GARDA Virus - Your computer has been blocked
Written by Tomas Meskauskas on (updated)
What is GARDA?
The GARDA (The Guardians of the Peace of Ireland and The National Crime Prevention unit) message, "Your computer has been blocked up for safety reasons listed below", blocks computer screens and demands payment of a 100 Euro fine using PaySafeCard or Ukash to unblock the PC. This is a scam.
The message makes fake accusations of law infringements (viewing/storage and/or dissemination of child pornography/zoophilia/rape, downloading of pirated music, videos, warez, etc.) in order to scare unsuspecting PC users from Ireland into paying the bogus fine.
Note that paying the fine when ordered by this message (screenshot below) is equivalent to sending your money to cyber criminals.
This message is a security infection called a ransomware virus. It blocks the computer screen and demands payment of a ransom in order to unblock it. This particular ransomware virus originates from a family called Urausy and targets PC users from Ireland.
Cyber criminals responsible for developing this scam exploit the name of 'GARDA', "The Guardians of the Peace of Ireland" and "The National Crime Prevention Unit". PC users should be aware that these authorities do not use computer screen-blocking messages to collect fines for any law violations.
In fact, no authorities, internationally, use such messages to collect fines for law infringements. If you observe this type of message on your screen, your PC is infected with a ransomware virus. Do not pay any fines. The correct way to deal with this message is to eliminate it from your computer.
Update 2015/02/05 - Cyber criminals have updated the design of GARDA ransomware virus:
GARDA is just one legitimate authority whose name is exploited by cyber criminals to trick computer users into paying bogus fines. Cyber criminals responsible for creating ransomware from the Urausy family have created many localized variants of their fake screen-blocking messages.
These ransomware infections are capable of determining the IP address of the computer targeted for infiltration, and thus, present their victims with localized versions of the deceptive message using the local language and authority names.
For example, ransomware targeting PC users from the USA exploits the name of Mandiant U.S.A Cyber Security. If your computer is already infected with the GARDA "Your computer has been blocked" ransomware virus, use the removal guide provided to eliminate this scam from your PC.
A fake message presented by the GARDA "Your computer has been blocked" ransomware virus:
GARDA.
The Guardians of the Peace of Ireland.
The National Crime Prevention unit.
ATTENTION!
Your computer has been blocked up for safety reasons listed below.You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Ireland criminal law.
Article 161 of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Ireland criminal law.
Article 148 of Commonwealth of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorised access has been stolen to information of State importance and to data close for public Internet access.
Unauthorised access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of Commonwealth of Ireland criminal law ("Law on negligent reckless disregard of computers and computer aids").
Article 215 of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to AUD $100,000 fine.
Further after information of your personal computer was examined, it was found that your personal computer has been regularly used for bulk-spamming either arranged by yourself purposely on mercenary motives, or with ought your knowledge and consent, provided your computer could have been affected my malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently you are suspected - until the investigation is held - of innocent infringement of Article 301 of Commonwealth of Ireland criminal law ("On bulk-spamming and malware (virus) dissemination").
Article 301 of Ireland criminal law provide for the punishment of deprivation of liberty for term from 5 years, and up to AUD $250,000 fine.
Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as for commission of crimes per above Articles. Criminal case can be submitted to court.
However, pursuant to Amendments to Commonwealth of Ireland criminal law dated july 10, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine of the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.Amount of fine is 100 Euro. You can settle the fine with Ukash or PaySafeCard vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
Please mind that you should enter only verified pass of vouchers and abstain from caching out of vouchers once used for the fine payment. If erroneous pass were entered, or if attempt was made to cancel vouchers after transaction then, apart from above breaches, you will be charged with fraud (Article 377 of Ireland criminal law, 1 to 3 years of imprisonment) and criminal case will be opened.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is GARDA Virus - Your computer has been blocked?
- STEP 1. "GARDA Virus - Your computer has been blocked" virus removal using safe mode with networking.
- STEP 2. "GARDA Virus - Your computer has been blocked" ransomware removal using System Restore.
GARDA "Your computer has been blocked" ransomware virus removal:
Step 1
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".
Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Step 2
Log in to the account infected with the GARDA "Your computer has been blocked" ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the GARDA "Your computer has been blocked" ransomware virus infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the GARDA "Your computer has been blocked" ransomware virus.
Other tools known to remove the GARDA "Your computer has been blocked" ransomware virus:
▼ Show Discussion