Hi All,

I am new here. Recently I had a bad experience.

One day I was reading someone blog. All of a sudden a pop up screen said they belongs to the Internet Cyber Security Protection Alliance. It said I am violating one of more article

It said I am violating copy right and related right laws ( video, Music, Software ) and illegally using or distributing copy right content thus in figuring article 128 of the criminal code of Canada.

It also said that I have been viewing or distribution pornographic content. Thus violating article 202 of the criminal code of Canada.

It also states that illegal access has been initiated from my pc without my knowledge or consent . My pc may be infected by malware. Thus I am violating the laws on neglectful use of personal computer.

My personality and address are currently being identify a criminal act is going to be initiated against me under one or more article specify above within the 72 hours and my computer will be lock.

However if I am going to pay the fine of $100 within 72 hours. My computer will unlock and I have 7 days to correct all my violation. It does to tell me where to pay the fine.

At first I do not know what to do. I turn off my computer and re start it. It has not been lock. I then search the web of the Internet Cyber Security Protection Alliance. I found this in fact is a virus.

I am using Microsoft security Essential and Malware byte to protect my PC. I then restored my PC to previous date. I ran full scan of the MSE and there are 3 Trojan detected. I have it removed. I then ran second time of Full scan of MSE the result has one and I remove it again. I ran the third time full scan the result was clean. I also ran full scan Malware byte the result was clean. My first question was why MSE and Malware byte can not detect this virus on the first place. Am I ok now with my computer ?

Has any one has this kind of experience before? I will appreciate if any one can give me some advice and what should I do now. Am I ok is what I concern. thank you.

Andrew.

See this removal guide:
http://malwaretips.com/blogs/fbi-cybercrime-division-virus-removal/

As for why it wasn't stopped -- this is unfortunately a common issue these days. It was either allowed by you (unknowingly) or it took advantage of an unpatched exploit with some installed program on the PC -- most likely Java or Adobe Flash.

Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.

When you encounter one of these fake virus pop-ups while browsing, immediately do the following:
-Do not touch any browser window to close it or browse further.
-Use the key combination <ALT>+<F4> to close all running programs, especially the web browser
--or--
-Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser.
--or--
-Go to Start/Shut Down and restart the PC without touching any browser windows.
-If you used task manager to close browser instances, reboot the machine.
-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies.
-Perform a full scan with MSE.
The above steps should prevent the infection from taking hold.
Start here - https://support.microsoftsecurityessentials.com/
and select the link that says - I think my computer is infected. Options will vary by region, but phone support leads you to Microsoft Answer Desk (http://www.answerdesk.com/) in the US at this time. After an initial free consultation, a fee will be charged for assistance, based on the details of the case.

This web site - http://www.bleepingcomputer.com - contains details for many of these common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. They also have forums where you can seek help from people who specialize in malware removal.

Besides MSE, the following recommendations will assist in protecting the PC from infection:
-Make sure that the Windows Firewall is enabled.
-Make sure that all important/critical updates, including service packs for the operating system and programs are installed from Microsoft Update (Windows Update).
-Make sure Internet Explorer is at the latest version for your operating system and updated with all patches.
-In Internet Explorer 8, 9, or 10, use the SmartScreen Filter.
-Make sure that IE Internet Security settings are at least set to medium-high (default).
-Enable the pop-up blocker in IE.
-On Vista and Windows 7 make sure that User Account Control (UAC) ON and not running with elevated privileges.
-Make sure that Windows Automatic Updates are set to at least notify, but the preferred setting is to download and install automatically. If you update manually, be sure to update as soon as possible after being notified of available updates.
-Make sure that installed applications, especially Adobe Acrobat, Adobe Flash, and Java are at their latest versions. Many vendors are regularly updating and patching for security holes.
See: https://blogs.technet.com/b/security/archive/2012/07/19/the-rise-of-the-black-hole-exploit-kit-the-importance-of-keeping-all-software-up-to-date.aspx?Redirected=true
-Never click through links from unknown sources and use caution even if they are from a "trusted" source.
-Never open unsolicited email attachments.
-Practice safe web browsing.

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

Hi Steve,

Thank you so much for your advice. I am in Canada. I do look at the removal guide your posted. Even though that is for USA. I believe the way to get ride of it is the same. I already done the part they recommended. By the way this incidence happed yesterday. I rebooted my PC and restored it to previous date. I also ran MSE three times yesterday as I mentioned above. Even today I ran a MSE full scan once. it come up clean. I am now running a full scan of Malwarebyte. Do you think I should be OK by now when the result come back clean ?

I do appreciate your recommendation and guidance on what to do should something like this happen. I will treasure these information and practice with caution should It be needed. As you can see I am not PC sassy person. My PC knowledge close to nothing. I believe this site will help me gain some knowledge on PC.

I am also concern and curious if that any possibility some one will use my pc to do illegal activities without me knowing it ? Is that some where I should check often and pay attention to ? your help and guidance will highly appreciated.

Andrew

The infection you encountered is a fake warning, designed to scare you into paying for the unlock. It does not mean that anyone used your PC.

As for the removal guide -- there are dozens and dozens of variations for this "scareware" infection. They usually come from an infected web site -- often through an advertisement on the page. That's why I mentioned that it is very important to keep Windows and all installed software up to date.

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

Hi and welcome to the community.

Is your machine safe if both MSE and MBAM full scans come back clean? With this infection there is a fairly high probability that you are OK but you can never be positive. Once a machine is infected the only way to be positive is to re-format and install. I am NOT telling you to do that. I'm just saying that it is impossible to absolutely say that your machine is OK. Chances are that it is. You say that you are doing a full scan with MBAM which is great as it is good with this infection. However, I would suggest doing that scan in Safe Mode. If you don't know how to get to Safe Mode just ask.

When you said that you did a restore to an earlier date did you mean that you used System Restore or did you restore a system image? If you restored a system image I would bet dollars to donuts that you are OK. If you don't know what I mean by a system image please ask as you should have one.

I've read everything twice and don't see what version of Windows you are running. That does not mean that it isn't there, just that I don't see it.

One last note on MBAM... Are you using the free or paid version? While the free version is a wonderful scanner it is not real time. By not being real time it is meant that it can only do something when you take the time and effort to launch the scanner. At all other times there is no protection from MBAM. If you are using the free version I would suggest that you upgrade to the paid version which is operating all the time. It is quite likely that the paid version of MBAM would have prevented this infection as it would have caught it as it came into your machine. I don't know what the paid version costs in Canada but in the U.S. it retails at $25.00 USD. If you look around you can get it cheaper. I paid $15.00 USD through TigerDirect.com.

Here is the real issue in my opinion. Somewhere, someplace, someone or some group decided that there were different types of infections. One of these types are viruses which MSE or other AV will handle. The other is malware which the AV people seem to think they should not handle. Malware is where MBAM comes in. Its purpose is to deal with malware. Personally I think that this is garbage and that there should be zero distinction between viruses and malware.

_________________

Jay:
I hate to disagree with you...
But...

I know that many people run MBAM Pro alongside Microsoft Security Essentials with no apparent issues. However, we (moderators and regulars in the Microsoft Security Essentials forum in the Microsoft Community) strongly recommend *against* using the Pro version. Although it isn't common, I've seen reports of odd behavior that suggests a conflict which is resolved when the user removes MBAM Pro.

My advice above stands. There is no good reason to overload a PC with real time protection that may cause conflicts. Your best protection can be had by keeping the PC up to date and by following safe computing practices as outlined in my initial reply.

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

That's OK, Steve... we are allowed o disagree.

I fully know that you are much more 'up' on these things than myself at this time but I will stick with using the pro version along with MSE. While my example is very small I have been monitoring 7 systems over the last year and a half that are all using MSE and MBAM Pro. None of these systems have shown any signs of infection and MBAM is reported to have stopped MANY incursions of malicious software being downloaded from sites.

I'm sorry to say that it is not a perfect world. If it were the AV people would actually do the job but they don't. The FBI security fraud... or in this case, the Canadian version, is not going to be stopped by any AV out there. Six months ago this infection could hit a system and you could just boot without an internet connection and clean the system with the free version of MBAM. Sadly this is no longer true. The newer variants can no longer be disabled just by killing the internet. If the infection is established this situation will just leave you with a blank white screen.

Yes, there ARE a few, very few, documented cases where running MBAM Pro along with MSE has caused issues. Have you ever looked at how many of these cases were also running Norton on-line backup that came with the system? I have had two cases where I removed Norton from a system (including using the Norton removal tool) and set it up with MSE and MBAM Pro and had the system go south. In both cases I was able to boot to Safe Mode and could see that Norton on-line backup was still there. Got rid of that and neither system had an issue. Is what happened with two systems enough to make any kind of bold statement? Of course it is not but I must add that I'm batting a thousand.

Trust me Steve, I KNOW that you know MUCH more about this stuff than I. Just thought that I'd express my experience and possibly give you something to think about.

_________________

The vast majority of problems with conflicts are with pre-installed antivirus software, but yes, I've seen Norton Backup cause issues, too. Of the cases where we saw issues for MSE/MBAM Pro, I can't say that Norton Backup was there or not -- we usually do try to get users to let us know what is active. I'll keep that in mind in the future!

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

I'm another that has seen no problems with my machines and I run Microsoft Security Essentials and Malwarebytes Pro together on both my Windows 7 machine and this Windows 8 Notebook.

None of my machines has ever had a sniff of Norton anywhere near them, I can't remember which one it was but the only one I've had with pre-installed AV had McAffee and that was the first thing taken care of before anything else.

_________________
Joan Archer
http://crossstitcher.webs.com

I am really appreciate do all who give me answer and help. Many thanks. I try to log in and want to thank those who help me. I can not sign in. I double check my pass word few times which is correct. The system keep telling me that I am wrong. After few attempt the system tells me I had exceed the try and need to solve the word. I end up file a I forget my pass word and receive a temp pass word. I do not know if any other experience the same of just me ? I also have a question. If I want to contact the board of Moderator where can I send. there is no email address indicate where I can send to. I am kind of lost here. I do not have outlook in my system. can some one help. I do not want to sign out I am afraid I may not can sign in again. thanks

Look at the very bottom of the Mods post you want to contact. You should see 3 small boxes. Click PM or email and go from there

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You

Andrew, I will email you with the address to use.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock