10/12/2012

An Garda Síochána virus. How to remove

An Garda Síochána is another ransomware that infects systems with great power nowadays. As any other ransomware this one has the main aim of getting your money by fooling you into this. How exactly does it do that? When An Garda Síochána virus penetrates inside your system it automatically blocks it and leaves you with one message on a screen.

An Garda Síochána

The message says that your system has been noticed spreading some sort of illegal materials through the web, or that you have been visiting such suspicious sites with illegal adult content. And that is why An Garda Síochána has blocked your entire system. If you want your machine to be unblocked you need to pay certain sum of money. But we have the better decision to this problem. Do not pay your money to these hackers. You can delete An Garda Síochána virus manually with us.

Removal guide of An Garda Síochána virus:

STEP 1.

Reboot the infected computer and get into safe mode with networking. When you have pressed the restart button, please keep pressing F8 on your keyboard until a black screen with several commands appears. Then use the arrow keys to select Safe Mode with Networking and press ENTER

Safe mode with Networking

STEP 2.

Install GridinSoft Trojan Killer. Press Ctrl+Alt+Del at the same time or right click on the Task Bar to open the Windows Task Manager

STEP 3.

End the process [An Garda Síochána.].exe

Windows Task Manager

STEP 4.

Open Control Panel from Start menu and search for Folder Options

ControlPanel FolderOptions

STEP 5.

Under View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) then click OK

Folder Options

STEP 6.

Open Registry Editor by pressing Win+R keys.

Run+regedit Registry Editor

STEP 7.

Delete An Garda Síochána files:

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-.exe
  • %AppData%\result.db
  • %CommonStartMenu%\Programs\ rnd.lnk

STEP 8.

Delete An Garda Síochána registry entries:

  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\{random}
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{random}.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

STEP 9.

If all steps are carefully done, you recommended to scan your PC with the reputable anti-virus recommended below.

Source: http://www.deletemalware.net/garda-siochana-irelands-national-police-service-virus/

No comments:

Post a Comment