda virus

Comments