FacebookTwitterLinkedIn

Guardia Civil Virus

Also Known As: Guardia Civil Ransomware
Damage level: Severe

What is Guardia Civil?

The Guardia Civil message, "Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal", demands payment of a 100 Euro fine using Ukash or paysafecard in order to unblock your computer. This is a scam. The message is not sent by any legitimate authorities from Spain, it is a ransomware virus created by cyber criminals.

The virus originates from a family of related rogue programs called Kovter and targets PC users from Spain.

This ransomware virus infiltrates users' operating systems using various 'exploit kits', which rely on outdated software in order to infect users' PCs. After successful infiltration, the Guardia Civil virus blocks the desktop, demanding payment of a fine for allegedly watching and distributing child pornography.

Guardia Civil virus

A unique and devious aspect of this particular ransomware virus is that, prior to blocking the desktop, the virus redirects users of infected machines to actual child pornography websites. By doing do, cyber criminals responsible for creating this scam, hope that PC users will believe they have committed a crime and pay the 100 Euro bogus fine.

Note that paying this fine is equivalent to sending your money to cyber criminals. In fact, no authorities, internationally (including the Guardia Civil), use computer screen-blocking messages to collect fines for any law violations.

If your screen is blocked with a message purportedly from the Guardia Civil (El contenido ilegal mencionado - 610 Mb de archivos de vídeo - ha sido clasificado automáticamente como pornografía infantil.), your system is infected with a ransomware virus. Do not trust this message or pay any fines. The correct way to deal with this message is to eliminate it from your computer.

The Guardia Civil is just one of many authority names exploited by cyber criminals in order to make their ransomware viruses appear authentic. Previous ransomware targeting PC users from Spain exploited the name of Grupo de Delitos Telemáticos.

As ransomware viruses are distributed using exploit kits, the best way to protect your computer is to keep all installed programs up-to-date and use legitimate antivirus and anti-spyware programs to safeguard Internet browsing. If your computer is already infected with the Guardia Civil virus, use the removal instructions provided to eliminate this scam from your operating system.

A fake message presented by the Guardia Civil virus:

Guardia Civil.

Su ordenador ha sido bloqueada debido a la sospecha de descarga y distribución de contenido ilegal.
El contenido ilegal mencionado (610 Mb de archivos de vídeo) ha sido clasificado automáticamente como pornografía infantil.
Dichas acciones violan total o parcialmente las siguiente leyes españolas: Libro II; Título VIII; Capítulo VII La pornografía infantil se regula en el artículo 189 del Código Penal Español: 1. Será castigado con la pena de prisión de uno a tres afros) a) El que utilizare a menores de edad o a incapaces con fines o en espectáculos exhibicionistas o pornográficos, tanto públicos como privados, o para elaborar cualquier clase de material pornográfico, o financiare cualquiera de estas actividades. El que produjere, vendiere, distribuyere, exhibiere o facilitare la producción, venta, difusión o exhibición por cualquier medio de material pornográficos en cuya elaboración hayan sido utilizados menores de edad o incapaces, aunque el material tuviere su origen en el extranjero o fuere desconocido. El que haga participar a un menor o incapaz en un comportamiento de naturaleza sexual que perjudique la evolución o desarrollo de la personalidad de éste, será castigado con la pena de misión de seis meses a un año o multa de seis a doce meses.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Guardia Civil virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with this virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of this virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk.

Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer. After removing the Guardia Civil virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Guardia Civil virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Guardia Civil Ransomware QR code
Scan this QR code to have an easy access removal guide of Guardia Civil Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.