Sunday, July 7, 2013

ICE Cyber Crime Center Removal Guide (Your computer has been blocked)

ICE (The ICE Cyber Crime Center) Description

ICE (The ICE Cyber Crime Center) is a ransomware program that provides a locked screen and displays massage requiring $300 within 48 hours in order to unlocked the screen. The warnings are appearing below:

The ICE Cyber Crime Center
Your computer has been blocked
The work of your computer has been suspended on the grounds of unauthorized cyber activity.

Possible violations are described below:
Article -174. CopyrightImprisonment for the term of up to 2-5 years(The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 USD
Article - 183. PornographyImprisonment for the term of up to 2-3 years(The use of distribution of pornographic files). A fine from 18,000 up to 25,000 USD
Article - 184. Pornography involving children (under 18 years)Imprisonment for the term of up to 10-15 years(The use or distribution of pornographic files). A fine from 20,000 up to 40,000 USD
Article - 104. Promoting TerrorismImprisonment for the term of up to 25 years without appeal(Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 USD
Article - 68. The distribution of virus programsImprisonment for the term of up to 2 years(The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 to 28,000 USD.To unlock your computer and to avoid other legal consequences you are obligated to pay a release fee of $300 USD.
An attempt to unlock this computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.

Similar to US Homeland Security Cyber virus, ICE (The ICE Cyber Crime Center) pretends to be sent from the Department of United Sate and it detected that your online activities have violated the copyrighted law by the use of pornographic files or the visits of unlicensed websites. Thought this, $300 USD fines are required to unlock your files, videos, photos, documents on your computer or the important contents would be deleted. Actuality ICE (The ICE Cyber Crime Center) is another scam and it would attempt to take a photo of yours to scare you into transferring the money via Greendot MoneyPak prepayment system, which makes its job look reliable. The possible privacy exploitation may lead to the  unexpected money lose and data expose, which would be utilized for cyber criminal.

ICE is a defined as a malware program that protects you from accessing your computer and keep telling “ your computer has been blocked”. Besides, ICE aims to attack computer users located in the United State, pretending to lock the computer IP address. Moreover, ICE (The ICE Cyber Crime Center) can’t seem to be removed by any security tools. The main tray is that computer owners need to recognize it a trick and follow the removal guide to completely eradicate ICE scam.

Tips: This is a self-help guide. Use at your own risk. If you are not sure how to operate, asking help from MiTechMate Technical Lab is a good choice for you.

Step one: Restart your infected PC and get into Safe Mode with Networking by keep tapping F8 before windows lanches, highlight “ Safe Mode with Networking” and press Enter Button.

Step two: Show all hidden files
1. Close all programs so that you are at your desktop.
2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
3. Click on the Control Panel menu option.
4. When the control panel opens click on the Appearance and Personalization link.
5. Under the Folder Options category, click on Show Hidden Files or Folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files, folders, or drives.
7. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files (Recommended).
9. Press the Apply button and then the OK button.

Step three: Locate all files that associated to ICE malware
%LocalAppData%\KB8456137\ICE Cyber Crime Center.exe
%AppData%\<random characters>
%CommonAppData%\<random characters>

Step four: Open Registry Editor by input “regidit” on the “run” option and get rid of all registries listed below:
HKEY_CLASSES_ROOT\CLSID\{28949824-6737-0594-0930-223283753445}\InProcServer32 "(Default)" = "<malware path>\<random>.dll"
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 "(Default)" = "<malware path>\<random>.dll"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{290C752D-B6BD-4E0E-BD87-59CFF24BC89F}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}

Conclusion: This article provides the step-by-step to unlock your screen from ICE (The ICE Cyber Crime Center). If the same problem still happens after you have done with the above steps, that means ICE malware may mutate. Please contact MiTechMate Service Center here to help fix the issue immediately. MiTechMate stuff deal with the same problem everyday, we have experts here knowing well how to remove ICE that generated from different states.