ICE Cyber Crimes Center Ransomware
Posted: February 18, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 3,249 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 14,664 |
| First Seen: | February 19, 2013 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
ICE Cyber Crimes Center Ransomware is an e-mail-promoted ransomware that attacks your PC with fake legal alerts and blocks other applications as a way to force you to pay a fraudulent legal fee. While ICE Cyber Crimes Center Ransomware's pop-up claims that ICE Cyber Crimes Center Ransomware is affiliated with the Immigration and Customs Enforcement’s Cyber Crimes Center, ICE has repudiated this claim and recommends that you contact the police after suffering any ICE Cyber Crimes Center Ransomware attack. As far as removing ICE Cyber Crimes Center Ransomware from your PC goes, SpywareRemove.com malware researchers recommend a money-free combination of solid anti-malware software and reliable security techniques (such as booting your PC into Safe Mode).
ICE Cyber Crimes Center Ransomware: a Winter of Personal Computer-Based Discontent
ICE Cyber Crimes Center Ransomware is distributed through spam e-mail attacks that appear to be selected semi-random targets (rather than targeting specific companies or other organizations). Although ICE Cyber Crimes Center Ransomware isn't attached to the e-mail itself, links that are included in the body of the e-mail will redirect victims to a web page that hosts a drive-by-download attack. Since ICE Cyber Crimes Center Ransomware and similar PC threats are able to use such exploits to be installed without your consent, SpywareRemove.com malware research team recommends that you use strong browser security settings and avoid unusual links to evade such browser-based exploits.
When ICE Cyber Crimes Center Ransomware is installed, ICE Cyber Crimes Center Ransomware generates a fake pop-up warning that claims to be from the ICE3 and threatens you about such common Internet-based misbehavior as looking at illegal pornography or downloading copyright-protected files. Typical to some types of previous ransomware Trojans that were analyzed by SpywareRemove.com malware experts, ICE Cyber Crimes Center Ransomware also displays your webcam footage as a fake 'police surveillance' window.
All of these trappings only nudge ICE Cyber Crimes Center Ransomware's victims towards paying its fake legal fine, but paying this fine will not stop ICE Cyber Crimes Center Ransomware's attacks. Perhaps more importantly, giving in to ICE Cyber Crimes Center Ransomware's ransom is (from a legal standpoint) unnecessary - ICE Cyber Crimes Center Ransomware cannot contact the police even if you have committed the crimes that ICE Cyber Crimes Center Ransomware says you have.
Thawing Your Way Out of ICE Cyber Crimes Center Ransomware's Desktop Freeze
ICE Cyber Crimes Center Ransomware can be removed through the same methods that work on any ransomware Trojan – particularly similar PC threats like 'Your computer has been blocked by the United States Department of Justice' Ransomware, 'Metropolitan Police Total Policing' Ransomware, the Politia Romana Virus, the Turk Polisi Virus, Polizia Slovena Ransomware and the Polizia Di Stato Virus. Because ICE Cyber Crimes Center Ransomware will prevent you from using other programs while ICE Cyber Crimes Center Ransomware is open, SpywareRemove.com malware experts recommend that you try to close ICE Cyber Crimes Center Ransomware before anything else.
You can dodge ICE Cyber Crimes Center Ransomware's startup exploits by booting your PC into Safe Mode or by booting from a clean OS that's loaded via a peripheral hard drive-based device. After being prevented from starting, ICE Cyber Crimes Center Ransomware should be unable to resist being removed by appropriate anti-malware utilities. Because ICE Cyber Crimes Center Ransomware may name its files to resemble system components or use other methods for hiding itself, SpywareRemove.com malware researchers generally don't recommend that you try to remove ICE Cyber Crimes Center Ransomware without any software-based assistance.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:[PATH OF MALWARE]\[RANDOM].exe
File name: [PATH OF MALWARE]\[RANDOM].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
[PATH OF MALWARE]\[RANDOM].dll
File name: [PATH OF MALWARE]\[RANDOM].dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\[RANDOM CHARACTERS]
File name: %AppData%\[RANDOM CHARACTERS]Group: Malware file
%LocalAppData%\[RANDOM CHARACTERS]
File name: %LocalAppData%\[RANDOM CHARACTERS]Group: Malware file
%CommonAppData%\[RANDOM CHARACTERS]
File name: %CommonAppData%\[RANDOM CHARACTERS]Group: Malware file
%UserProfile%\Templates\[RANDOM CHARACTERS]
File name: %UserProfile%\Templates\[RANDOM CHARACTERS]Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Command Processor "AutoRun" = "[PATH OF MALWARE]\[RANDOM].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "cmd.exe"HKEY_CLASSES_ROOT\CLSID\{28949824-6737-0594-0930-223283753445}\InProcServer32 "(Default)" = "[PATH OF MALWARE]\[RANDOM].dll"HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 "(Default)" = "[PATH OF MALWARE]\[RANDOM].dll"HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{28949824-6737-0594-0930-223283753445}HKEY_CLASSES_ROOT\CLSID\{28949824-6737-0594-0930-223283753445}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe" = "[PATH OF MALWARE]\[RANDOM].exe"
Additional Information
| # | Message |
|---|---|
| 1 | ICE The ICE Cyber Crime Center Your computer has been blocked The work of your computer has been suspended on the grounds of unauthorized cyber activity. Possible violations are described below: Article -174. Copyright Imprisonment for the term of up to 2-5 years (The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 USD Article - 183. Pornography Imprisonment for the term of up to 2-3 years (The use of distribution of pornographic files). A fine from 18,000 up to 25,000 USD Article - 184. Pornography involving children (under 18 years) Imprisonment for the term of up to 10-15 years (The use or distribution of pornographic files). A fine from 20,000 up to 40,000 USD Article - 104. Promoting Terrorism Imprisonment for the term of up to 25 years without appeal (Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 USD Article - 68. The distribution of virus programs Imprisonment for the term of up to 2 years (The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 to 28,000 USD To unlock your computer and to avoid other legal consequences you are obligated to pay a release fee of $300 USD. An attempt to unlock this computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted. |
| 2 | The ICE Cyber Crimes Center The common law is the will of Mankind issueing from the life of the people Your computer has been blocked The Work of your computer has been suspended on the grounds of the violation of the law of the United States of America Possible violations are described below: Article – 184. Pornography involving children (under 18 years) Imprisonment of the term of up to 10-15 years (The use or distribution of pornographic files) |
Read it, liked it, thank you for it
I'm having an issue with this ransomware. I'm running an HP Pavilion dv6000 with Windows 7. I have three user accounts but only one with administrative permissions. This is also the one that the virus screen pops up on, and I can't get anything else to come up. So I try to boot in safe mode with networking, and my system doesn't give me that option, so installing anything on this system seems to be impossible. Is there any alternative way to boot in safe mode? Anything else I might be able to try? I'm pretty good with computers, both hardware and software, but this has gotten me frustrated at every opportunity! I can't even get the Linux Ubuntu disk I made to start at boot! I am ready to format the drive completely and start from scratch!
I had this problem with this kind of virus in Romania, with a adapted version, translated in romanian, the only thing that I could do was to formatt my hard drive!
Get on another computer and download and burn Hirens cd. to a disk. If you use a usb flash you will have to do some more steps to get in on the flash drive. When you boot (F10 at start up.)into the cd run Mini XP which will give you a windows type screen. you see a HMB icon in the task bar click on this and run antivirus choice click on malwarebytes and when it loads do a update and run it when done. Close out like you do windows. Reboot back into your system as usual then search your hard drive for a file with a CPP extension. (EXAMPLE:2jcder.CPP)write down it's name Delete it! Then reverse it and look for an ini. file with then name reversed (Example:redcj2.INI) delete it. Completely remove your AVG if you use it because it trashed it's registry. Do a complete Malwarebytes scan if you don't have it load it and use it. You should be good to go. If you can't change your boot order you'll have to reset the bios password because this virus added it's own to lock the bios. It's a little bit of work but you just saved all your files:]
john