Wednesday 14 April 2010

Remove "Copyright Violation: Copyrighted Content Detected" fake warning (Uninstall guide)

Fake warning "Copyright Violation: Copyrighted Content Detected" is a part of ransomware infection that attempts to convince you to pay a fee for allegedly found copyrighted material on your computer. Actually it's a Trojan horse Trojan.Fakecopyright [Symantec]. Once this Trojan is installed, it will scan your computer for .torrent files and then will display fake Copyright Violation alert window stating that copyrighted material have been found and that you should pay a fee ($399.85) or they will pass your case to the courts where you will be tried by a judge. That's ridiculous, you shouldn't trust it. This is yet another scam. If you find that your computer is infected with I-Q Manager Antipiracy foundation (Copyright Violation: Copyrighted Content Detected) ransomware please follow the removal instructions below to remove it from your PC as soon as possible.




(Video by rogueamp)

"Copyright violation alert
Copyright violation: copyrighted content detected
Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. Please read the following bulletin and try solving the problem in one of the recommended ways."



If you select the "Pass the case to court", or "Settle case in pre-trial order", the threat will attempt to display a web page that contains an online order form for the amount of $399.85.



The biggest problem is that this threat then may lock the compromised computer until the user enters a correct license number for the program. Thankfully, S!Ri posted a registration code which should unlock your computer: RFHM2-TPX47-YD6RT-H4KDM. (I haven't tested it, so I don't know for sure)

The home page of the bogus ICPP Foundation is icpp-online.com (193.33.114.77). You should add it and add icpp-online.com to the list of blocked web sites. Also note that this fake Copyright Violation alert has been localized to the following languages: Czech, Danish, Dutch, English, French, German, Italian, Portuguese, Slovak and Spanish.


"Copyright Violation: Copyrighted Content Detected" or I-Q Manager alert removal instructions:

1. Click Start -> Control Panel
2. When in the Control Panel, double-click on one of the options below depending on your version of Windows
a) Add or Remove Programs icon (for Windows XP users)
b) Uninstall Program (for Windows Vista and Windows 7 users)
3. The Add or Remove Programs (Windows XP) or the Uninstall Program (Windows Vista & 7) screen will be displayed. Scroll through the list of programs and look for entries with I-Q Manager, uninstall them. You are done, close the Control Panel screen.
NOTE: If the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the program.

Your computer should now be free of the I-Q Manager or Copyright Violation: Copyrighted Content Detected malware. However, if it's still on your computer then complete these additional steps:

1. Click Start -> Run.
2. Input: regedit. Then click OK.
3. Navigate to and delete the following registry entries and subkeys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"iqmanager.exe" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
4. Exit the Registry Editor.
5. Download one of the following anti-malware programs (all programs are free):
6. Install selected anti-malware program, update it and run a full system scan.


I-Q Manager or Copyright violation alert files and registry values:

Files:
  • %UserProfile%\Application Data\IQManager
  • %UserProfile%\Application Data\IQManager\iqmanager.exe
  • %UserProfile%\Application Data\IQManager\settings.ini
  • %UserProfile%\Application Data\IQManager\torrents
  • %UserProfile%\Application Data\IQManager\languages
Registry:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "iqmanager.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
Share this information with other people:

No comments:

Post a Comment