Ice Cyber Crime Center Virus Interface



The Ice Cyber Crime Center virus is a screen locker that is associated with the Reveton Ransomware family. Once it has compromised a computer, it displays a lock screen that states "You Computer Has Been Blocked". And that "An attempt to unlock the computer by yourself will lead to the full formatting of the operating system". And just like other screen lockers it mentions that you must pay a fine of $300.00 within 48 hours to regain control of the computer that it has locked down. The Ice Cyber Crime Center ransomware may also attempt to capture a photo of you by utilizing any installed webcams. It will display the captured photo on the locked computer screen along with the various threats of your prosecution in the hopes of scaring you into paying the bogus $300.00 fine through MoneyPak.



The lock screen text of the Ice Cyber Crime Center Ransomware Includes:

________________________________________________________________________

ICE

The ICE Cyber Crime Center

Your computer has been blocked

The work of your computer has been suspended on the grounds of unauthorized cyber activity.


Possible violations are described below:

Article -174. Copyright

Imprisonment for the term of up to 2-5 years

(The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 USD


Article - 183. Pornography

Imprisonment for the term of up to 2-3 years

(The use of distribution of pornographic files). A fine from 18,000 up to 25,000 USD


Article - 184. Pornography involving children (under 18 years)

Imprisonment for the term of up to 10-15 years

(The use or distribution of pornographic files). A fine from 20,000 up to 40,000 USD


Article - 104. Promoting Terrorism

Imprisonment for the term of up to 25 years without appeal

(Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 USD


Article - 68. The distribution of virus programs

Imprisonment for the term of up to 2 years

(The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 to 28,000 USD


To unlock your computer and to avoid other legal consequences you are obligated to pay a release fee of $300 USD.


An attempt to unlock this computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.

_______________________________________________________________________

It's all fake, so ignore it.


To remove this ransomware screenlocker, you'll need to download a few utilities onto a clean computer and then transfer them to the computer that has been compromised by the Ice Cyber Crime Center virus. And those utilities include:




How to remove the Ice Cyber Crime Center virus technique #1


  1. First, start the infected system into "Safe Mode with Command Prompt", by pressing the Function F8 key at system start up, before the "Windows Logo' appears.













  1. At the login screen, select an account with administrative rights.


  1. Once you're at the desktop the command prompt should appear. And at the command prompt you'll need to navigate to the external drive where you have the copied utilities that you downloaded from the clean system and then transferred to the compromised system. If you burned the files to a cd/dvd, the drive letter will most likely be either "D" or "E". So at the prompt you would type "D:" or "E:". If you're using a flash drive instead of a cd the drive letter could be farther down the alphabet. You may have to try a few drive letters before you locate the  right one. "If you receive an error after typing the drive letter, it's probably the wrong drive letter, so you'll need to keep trying.

















  1. Next start the copy of "rKill" by typing "rkill.exe" at the command prompt. It will terminate any malicious processes that it finds loaded in your system's memory. It will also cleanup various malicious registry modifications that the ransomware may have made to your computer's configuration files.















  1. After "rKill" has completed, start the "Windows Explorer" by typing "explorer" at the command prompt.
  2. The desktop should appear without the ransomware lock. You'll be able to use point and click from this point.
  3. Turn off any previously installed anti-virus utilities and then start the copy of "Combofix" from the external drive. If necessary, copy Combofix from the external drive to your desktop to make the process easier.
  4. Combofix will take 15 minutes or more to complete it's scan and removal procedure. It just depends on the amount of infected files that your computer has and the computer's hardware.
  5. After Combofix has completed, start the copy of "Emsisoft Emergency Kit". Decompress it to an easily accessed directory. And once it has been decompressed, start it by double clicking on "Start.exe"
  6. After the emergency kit has started, perform a full system scan and then remove any malicious files that it finds.




































Afterwards, reboot the computer normally and check for any indications of the screen locker. You should be clear of the virus at this point, but if it stills appears, try the technique listed below to remedy your infection.





Ice Cyber Crime Center virus removal technique #2


  1. If the above approach failed to remove the screen locker, restart the computer into "Safe Mode with Command Prompt"













  1. Log into an account with administrative rights
  2. Once the command prompt appears, type "rstrui.exe" at the prompt.















  1. System Restore should start. And when it does, follow the prompts and restore the system to a point before the Ice Cyber Crime Center virus compromised your computer.
  2. Once the computer has been restored successfully, execute the copy of "rkill" from the external drive.
  3. Once "rkill" completes, download a copy of "Malwarebytes".
  4. Update Malwarebytes and perform a complete system scan. Remove any malicious files and entries that it locates.























  1. After Malwarebytes completes, reboot your computer.


At this point your computer should be clean, but if it isn't you'll probably need to contact a professional virus removal specialist to resolve your computer virus issue.








Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.


malwarebytes interface

©Smithtechres.com 2013 All Rights Reserved. Website Privacy Policy. Site Map

Windows 7 advanced options menu Windows command prompt navigation example Command prompt application execution command example Emsisoft emergency kit interface Emsisoft emergency kit scan options screen Windows 7 advanced options menu Windows 7 command prompt system restore execution command
Share on Twitter Share on Stumble Upon Share on Digg Share on Delicious


Providing cost-effective local computer repair and network support in the middle Tennessee area

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries

Related Tutorials That May Be Of Interest To You

  1. FBI MoneyPak Virus Removal Tutorial
  2. Mandiant USA Cyber Security Ransomware Removal Tutorial

The FBI and Mandiant Logos are the property of their respective organizations.

Mandiant Logo FBI Logo