Arma dei Carabinieri Virus is one more ransomware program that blocks random systems and tries to get money from their users by accusing them of violating some law. This time the program attacks computers in Italy. Arma dei Carabinieri is in fact the national military police of Italy, so using this name makes users trust this scam. In fact it has nothing to do with any Italian institution.
The program is installed to random systems with a help of Trojan viruses. You will not be able to detect it. The first time you face Arma dei Carabinieri Virus is when it blocks your system and all programs that you have on your computer. Basically, it will completely lock your PC and display a message in Italian. Here is a part of it:
ATTENZIONE! Il Suo computer personale è stato bloccato per motive di sicurezza per le seguenti ragioni.
La multa deve essere pagata da Lei entro 48 ore dopo la violazione. Una volt ache le 48 ore sono trascorse, per ulterior 48 ore saranno raccolte automaticamente le informazioni complete su di Lei, e Lei te sará perseguito.
La dimensione della Sua multa è 100€. La multa si può pagare con l’aiuto dei voucher PaySafeCard oppure Ukash.
The message by Arma dei Carabinieri Virus warns that your computer is on a list of systems that have been noticed to use and store copyrighted content. It claims that this is an illegal activity and even presents with the laws which explain what kind of violation is that and what you can expect to happen. Finally it tells you to pay 100 euros fine if you want to solve the problem quickly and get your system unblocked.
Many users agree to pay this fine, just to avoid further problems with police. However, there is no point in paying anything as Arma dei Carabinieri Virus displays a bogus message which is only a part of a huge scam. Do not fall for this malicious program under any circumstances. You should remove Arma dei Carabinieri Virus immediately after detecting it.
If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Arma dei Carabinieri Virus but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Arma dei Carabinieri Virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Arma dei Carabinieri Virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of Arma dei Carabinieri Virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. Arma dei Carabinieri Virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Arma dei Carabinieri Virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Automatic Malware removal tools