Guardia di Finanza Virus
Written by Tomas Meskauskas on (updated)
What is Guardia di Finanza?
The Guardia di Finanza message blocks computer users' screens and is a scam which should not be trusted. This ransomware infection originates from a family of screen lockers called Reveton. This particular infection predominantly targets computer users from Italy and exploits the name of a local authority: 'Guardia di Finanza'.
This authority has no connection with this message - the screen locker was developed and distributed by cyber criminals. If computer users pay the bogus 100 Euro fine, the money is sent to cyber criminals.
The message states that the computer was locked due to the user viewing child pornography, etc. These statements are false and delivered to scare PC users into paying the bogus fine. Ransomware infections such as these are often localised. For example, PC users from the USA observe this message in English as if delivered from the 'Department of Justice'.
This localisation is achieved since ransomware viruses are capable of detecting computers IP addresses, and thus able to determine in which country the machine operates.
If you observe the 'Guardia di Finanza' message on your screen, your PC is infected with a virus and you should not pay any fines. The correct way to deal with this scam is to eliminate it from your computer.
The Guardia di Finanza Ukash virus is distributed using drive-by downloads and by exploiting security vulnerabilities within users' computers. Commonly, Cyber criminals exploit Java, Flash, and other installed software security holes in order to proliferate their rogue software and ransomware infections.
To protect your system, always keep your installed software and operating system up-to-date. Moreover, use legitimate antivirus and antispyware software.
The 'Guardia di Finanza' message is fake. If you pay the 100 Euro fine, you will lose your money and there is no guarantee that your computer will be unlocked. To eliminate this scam from your PC, use the removal instructions provided.
Ukash (Smart Voucher Limited) is a legitimate company and not related to ransomware viruses - cyber criminals use this service to extort money from unsuspecting PC users.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is Guardia di Finanza?
- STEP 1. "Guardia di Finanza" virus removal using safe mode with networking.
- STEP 2. Remove "Guardia di Finanza" using safe mode with command prompt.
- STEP 3. "Guardia di Finanza" ransomware removal using System Restore.
- STEP 4. Remove "Guardia di Finanza" manually by deleting files and registry entries.
Guardia di Finanza Ukash virus removal:
Step 1
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Video showing how to start Windows 8 in "Safe Mode with Networking":
Step 2
Log in to the account infected with Guardia di Finanza Ukash virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
Cannot boot in Safe Mode with Networking? (Guardia di Finanza Ukash virus blocks Safe Mode with Networking)
If you have more than one user account on your operating system, please log-in to a clean account and download recommended malware removal software, install it, and run a full system scan. Remove all security infections detected.
If, however, you have only one user account, please follow this guide (the guide describes how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove the Guardia di Finanza ransomware).
If Guardia di Finanza also blocks your operating system's Safe Mode with Networking, follow these removal instructions:
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.
3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.
4. Finally, enter this line: shutdown -r and press ENTER.
5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly-created user account ('removevirus'). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.
6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:
If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Guardia di Finanza ransomware.
Alternative Guardia di Finanza Ukash virus removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.
3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Guardia di Finanza Ukash virus.
Other tools known to remove the Guardia di Finanza Ukash virus:
Outstanding!
▼ Show Discussion