This infection is classified as a Trojan:Win32/LockScreen.CI. Ransomware applications from the LockScreen family have been targeting European internet users recently. However, the malicious code can be easily changed to target users in United States, Canada or any other country/region. Ransomware's characteristics change slightly depending on the IP address of the infected computer.
Currently, there are numerous reported infections in Austria, Belgium, Switzerland, Germany, Spain, France, Greece, Italy, Finland, Nederland, Poland, Portugal and Sweden. It's rather surprising that they decided to skip UK and U.S., at least for now. Usually, these countries are the prime targets.
When the International Police Association (I.P.A.) virus has infected your computer, it simply prevents you from accessing The Desktop and displays a fake warning claiming that the system was locked by I.P.A because you were watching and/or distributing illegal content.
Usually, cyber criminals include some scary text about child pornography and copyrighted files. We have to admit that the fake warning is incredibly realistic. We've talked with some people about similar infections and they all admitted that they were scared to death when they saw these police warnings. Few of them even paid 'fines', usually $50 or $100.
Although, there are really nasty and sophisticated ransomware applications out there, International Police Association virus is not one of them, thankfully. It doesn't encrypt files and it doesn't make complex system modifications. The scheme is very simple: once the Trojan is executed, it determines your IP address, changes numerous system settings, creates a full screen window, loads fake warning text and then downloads all the necessary graphics from remote server. For example, if you live in Spain, this virus will load Spanish warning text and download Spain flag from a remote server. And that's it.
Most of the time, victims are urged to pay a 'fine' using a UKash voucher. Surprisingly, you can choose how much you are willing to pay; it's either 50 or 100 euros. That's kind of weird. However, this is a scam. Do not transfer any money or purchase vouchers. Please also note that UKash is a legitimate firm and is not involved in this International Police Association ransomware scam.
International Police Association (I.P.A.) virus warning in different countries:
Ihr Computer wurde gesperrt
Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
Votre ordinateur est bloqué
Votre ordinateur a été bloqué par le système de contrôle automatique informationnel
El ordenador suyo esta bloqueado
El ordenador suyo fue bloqueado por el sistema del control informativo automatizado
O υπολογιστής σας έχει μπλοκαριστεί
.
.
.
Il suo computer è stato bloccato
il suo computer è stato bloccato da sistema di controllo d'informazione automatico
Tietokoneenne lukkiutui
Uw computer is geblokkeerd
Uw computer is geblokkeerd door het systeem van een automatische informatiecontrole
Ten komputer został zablokowany
Ten komputer został zablokowany przez system automatycznej kontroli informacyjnej
O seu computador foi bloqueado
O seu computador foi bloqueado pelo sistema do controlo automatico de informação
Datorn har blockerats
Datorn har blockerats av ett system för avtomatisk information kontroll
If you have ever tried to get rid of ransomware you may have thought its darn near impossible. The good news is that International Police Association (I.P.A.) virus isn't very aggressive unless it comes bundled with other malware. Most of the time, this ransowmare allows victims to reboot their PCs in Safe Mode with Networking and download anti-malware software. Anti-malware software removes the virus and you can happily user your computer once again. But if you were 'lucky' enough to get modified version of this ransomware then it's definitely a nuisance. In such case, you will have to use Kaspersky Rescue CD or any other Live CD to remove International Police Association virus from your computer. Both removal methods are described in details below. So, fist of all, try to reboot your computer in Safe Mod and if it doesn't work then follow the alternate removal guide.
If you have any questions are need extra help removing this ransomware from your computer, please leave comments below. Good luck!
Source: http://deletemalware.blogspot.com
Quick 'International Police Association' Ransomware removal instructions (System Restore, may not work for all users):
1. Reboot your computer in Safe Mode with Command Prompt. As the computer is booting tap the F8 key continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to Safe Mode with Command Promptand press Enter key.
2. Make sure you log in to an account with administrative privileges (login as admin).
3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 5 seconds, the 'International Police Association' ransomware will take over and will not let you type anymore.
4. If you managed to bring up Windows Explorer you can now browse into:
- Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
- Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter
6. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the remnants of International Police Association (I.P.A.) virus and to protect your computer against these types of threats in the future.
International Police Association Ransomware removal using Kaspersky Rescue Disk:
1. Download the Kaspersky Rescue Disk iso image from the Kaspersky Lab server. (Direct download link)
Please note that this is a large downloaded, so please be patient while it downloads.
2. Record the Kaspersky Rescue Disk iso image to a CD/DVD. You can use any CD/DVD record software you like. If you don't have any, please download and install ImgBurn. Small download, great software. You won't regret it, we promise.
For demonstration purposes we will use ImgBurn.
So, open up ImgBurn and choose Write image file to disc.
Click on the small Browse for file icon as show in the image. Browse into your download folder and select kav_rescue_10.iso as your source file.
OK, so know we are ready to burn the .iso file. Simply click the Write image file to disc button below and after a few minutes you will have a bootable Kaspersky Rescue Disk 10.
3. Configure your computer to boot from CD/DVD. Use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.
The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:
- Ctrl+Esc
- Ctrl+Ins
- Ctrl+Alt
- Ctrl+Alt+Esc
- Ctrl+Alt+Enter
- Ctrl+Alt+Del
- Ctrl+Alt+Ins
- Ctrl+Alt+S
If you can't enter Boot Menu directly then simply use Delete key to enter BIOS menu. Select Boot from the main BIOS menu and then select Boot Device Priority.
Set CD/DVD-ROM as your 1st Boot Device. Save changes and exist BIOS menu.
4. Let's boot your computer from Kaspersky Rescue Disk.
Restart your computer. After restart, a message will appear on the screen: Press any key to enter the menu. So, press Enter or any other key to load the Kaspersky Rescue Disk.
5. Select your language and press Enter to continue.
6. Press 1 to accept the End User License Agreement.
7. Select Kaspersky Rescue Disk. Graphic Mode as your startup method. Press Enter. Once the actions described above have been performed, the operating system starts.
8. Click on the Start button located in the left bottom corner of the screen. Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by International Police Association (I.P.A.) Virus. It won't take very long.
9. Click on the Start button once again and fire up the Kaspersky Rescue Disk utility. First, select My Update Center tab and press Start update to get the latest malware definitions. Don't worry if you can't download the updates. Just proceed to the next step.
10. Select Object Scan tab. Place a check mark next to your local drive C:\. If you have two or more local drives make sure to check those as well. Then click Start Objects Scan to scan your computer for malicious software.
11. Quarantine (recommended) or delete every piece of malicious code detected during the system scan.
12. You can now close the Kaspersky Rescue Disk utility. Click on the Start button and select Restart computer.
13. Please restart your computer into the normal Windows mode. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the remnants of International Police Association (I.P.A.) virus and to protect your computer against these types of threats in the future.
For for information about ransomware threats and possible removal methods, please read the general ransomware removal guide.
Tell your friends:
No comments:
Post a Comment