ACCDFISA Protection Program Ransomware
ACCDFISA Protection Program is a fake application that pretends to be a notice and threat from legal authorities that have found your computer to be engaged in pornography-related crimes. However, as a standard ransomware Trojan, ACCDFISA Protection Program isn't from any sort of real legal institution and isn't able to carry out its threats of encrypting or deleting your files. Since ACCDFISA Protection Program will block your ability to access all programs, including anti-malware scanners that could remove ACCDFISA Protection Program, SpywareRemove.com malware researchers recommend that you delete ACCDFISA Protection Program by using Safe Mode, a USB drive-based boot or a secondary OS to access your operating system while ACCDFISA Protection Program is disabled. Above all else, you should never waste money on ACCDFISA Protection Program's ransom, which is unnecessary for restoring your PC to its original state of well-being.
ACCDFISA Protection Program – a Supposed Spy on Unreal Crimes
ACCDFISA Protection Program is a ransomware Trojan that's installed without your consent and locks up Windows as soon as your PC boots. Once loaded, ACCDFISA Protection Program will display a generic warning message that includes accusations of child pornography, threats of AES file encryption and even threats to delete your files and entire operating system. Although the ACCDFISA Protection Program claims that you can avert these disastrous consequences by paying into its Ukash, Paysafecard or MoneyPak-based payment options, SpywareRemove.com malware experts recommend that you save your money for better things than ACCDFISA Protection Program's ransom attempt. ACCDFISA Protection Program isn't able to carry out any of its threats, and there's no need to spend money on its ransom to remove ACCDFISA Protection Program from your PC.
ACCDFISA Protection Program's warning message is readily identified by the following text, which is reminiscent of other Ukash Virus-style ransomware Trojans (such as the Scotlands Yards Ukash Virus, the Strathclyde Police Ukash Virus, Police Central e-crime Unit (PCEU) ransomware, Gendarmerie Nationale Ransomware, Fake Federal German Police (BKA) notice variante and the ' I Suoi Archivi Sono Stati Cifrati' Trojan):
Warning! Access to your computer is limited.
WHY?
From your computer was detected mailing (spam) advertises illegal sites with child pornography, which contradicts law and harm other network users.
Probably your computer has been infected and as a result our service blocked access to your computer, including a fully networked access (except for our staff).
Excising ACCDFISA Protection Program and Its Cheap Ransom Attempt from Your PC
While it's active, ACCDFISA Protection Program will prevent you from using other applications, and SpywareRemove.com malware researchers stress the necessity of disabling ACCDFISA Protection Program before you'll be able to scan your PC and delete ACCDFISA Protection Program appropriately. Common methods of doing this include, but aren't limited to:
- Using Safe Mode, a Windows feature that can be accessed from the boot menu by pressing F8 during a reboot (but before Windows begins to load).
- Installing a secondary operating system on a USB thumb drive or other portable device and booting your PC from that device.
- Switching to a second operating system that's already installed on your computer.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%System%\tracerpts.exe
File name: %System%\tracerpts.exeFile type: Executable File
Mime Type: unknown/exe
%System%\ucsvcsh.exe
File name: %System%\ucsvcsh.exeFile type: Executable File
Mime Type: unknown/exe
%System%\csrsstub.exe
File name: %System%\csrsstub.exeFile type: Executable File
Mime Type: unknown/exe
%System%\dcomcnfgui.exe
File name: %System%\dcomcnfgui.exeFile type: Executable File
Mime Type: unknown/exe
%System%\tcpsvcss.exe
File name: %System%\tcpsvcss.exeFile type: Executable File
Mime Type: unknown/exe
%System%\wcmtstcsys.sss
File name: %System%\wcmtstcsys.sssMime Type: unknown/sss
C:\ProgramData\local\undxkpwvlk.dll
File name: C:\ProgramData\local\undxkpwvlk.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\ProgramData\local\vpkswnhisp.dll
File name: C:\ProgramData\local\vpkswnhisp.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\how to decrypt aes files.lnk
File name: C:\how to decrypt aes files.lnkFile type: Shortcut
Mime Type: unknown/lnk
C:\ProgramData\local\aescrypter.exe
File name: C:\ProgramData\local\aescrypter.exeFile type: Executable File
Mime Type: unknown/exe
C:\ProgramData\local\crdfoftrs.dll
File name: C:\ProgramData\local\crdfoftrs.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\ProgramData\local\svchost.exe
File name: C:\ProgramData\local\svchost.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\ucsvcsh.exe
File name: C:\Windows\SysWOW64\ucsvcsh.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\wcmtstcsys.sss
File name: C:\Windows\SysWOW64\wcmtstcsys.sssMime Type: unknown/sss
C:\decrypt\decrypt.exe
File name: C:\decrypt\decrypt.exeFile type: Executable File
Mime Type: unknown/exe
C:\Decrypt\Decrypt.exe
File name: C:\Decrypt\Decrypt.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\csrsstub.exe
File name: C:\Windows\SysWOW64\csrsstub.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\dcomcnfgui.exe
File name: C:\Windows\SysWOW64\dcomcnfgui.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\tcpsvcss.exe
File name: C:\Windows\SysWOW64\tcpsvcss.exeFile type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\tracerpts.exe
File name: C:\Windows\SysWOW64\tracerpts.exeFile type: Executable File
Mime Type: unknown/exe
C:\Users\<username>\Desktop\how to decrypt aes files.lnk
File name: C:\Users\<username>\Desktop\how to decrypt aes files.lnkFile type: Shortcut
Mime Type: unknown/lnk
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "svchost"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiServiceSysHostHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofms
Additional Information
# | Message |
---|---|
1 | "ACCDFISA Protection program Warning! Access to your computer is limited. |
2 | After that our experts withing 1-3 hours will do audit and clean up your computer from viruses sending out spam and send out you sms on the cell phone or email (from which you sent card code and your reference number) control code (which unlock your PC) that must be enter here." |
3 | As the virus sends the illegal spam mail is very dangerous and modifies itself every 48 hours, including removing our program protection, you have 48 hours, otherwise we will remove all protection program data including the operating system and all your files without possibility of recovery. |
4 | Probably your computer has been infected and as a result our service locked access to your computer, including a fully networked access (except for our staff). |
5 | To find Paysafecard location stores near you visit www.paysafecard.com or Ukash at ukash.com |
6 | To solve this problem you need to buy and send sms with MoneyPak or Paysafecard or Ukash code (100$ or 100E) and your Reference Number: 471951751100 to the special service phone number: +18722161445 or email: antispam@cyberservices.com) |
7 | WHY? From your computer was detected mailing (spam) advertises illegal sites with child pornography, which contradicts law and harm other networking users. |
8 | You can buy MoeyPak card at the nearest stores: Walgreens, Walmart, CVS/pharmacy, Kmart, SevenEleven, Rite Aid or go to www.moneypak.com to find location stores near you. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.