Click on screenshot to zoom
Danger level 8
Type: Malware
Common infection symptoms:
  • Installs itself without permissions
  • Changes background
  • Normal system programs crash immediatelly

GARDA Virus

When you get infected with GARDA Virus you see a notification on your screen that says “Your computer has been blocked up for safety reasons listed below”. Unfortunately, GARDA Virus has nothing to do with computer safety, as it is a computer infected created by cyber criminals. They deny you desktop access in hopes of making you believe that you have committed a serious crime and now you need to pay (financially). However, do not succumb to these threats and remove GARDA Virus from your system as soon as you can. And while you are at it – remove all the other infections that are bound to be there.

GARDA Virus is part of the Ukash Virus group, just like FBI MoneyPak Virus and the most recent infections Australian Communications and Media Authority virus or Metropolitan British Police Virus. These computer threats are being distributed by Urausy Trojan, which means that you need to be extremely attentive when you browse the Internet or download various freeware applications. Avoid clicking on outgoing links to unreliable websites, and do not visit web pages that are full of adware and pop-up commercial ads – clicking on such an ad may result in getting infected with GARDA Virus at once.

This infection is intended for the computer users in Ireland. It is rather obvious, because it has Irish flag on its interface, as well the symbols and insignia of the Irish law enforcement authorities (The Guardians of the Peace of Ireland, The National Crime Prevention Unit). However, just because it is full of law enforcement authorities symbols it does not mean you need to trust it. The message displayed by GARDA Virus may seem threatening, but you need to realize that you have done nothing wrong, and the message is only a hoax designed to swindle you out of your money:

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Ireland criminal law.

The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is 100 Euro. You can settle the fine with Ukash or PaySafeCard vouchers.

By making use of Ukash and PaySafeCard, GARDA Virus is able to collect money even from those users who do not own a credit card or have a bank account. But that does not mean you have to be one of them. Follow the instructions below to unlock your PC and then remove GARDA Virus with a legitimate computer security tool. Do not hesitate to invest in your system security, because you can never know when another similar infection will arrive again.

How to restore desktop access

Windows 8

  1. Press Windows key for metro Start menu to show up.
  2. Click the built-in Internet Explorer tile.
  3. Type http://www.pcthreat.com/download-sph into the address bar and hit Enter.
  4. Click Run on the download dialog box and install SpyHunter.
  5. Scan your system.

Windows Vista & Windows 7

  1. Reboot the PC and press F8 repeatedly.
  2. When Advanced Boot Options menu shows up, select Safe Mode with Networking and press Enter.
  3. Access http://www.pcthreat.com/download-sph and download SpyHunter.
  4. Install the program and scan your PC.

Windows XP

  1. Follow the steps 1 and 2 above.
  2. Click Yes on a confirmation box.
  3. Download SpyHunter.
  4. Open Start menu and launch Run.
  5. Enter “msconfig” into the Open box and press OK.
  6. Select Startup tab on System Configuration Utility.
  7. Uncheck all programs on the list and press OK.
  8. Reboot the PC in Normal mode.
  9. Install SpyHunter and scan your system.

If you have any problem with GARDA Virus removal, feel free to leave a comment below and ask a question about it.

Download Spyware Removal Tool to Remove* GARDA Virus
  • Quick & tested solution for GARDA Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove GARDA Virus

Files associated with GARDA Virus infection:

C87C.exe
xlqbteeb.exe
NTServiceManager.exe
xmlfilter.exe
%AppData%
%LOCALAPPDATA%\lollipop
%APPDATA%\Task Scheduler
msn.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
csrsss.exe
uenovfiu.exe
idiokbbrv.exe
ifgxpers.exe
DLL321.dll
m2PythonLoader.exe
Q3d38543.exe
aPr0hY9.exe
50E1.exe
bvhylsviw.exe
secproc_isv.exe
rvcbcyks.exe
obvwo.exe
msshell.exe
%APPDATA%\system
Other.res
wlsidten.exe
ubvhynpxh.exe
%ALLUSERSPROFILE%\Application Data
scvhost.exe
%APPDATA%\updates
wgsdgsdgdsgsd.exe
3511172082012Build.exe
msdtmsrd.exe
MusicCollector.exe
zqmkrehUkpoKfsafsaZg.exe
najeoxtt.exe
ssntvs.exe
skype.dat
VaultSysUi.exe
魔法桌面第三方主题破解补丁V1.1.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
setex.exe
WinSyncMetastore.exe
audipbrd.exe
crack.exe
ctfmon.exe
yaiiwockc.dll
sqlncli.exe
brenasa.exe
msnmsgrr.exe
%LOCALAPPDATA%\Temp
%ALLUSERSPROFILE%
%TEMP%
wahneaqa.exe
svchost.exe
%SystemDrive%\????????????
bf8h8d02hf.exe
rool0_pk.exe
wjthvwjb.dss
%WINDIR%\system32
JfCqQ5JC.exe
%CommonProgramFiles%
pYunY8m4VL3qLc.exe
TimeDateMUICallback.exe
Task Scheduler.exe
ex3b.dll
n.
jsdhlexdqkllnbcxgai.bfg
2084473.dll
puozlkmyj.dll
acuvzomo.exe
systemcpl.exe
DA0B.exe
Piranha.exe
wlsidten.dll
hwj3ba6j.dss
xctqakcqbeo.dll
%UserProfile%
87b2cb3916261d5c807bf44262755cb0.exe
ieudator.dll
comeo.exe
SyncHostps.exe
UpdatePriv.exe
mplayer2.exe
OmaSG21e.exe
ACEIEAddOn.dll
dtkmujvo.exe
b34btbztdb0vavaw.exe
iner.exe
bzsbkotiu.exe
oygqyunapnp.exe
%WINDIR%\Temp
Updating.exe
UpgradeHelper.exe
96dddda4.dll
p1.exe
dqnbdq7.dss
gcrwcoak.exe
taskhost.exe.exe
00qbipeq.exe
administration.exe
00b5d693.exe
xaZYOVJW.exe
dyjdl.exe
questscan.dll
securitywindrv.exe
pmstcdjwz.exe
Firewallservice.exe
install_0_msi.exe
Nbt.exe
WINDED6.exe
msavfit.exe
wpbt0.dll
videotwisterSA.exe

GARDA Virus DLL's to remove:

2084473.dll
wlsidten.dll
questscan.dll
xctqakcqbeo.dll
ACEIEAddOn.dll
ieudator.dll
yaiiwockc.dll
puozlkmyj.dll
ex3b.dll
DLL321.dll
96dddda4.dll
wpbt0.dll

GARDA Virus processes to kill:

WINDED6.exe
mplayer2.exe
obvwo.exe
m2PythonLoader.exe
3511172082012Build.exe
ctfmon.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
msdtmsrd.exe
idiokbbrv.exe
administration.exe
xlqbteeb.exe
WinSyncMetastore.exe
bvhylsviw.exe
iner.exe
Task Scheduler.exe
dyjdl.exe
sqlncli.exe
xaZYOVJW.exe
msn.exe
50E1.exe
aPr0hY9.exe
secproc_isv.exe
NTServiceManager.exe
securitywindrv.exe
wgsdgsdgdsgsd.exe
comeo.exe
87b2cb3916261d5c807bf44262755cb0.exe
C87C.exe
OmaSG21e.exe
b34btbztdb0vavaw.exe
zqmkrehUkpoKfsafsaZg.exe
DA0B.exe
xmlfilter.exe
systemcpl.exe
JfCqQ5JC.exe
rool0_pk.exe
UpgradeHelper.exe
SyncHostps.exe
oygqyunapnp.exe
gcrwcoak.exe
setex.exe
acuvzomo.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
crack.exe
taskhost.exe.exe
Firewallservice.exe
00b5d693.exe
魔法桌面第三方主题破解补丁V1.1.exe
audipbrd.exe
ssntvs.exe
rvcbcyks.exe
bzsbkotiu.exe
csrsss.exe
wlsidten.exe
wahneaqa.exe
svchost.exe
dtkmujvo.exe
install_0_msi.exe
msnmsgrr.exe
najeoxtt.exe
brenasa.exe
TimeDateMUICallback.exe
Q3d38543.exe
pmstcdjwz.exe
ifgxpers.exe
VaultSysUi.exe
00qbipeq.exe
scvhost.exe
pYunY8m4VL3qLc.exe
Updating.exe
videotwisterSA.exe
Piranha.exe
Nbt.exe
msavfit.exe
msshell.exe
ubvhynpxh.exe
p1.exe
MusicCollector.exe
uenovfiu.exe
UpdatePriv.exe
bf8h8d02hf.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.