Anyone ever heard of the "Garda" virus?

[RICKIB3]

Hi Guys,

I think this type of virus has been out a while, I had this recently with a customer repair job I done.

Basically the computer virus claims to be the authorities (police) over here which are referred to as the Garda. It requests a payment to remove it and stops the explorer shell or anything loading.

Trying to access via safe mode is also another joke and the only way I have removed it is by doing an external scan on the hard drive.

Anyone came across this particular virus and any luck of removing it without having to pull the hard drive?

 

[CTech]

Very Common. I've had luck with KAV10 Rescue Disk - just make sure the machines got a hardline connection to the net so it can do its updates

 

[RICKIB3]

Thanks for the advice, and thanks to Alice too who PM'd me about this.

I normally have no problems with virus removal for customers but I just found this persistent and the last time around it took quite a while,

I will look into both yours and Alice's methods as I would hate to waste as much time as last time next time around when I come across it.

Thanks again for your help

 

[ohio_grad_06]

Backdoor trick. In the US we got a lot similar to those called FBI viruses. Got pretty good at removing those little guys. But the other trick was boot the computer up in "Safe Mode with Command Prompt", many times the machine would boot to safe mode with a command prompt, then you could type in something like control panel, press enter to launch the control panel window, and you could then use the address bar there to navigate to your external drives with your scanners, etc. Or try typing in explorer to try to load the desktop gui. Of course if that method does not work, kaspersky rescue disc should get things going for you.

 

[Rocco]

Most of the time, as somebody else said, you can clear it easily by going into Safe mode with command prompt, type control. Create a new admin account. Restart in regular windows, logon with new account, and clear it up. 10 minutes.

There are other variations though that this is not possible. Maybe safe mode in command prompt is disabled. I am certain there are easier ways to deal with this, but I just use a USB drive to boot to a stripped down Linux with virus scan programs. Pretty quick and easy.

 

[Markverhyden]

Yep, sounds like a localized version of what we have seen over here called the FBI virus. I've used KRD, Kaspersky Rescue Disk, with great success.

The link below goes to a page that discussing making a USB stick and how to update it periodically. Doing an online update does stay with the USB stick but their updates speeds are really slow.

http://agnipulse.com/2009/12/kaspersky-rescue-disk-updater/

 

[Boston Pro Comp Serv LLC]

On some of them I used to just use a boot disk and launch regedit. Find it's execution entry and kill it, reboot and the automated scans find the rest

 

[SpaceSquad]

Hitman Pro Kickstart?

Gets rid of pretty much every ransomware.

 

[Easy PC]

Did 1 of these today. As already mentioned...boot into safe mode with networking, ran Malware Bytes from D7 on a quick scan and it removed the virus.