The An Garda Síochána Ukash Ransom-ware is a computer virus, which will display a bogus alert, that pretends to be from the An Garda Síochána of Belgium and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The An Garda Síochána virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of 100 Euro in the form of a Ukash or PaySafecard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.
If your computer is infected with An Garda Síochána virus,then you are seeing any of the below screens:
The bogus notification from the An Garda Síochána will display the following message:
Your computer is locked
Your computer has been locked by the automated information control system (AICS)
What is the reason?
This could be due to one of the following reasons:
1. Your computer has been used to view banned Web sites
2. Your computer has been used to view Web sites containing child pornography
3. Your computer has been used to illicit information exchange
4. Your computer has been used for storing / viewing pirated content
What should I do?
According to “Information Security and Control Act (ISCA) 2012”, you are required to pay a fine of € 100. For the convenience of paying the fine we provide a secure payment gateway for Ukash Vouchers. You need to buy Ukash voucher(s) for sum of € 100 and enter the 19 (sometimes 16) digit code written on the voucher to the secure payment form, then press “Submit Code” button to send the code.
What will happen after I submit the code?
Once the Ukash voucher code is verified by our system your computer will be immediately unlocked.
If you want to pay a fine using two codes of € 50 each – you should enter the first code, after receiving confirmation, the second code.
What if I have problems?
If for any reason you can not pay the fine through a secure payment form, you will need to send an e-mail to info@online-cyber-police.com, stating your IP address and Ukash voucher code (19 digits or 16 digits) of total sum € 100. Once the code is verified by our system your computer will be immediately unlocked.
An Garda Síochána is nothing more than a scam and you should ignore any alert that this malicious software might generate and remove this Trojan ransom-ware from your computer.
Under no circumstance should you send any money to An Garda Síochána cyber criminals,as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
An Garda Síochána Ukash Ransom-ware – Virus Removal Guide
STEP 1: Remove An Garda Síochána lock screen from your computer
An Garda Síochána Ukash Ransom has modified your Windows registry and added its malicious files to run at start-up, so whenever you’re trying to boot your computer it will launch instead its bogus notification.To remove these malicious changes,we can use any of the below methods :
Method 1: Start your computer in Safe Mode with Networking and scan for malware
Some variants of An Garda Síochána virus will allow the users to start the infected computer in Safe Mode with Networking without displaying the bogus lock screen. In this first method, we will try to start the computer in Safe Mode with Networking and then scan for malware to remove the malicious files.
- Remove all floppy disks, CD’s, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
- If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the An Garda Síochána virus didn’t allow you to start the computer in Safe Mode with Networking,you’ll need to follow Method 2 to get rid of its lock screen.
Method 2: Restore Windows to a previous state using System Restore
System Restore can return your computer system files and programs to a time when everything was working fine, so we will try to use this Windows feature to get rid of An Garda Síochána lock screen.
- Restart your computer, and then press and hold F8 during the initial start-up to start your computer in safe mode with a Command prompt.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - Use the arrow keys to select the Safe mode with a Command prompt option.
- At the command prompt, type cd restore, and then press ENTER.
Next,we will type rstrui.exe , and then press ENTER
- The System Restore window will start and you’ll need to select a restore point previous to this infection.
- After System Restore has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the An Garda Síochána virus didn’t allow you to start the computer in Safe Mode with Command Prompt you’ll need to follow Method 3, to get rid of its screen lock.
Method 3: Remove An Garda Síochána virus with HitmanPro Kickstart
IF you couldn’t boot into Safe Mode with Command Prompt or didn’t have a System Restore point on your machine, we can use HitmanPro Kickstart to bypass this infection and access your computer to scan it for malware.
- We will need to create a HitmanPro Kickstart USB flash drive,so while you are using a “clean” (non-infected) computer, download HitmanPro from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro) - Insert your USB flash drive into your computer and follow the instructions from the below video:
- After you have create the HitmanPro Kickstart USB flash drive, you can insert this USB drive into the infected machine and start your computer.
- Once the computer starts, repeatedly tap the F11 key (on some machines its F10 or F2),which should bring up the Boot Menu, from there you can select to boot from your USB.
Next,you’ll need to perform a system scan with HitmanPro as see in the below video:
- After HitmanPro Kickstart has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
STEP 2: Remove An Garda Síochána malicious files from your computer
No matter what method you used to get rid of An Garda Síochána lock screen, we will need to remove its malicious files from your computer.
Please download and run a scan with the following scan to completely remove An Garda Síochána virus from your computer.
Run a computer scan with Malwarebytes Anti-Malware Free
- You can download Malwarebytes Anti-Malware Free from the below link,then double click on it to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - When the installation begins, keep following the prompts in order to continue with the setup process.
DO NOT make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked,then click on the Finish button.
- On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
- Malwarebytes’ Anti-Malware will now start scanning your computer for An Garda Síochána malicious files as shown below.
- When the Malwarebytes scan will be completed,click on Show Result.
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
- After your computer will restart, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
Run a computer scan with HitmanPro
- Download HitmanPro from the below link,then double click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
- HitmanPro will start scanning your computer for An Garda Síochána malicious files as seen in the image below.
- Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove these malicious files.
- Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.