Guardia Civil virus is a seriously dangerous ransomware, which is designed for tricking PC users who live in Spain. It can be defined by its fake warning message, which starts with words 'Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal', that mean 'Your computer has been locked for downloading and distributing illegal content'. Of course, this message is fake and it is used for the only aim – hackers expect that it will help them to collect 100 euro from each of the victims. That's why we highly recommend ignoring all huge messages that may appear on your computer's desktop out of nowhere. No matter that they may look like they belong to some govenrmental authority, in reality such warnings belong to hackers. For unlocking your computer, you have to remove Guardia Civil virus from the system.
HOW CAN I GET INFECTED WITH Guardia Civil virus?
Guardia Civil virus is usually spread by trojan horse, which infiltrates computers without any sign. You can prevent its infiltration by following safe browsing practices what means you have to avoid illegal websites, stop using copyrighted content and also ignore all emails that were sent to you by unknown sources. This trojan takes a really important part in the distribution of Guardia Civil virus. It not only downloads its files onto the system but also blocks computer in order to prevent the removal of this ransomware. As soon as this procedure is finished, Guardia Civil virus shows its fake alert:
Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal.
El contenido ilegal mencionado (610 Mb de archivos de vídeo) ha sido clasificado automáticamente como pornografía infantil.
Dichas acciones violan total o parcialmente las siguiente leyes españolas: Libro II; Título VIII; Capítulo VII La pornografía infantil se regula en el artículo 189 del Código Penal Español: 1. Será castigado con la pena de prisión de uno a tres afros) a) El que utilizare a menores de edad o a incapaces con fines o en espectáculos exhibicionistas o pornográficos, tanto públicos como privados, o para elaborar cualquier clase de material pornográfico, o financiare cualquiera de estas actividades. El que produjere, vendiere, distribuyere, exhibiere o facilitare la producción, venta, difusión o exhibición por cualquier medio de material pornográficos en cuya elaboración hayan sido utilizados menores de edad o incapaces, aunque el material tuviere su origen en el extranjero o fuere desconocido. El que haga participar a un menor o incapaz en un comportamiento de naturaleza sexual que perjudique la evolución o desarrollo de la personalidad de éste, será castigado con la pena de misión de seis meses a un año o multa de seis a doce meses.
Of course, this message is fake and you must ignore it. Paying the fine doesn't help to unlock computers. For that, you will have to follow a special Guardia Civil virus removal guide.
HOW TO REMOVE Guardia Civil virus?
If you are infected with Guardia Civil virus, you shouldn't waste your time because this virus may try to steal your personal information, such as your passwords, browsing habbits and similar data. We recommend using these instructions and eliminating virus from the system:
- Reboot your infected computer.
- Click Start -> Run and enter http://www.2-spyware.com/download/hunter.exe (if your are blocked by ransomware, press alt+tab and continue entering this address)
- A warning that belongs to ransomware may show up again. In this case, press Alt+Tab and "R" as much as needed.
- Install anti-malware and run a full system scan to remove malicious files from the system.
Manual Guardia Civil virus removal:
- Reboot you infected PC to 'Safe mode with command prompt' to disable thisI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated SpyHunter, STOPzilla or other reputable anti-spyware to remove remaining files.
Flash drive method:
1. Take another machine and use it to download SpyHunter or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Guardia Civil virus once more and run a full system scan.
* Users infected with these ransomware threats are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
and Agreement of Use