An Garda Siochana – Ukash Virus

Threat Summary

Threat Name:An Garda Siochana
Brief Description:This type of malware locks the computer or desktop making it unusable.
Detected as:Trojan.Ransomlock.X


If you are seeing An Garda Siochana Ireland’s National Police Service on your computer screen, it signifies that you are infected with a ransom program. This type of malware is created to hostage the PC. It will lock everything and leave you with modified wallpaper that contains notices and warnings. It states that your computer has participated in online illegal acts like viewing and storing pirated copies of programs. It will have the following messages:

Your computer is locked
Your computer has been locked by the automated information control system (AICS)
What is the reason?
This could be due to one of the following reasons:
1. Your computer has been used to view banned Web sites
2. Your computer has been used to view Web sites containing child pornography
3. Your computer has been used to illicit information exchange
4. Your computer has been used for storing / viewing pirated content…
Unlock computer via Ukash

To be able to unlock the computer, this ransom program will demand for payment. It will ask you to pay for certain amount via Ukash online payment. With Ukash flexible and world-wide availability, makers of ransom viruses considers it as the best payment method for this illicit act.

There is one way to remove An Garda Siochana – Ukash Virus. All you need to do is scan the system by booting with other devices. Thus, the threat may not load into memory and prevents the removal process. Follow the guide on this page to get rid of this corrupt software.

What are the Symptoms of An Garda Siochana Infection?

An Garda Siochana will lock the PC, denying user’s access to Windows and all programs. It will replace the desktop with a ransom messages as show in the image below.

An Garda Siochana

Update: October 13, 2012
There is a new version of An Garda Siochana. Everything remains the same; except for the new look that bears the colored logo of An Garda Siochana Ireland’s National Police Service. Please refer to the image below.

An Garda Siochana October 2012 Update

Update: December 2012
Antivirus company TrendMicro first discovered newest version of An Garda Siochana Ireland’s National Police Service. There are some changes on the display message. Overall layout is similar to its other variants. Please refer to image below.

An Garda Siochana

Procedures to Remove An Garda Siochana

Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.

Create a USB Bootable Device

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains An Garda Siochana remover.

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove An Garda Siochana

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing An Garda Siochana, you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

4 thoughts on “An Garda Siochana – Ukash Virus

  1. Johnpaul.hayden says:

    hi I have a problem with my laptop. I have the Kaspersky Rescue2Usb to unlock my laptop.. I have downloaded it onto my Wife laptop and trying to move the software to my other laptop. but when i put them into winrar files its has changed to the files that are needed to convert to a usb stick.. but the files are saying remove the write protection are use another disk but my usb is empy with nothing on it… so can you help me many thanks

  2. aaron power says:

    it has been updated again it looks alot more believable but i searched it and realised it was fake email me if you want me to post a picture of this new one.

  3. greg says:

    Hello, I’ve been trying to download rescue2usb file from kaspersky website and there is no file
    Available for download. Is there an alternative file I could use ?
    Thanks Greg

  4. crazy ken says:

    Another option is to open in Safe mode with Command prompt (F8 at startup) and use the restore feature. This will return your PC registry Settings (not files or valuable stuff) to a state before it got infected. you will be given plenty of dates were a snapshot of your settings was taken choose one as close to the infected time as possible. At the command prompt, Windows Vista and 7 users will type cd restore, and then press ENTER.
    Next,we will type rstrui.exe , and then press ENTER.
    Windows XP users will need to type C:\windows\system32\restore\rstrui.exe and then press ENTER.
    Once you have restored to a previous version don’t leave it and assume all is well…. immediately install a spyware program like “Spyhunter” download trial version for free to get it and zap that mother **** from your system as the offending files are still on your PC until you do.. Good luck and this Virus is not the end of the world as it may seem it at this time it is just stubborn to remove but this method DOES work.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>