FacebookTwitterLinkedIn

GARDA Virus - Your computer has been blocked

Also Known As: The National Crime Prevention Unit Ransomware
Damage level: Severe

The Guardians of the Peace of Ireland Virus "Your computer has been blocked up for safety reasons" removal instructions

What is GARDA?

The GARDA (The Guardians of the Peace of Ireland and The National Crime Prevention unit) message, "Your computer has been blocked up for safety reasons listed below", blocks computer screens and demands payment of a 100 Euro fine using PaySafeCard or Ukash to unblock the PC. This is a scam. The message makes fake accusations of law infringements (viewing/storage and/or dissemination of child pornography/zoophilia/rape, downloading of pirated music, videos, warez, etc.) in order to scare unsuspecting PC users from Ireland into paying the bogus fine. Note that paying the fine when ordered by this message (screenshot below) is equivalent to sending your money to cyber criminals.

Garda virus

This message is a security infection called a ransomware virus. It blocks the computer screen and demands payment of a ransom in order to unblock it. This particular ransomware virus originates from a family called Urausy and targets PC users from Ireland. Cyber criminals responsible for developing this scam exploit the name of 'GARDA', "The Guardians of the Peace of Ireland" and "The National Crime Prevention Unit". PC users should be aware that these authorities do not use computer screen-blocking messages to collect fines for any law violations. In fact, no authorities, internationally, use such messages to collect fines for law infringements. If you observe this type of message on your screen, your PC is infected with a ransomware virus. Do not pay any fines. The correct way to deal with this message is to eliminate it from your computer.

Update 2015/02/05 - Cyber criminals have updated the design of GARDA ransomware virus:

ireland garda ransomware virus 2015

GARDA is just one legitimate authority whose name is exploited by cyber criminals to trick computer users into paying bogus fines. Cyber criminals responsible for creating ransomware from the Urausy family have created many localized variants of their fake screen-blocking messages. These ransomware infections are capable of determining the IP address of the computer targeted for infiltration, and thus, present their victims with localized versions of the deceptive message using the local language and authority names. For example, ransomware targeting PC users from the USA exploits the name of Mandiant U.S.A Cyber Security. If your computer is already infected with the GARDA "Your computer has been blocked" ransomware virus, use the removal guide provided to eliminate this scam from your PC.

A fake message presented by the GARDA "Your computer has been blocked" ransomware virus:

GARDA.
The Guardians of the Peace of Ireland.
The National Crime Prevention unit.
ATTENTION!
Your computer has been blocked up for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Ireland criminal law.

Article 161 of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Ireland criminal law.

Article 148 of Commonwealth of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorised access has been stolen to information of State importance and to data close for public Internet access.

Unauthorised access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of Commonwealth of Ireland criminal law ("Law on negligent reckless disregard of computers and computer aids").

Article 215 of Ireland criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to AUD $100,000 fine.

Further after information of your personal computer was examined, it was found that your personal computer has been regularly used for bulk-spamming either arranged by yourself purposely on mercenary motives, or with ought your knowledge and consent, provided your computer could have been affected my malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently you are suspected - until the investigation is held - of innocent infringement of Article 301 of Commonwealth of Ireland criminal law ("On bulk-spamming and malware (virus) dissemination").

Article 301 of Ireland criminal law provide for the punishment of deprivation of liberty for term from 5 years, and up to AUD $250,000 fine.

Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as for commission of crimes per above Articles. Criminal case can be submitted to court.

However, pursuant to Amendments to Commonwealth of Ireland criminal law dated july 10, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine of the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is 100 Euro. You can settle the fine with Ukash or PaySafeCard vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Please mind that you should enter only verified pass of vouchers and abstain from caching out of vouchers once used for the fine payment. If erroneous pass were entered, or if attempt was made to cancel vouchers after transaction then, apart from above breaches, you will be charged with fraud (Article 377 of Ireland criminal law, 1 to 3 years of imprisonment) and criminal case will be opened.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available.

Quick menu:

GARDA "Your computer has been blocked" ransomware virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the GARDA "Your computer has been blocked" ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the GARDA "Your computer has been blocked" ransomware virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the GARDA "Your computer has been blocked" ransomware virus.

Other tools known to remove the GARDA "Your computer has been blocked" ransomware virus:

2 Comments. Click to view

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
The National Crime Prevention Unit Ransomware QR code
Scan this QR code to have an easy access removal guide of The National Crime Prevention Unit Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available.