Guardia Civil Virus

What is Guardia Civil?

The Guardia Civil message, "Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal", demands payment of a 100 Euro fine using Ukash or paysafecard in order to unblock your computer. This is a scam. The message is not sent by any legitimate authorities from Spain, it is a ransomware virus created by cyber criminals.

The virus originates from a family of related rogue programs called Kovter and targets PC users from Spain.

This ransomware virus infiltrates users' operating systems using various 'exploit kits', which rely on outdated software in order to infect users' PCs. After successful infiltration, the Guardia Civil virus blocks the desktop, demanding payment of a fine for allegedly watching and distributing child pornography.

A unique and devious aspect of this particular ransomware virus is that, prior to blocking the desktop, the virus redirects users of infected machines to actual child pornography websites. By doing do, cyber criminals responsible for creating this scam, hope that PC users will believe they have committed a crime and pay the 100 Euro bogus fine.

Note that paying this fine is equivalent to sending your money to cyber criminals. In fact, no authorities, internationally (including the Guardia Civil), use computer screen-blocking messages to collect fines for any law violations.

If your screen is blocked with a message purportedly from the Guardia Civil (El contenido ilegal mencionado - 610 Mb de archivos de vídeo - ha sido clasificado automáticamente como pornografía infantil.), your system is infected with a ransomware virus. Do not trust this message or pay any fines. The correct way to deal with this message is to eliminate it from your computer.

The Guardia Civil is just one of many authority names exploited by cyber criminals in order to make their ransomware viruses appear authentic. Previous ransomware targeting PC users from Spain exploited the name of Grupo de Delitos Telemáticos.

As ransomware viruses are distributed using exploit kits, the best way to protect your computer is to keep all installed programs up-to-date and use legitimate antivirus and anti-spyware programs to safeguard Internet browsing. If your computer is already infected with the Guardia Civil virus, use the removal instructions provided to eliminate this scam from your operating system.

A fake message presented by the Guardia Civil virus:

Guardia Civil.

Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal.
El contenido ilegal mencionado (610 Mb de archivos de vídeo) ha sido clasificado automáticamente como pornografía infantil.
Dichas acciones violan total o parcialmente las siguiente leyes españolas: Libro II; Título VIII; Capítulo VII La pornografía infantil se regula en el artículo 189 del Código Penal Español: 1. Será castigado con la pena de prisión de uno a tres afros) a) El que utilizare a menores de edad o a incapaces con fines o en espectáculos exhibicionistas o pornográficos, tanto públicos como privados, o para elaborar cualquier clase de material pornográfico, o financiare cualquiera de estas actividades. El que produjere, vendiere, distribuyere, exhibiere o facilitare la producción, venta, difusión o exhibición por cualquier medio de material pornográficos en cuya elaboración hayan sido utilizados menores de edad o incapaces, aunque el material tuviere su origen en el extranjero o fuere desconocido. El que haga participar a un menor o incapaz en un comportamiento de naturaleza sexual que perjudique la evolución o desarrollo de la personalidad de éste, será castigado con la pena de misión de seis meses a un año o multa de seis a doce meses.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Guardia Civil?
• STEP 1. "Guardia Civil" virus removal using safe mode with networking.
• STEP 2. "Guardia Civil" ransomware removal using System Restore.

Guardia Civil virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with this virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

3. Next, type this line: rstrui.exe and press ENTER.

4. In the opened window click "Next".

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).

6. In the opened window click "Yes".

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of this virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk.

Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer. After removing the Guardia Civil virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Guardia Civil virus:

• Malwarebytes Anti-Malware

▼ Show Discussion