FacebookTwitterLinkedIn

Guardia di Finanza Virus

Also Known As: Guardia di Finanza Ransomware
Damage level: Severe

What is Guardia di Finanza?

The Guardia di Finanza message blocks computer users' screens and is a scam which should not be trusted. This ransomware infection originates from a family of screen lockers called Reveton. This particular infection predominantly targets computer users from Italy and exploits the name of a local authority: 'Guardia di Finanza'.

This authority has no connection with this message - the screen locker was developed and distributed by cyber criminals. If computer users pay the bogus 100 Euro fine, the money is sent to cyber criminals.

Guardia di Finanza Ukash virus

The message states that the computer was locked due to the user viewing child pornography, etc. These statements are false and delivered to scare PC users into paying the bogus fine. Ransomware infections such as these are often localised. For example, PC users from the USA observe this message in English as if delivered from the 'Department of Justice'.

This localisation is achieved since ransomware viruses are capable of detecting computers IP addresses, and thus able to determine in which country the machine operates.

If you observe the 'Guardia di Finanza' message on your screen, your PC is infected with a virus and you should not pay any fines. The correct way to deal with this scam is to eliminate it from your computer.

The Guardia di Finanza Ukash virus is distributed using drive-by downloads and by exploiting security vulnerabilities within users' computers. Commonly, Cyber criminals exploit Java, Flash, and other installed software security holes in order to proliferate their rogue software and ransomware infections.

To protect your system, always keep your installed software and operating system up-to-date. Moreover, use legitimate antivirus and antispyware software.

The 'Guardia di Finanza' message is fake. If you pay the 100 Euro fine, you will lose your money and there is no guarantee that your computer will be unlocked. To eliminate this scam from your PC, use the removal instructions provided.

Ukash (Smart Voucher Limited) is a legitimate company and not related to ransomware viruses - cyber criminals use this service to extort money from unsuspecting PC users.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Guardia di Finanza Ukash virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Guardia di Finanza Ukash virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

Cannot boot in Safe Mode with Networking? (Guardia di Finanza Ukash virus blocks Safe Mode with Networking)

If you have more than one user account on your operating system, please log-in to a clean account and download recommended malware removal software, install it, and run a full system scan. Remove all security infections detected.

If, however, you have only one user account, please follow this guide (the guide describes how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove the Guardia di Finanza ransomware).

If Guardia di Finanza also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly-created user account ('removevirus'). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Guardia di Finanza ransomware.

Alternative Guardia di Finanza Ukash virus removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Guardia di Finanza Ukash virus.

Other tools known to remove the Guardia di Finanza Ukash virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Guardia di Finanza Ransomware QR code
Scan this QR code to have an easy access removal guide of Guardia di Finanza Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.