DotFab Blog » Malware Removal»How to Remove The ICE Cyber Crime Center Virus? (Ransomware Removal)

How to Remove The ICE Cyber Crime Center Virus? (Ransomware Removal)

 

The computer desktop has been taken over by a bogus “Your computer has been blocked” notification purportedly from The ICE Cyber Crime Center? Want to get rid of this lockscreen image and regain access to your computer? Then read on this post and follow the guide to remove this virus.

Main content of this article:
What Is The ICE Cyber Crime Center Virus?
How to Remove The ICE Cyber Crime Center Virus?
How Does The ICE Cyber Crime Center Virus Infect a Computer?
Ransomware prevent tips

 

 

What Is The ICE Cyber Crime Center Virus?

 

 

The ICE Cyber Crime Center Virus is categorized as lock screen ransomware that scam and threaten infected computer users to pay a non-existent fine to cybercriminal. This kind of ransomware works alike-blocks you out of the Windows operating system and all the applications on your computer by displaying a full screen fake notification pretending to be from the local authorities and asks for a fine to regain access.

Screenshot of the fake notification by The ICE Cyber Crime Center Virus:
The ICE Cyber Crime Center virus 2

 

The symptoms of being infected by The ICE Cyber Crime Center virus:

 

Ⅰ. The ICE Cyber Crime Center virus will block you out of the Windows operating system and all the applications on your computer.

Ⅱ. You get a lock screen notification titled with “Your computer has been blocked” instead whenever you try to boot your computer into Windows operating system or Safe Mode.

Ⅲ. In the fake notification, it claims that illegal online activities have been detected on your computer, so you have to pay a none-existent fine of 300 USD via MoneyPak vouchers within 48 hours to unlock your computer, otherwise you will be accused.

ICE
The ICE Cyber Crime Center
Your computer has been blocked
The work of your computer has been suspended on the grounds of unauthorized cyber activity.
Possible violations are described below:
Article -174. Copyright
Imprisonment for the term of up to 2-5 years
(The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 USD
Article – 183. Pornography
Imprisonment for the term of up to 2-3 years
(The use of distribution of pornographic files). A fine from 18,000 up to 25,000 USD
Article – 184. Pornography involving children (under 18 years)
Imprisonment for the term of up to 10-15 years
(The use or distribution of pornographic files). A fine from 20,000 up to 40,000 USD
Article – 104. Promoting Terrorism
Imprisonment for the term of up to 25 years without appeal
(Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 USD
Article – 68. The distribution of virus programs
Imprisonment for the term of up to 2 years
(The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 to 28,000 USD


To unlock your computer and to avoid other legal consequences you are obligated to pay a release fee of $300 USD.
An attempt to unlock this computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.

Ⅳ. To make the notification more authentic, it manages to gain access to your webcam and trick the user into thinking they are under surveillance.

Ⅴ. Even you are lucky enough to restart your computer to Safe Mode successfully, you may find that all the restore points are deleted.

Even if it exploits the name and logo of The ICE Cyber Crime Center, you should be aware that the “ICE-The ICE Cyber Crime Center-Your computer has been blocked” message is a scam and this bogus notification has nothing to do with this authority. You should never pay the ransom as it requested, for the cyber criminals will not unlock your computer even you pay the money. On the contrary, this may put your personal information and credit card information at risk.

 

Removal Guide for Other Prevailing  Ransomware Infections:

FBI MoneyPak VirusNSA Internet Surveillance Program VirusComputer Crime Prosecution Section virus

Centre for Critical Infrastructure Protection (CCIP) virusUnited States Cyber Security virusMinistry of Public Safety Canada virus

Mandiant U.S.A. Cyber Security virusWhite Screen VirusRoyal Canadian Mounted Police Virus,

U.S. Department of Homeland Security RansomwareREloadit VirusPolice Central e-crime Unit Virus,

FBI Cybercrime Division VirusYour Computer Has Been Locked RansomwareICE Cyber Crimes Center Virus,

 

 

How to Remove The ICE Cyber Crime Center Virus? (Removal Guide)

 

                                                                                                           

Deny Flash

Some variants of ransomware exploit Java or Flash vulnerabilities to load the malicious code. The symptoms of the infection may be suspended by denying flash. Then you can navigate through the infected system. If this step is not necessary for the removal, then skip to the next step.

To deny/disable flash:
Visit http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html → select the Deny radio option

                                                                                                         

Removal option 1—Restore the Operating System Through Safe Mode with Command Prompt

(Under the case that you can boot your computer to Safe Mode with Command Prompt and the system restore points haven’t been deleted, you may try this option to get rid of this ransomware.)

Removal option 2—Remove The ICE Cyber Crime Center Virus Using Anvi Rescue Disk

(If the system restore points are deleted or you can’t boot into Safe Mode with Command Prompt, you may try this option.)

                                                                                                           

 

 

Option 1—Restore the Operating System Through Safe Mode with Command Prompt

 

System Restore will bring your computer operating system back to a point before you get infected by The ICE Cyber Crime Center virus.

 

Step 1 Boot your computer to Safe Mode with Command Prompt

 

1. Turn off your computer and then back on.

 

2. During the start, tap F8 key repeatedly till you are brought to the Windows Advanced Options Menu.

 

3. Use the arrow keys to highlight Safe Mode with Command Prompt and then press Enter.

Safe Mode with Command Prompt

If you fail to boot the infected computer to Safe Mode with Command Prompt, you may go to How to Boot Windows into Safe Mode for tutorials.

 

 

Step 2 Restore your computer to a restore point

 

1. Once the Command Prompt window comes out, quickly type “explorer” and hit Enter.

If you fail to do so in a few seconds, the ransomware will not allow you to type any more. You should restart the computer to the Safe Mode with Command Prompt and repeat the process.

system restore 1

 

2. Next, type rstrui and press Enter to launch System Restore

4

 

Or, close the Command Prompt window, then locate the file rstrui.exe and press Enter to launch System Restore.

The location of the file:

Windows XP: C:\windows\system32\restore\rstrui.exe

Windows 7/Vista: C:\windows\system 32\rstrui.exe

rstrui.exe file

 

3. Follow all the steps to restore your computer system to an earlier time and date (restore point) before the infection.

Please note that some professionally crafted ransomware variants will delete all your system backup, so you can’t execute system restore. If that is the case, follow Option 2 to get rid of this nasty computer virus.

 

 

Step 3 Scan and remove malicious files with Anvi Smart Defender

 

After restore the Windows operating system, you need to run a system can to make sure that there is no malware or malicious files on your computer and to prevent The ICE Cyber Crime Center virus from reanimating.

 

1. Run a computer scan with Anvi Smart Defender and remove the infected files.

Anvi Smart Defender direct download link: http://www.dotfab.com/download_asd.html

Anvi Smart Defender purchase link: http://www.dotfab.com/asdupgrade.php

Download and install Anvi Smart Defender → run Anvi Smart Defender → switch to Scan tab → run a Full Scan

ASD

 

2. Boot your computer into normal mode and run a system scan again to make sure all the infected files were removed.

 

 

Option 2—Remove The ICE Cyber Crime Center Virus Using Anvi Rescue Disk

 

You can follow the instructions in the following video to get rid of The ICE Cyber Crime Center virus by using Anvi Rescue Disk.

 

Or, you can follow the following step by step instruction.

 

 

Step 1 Use a clean computer to download Anvi Rescue Disk files

 

Download the Anvi Rescue Disk iso image file Rescue.iso and the USB disk production tool BootUsb.exe from Anvisoft official site.

Direct download link: http://www.anvisoft.com/software/rsd/

Please kindly note that Rescue.iso is a large file download; please be patient while it downloads.

 

 

Step 2 Record Anvi Rescue Disk iso image to USB drive

 

You can also record the iso image to a CD/DVD. We will introduce the steps to record iso image to a CD/DVD in following guide.

1. Connect USB to the computer.

You’d better backup your important data and format your USB drive before use it to record the iso image.

2. Locate your download folder and double click on BootUsb.exe to start it. And then click “Choose File” button to browse into your download folder and select Rescue.iso file as your source file.

USB burning

3. Select the path of USB drive, such as Drive H:

4. Click “Start Burning” to start the burn of USB Rescue Disk boot drive.

5. Close BootUsb.exe tool when you get the following message.

congratulations

Now, you have bootable Anvi Rescue Disk to repair your infected computer.

 

Alternative Option-Record the iso Image to a CD/DVD

Any CD/DVD record software is fine for burn iso image. If you don’t have one, you can download and install Nero Burning ROM and ImgBurn. Here we will use Nero Burning ROM for demonstration purpose.

1. Open and start Nero Burning ROM and select Burn Image from the drop-down menu of the Recorder.

CD/DVD recorder

2. Locate your download folder and select Rescue.iso file as your source file and then click Open button.

3. Click Burn button to start record the iso image.

After a few minutes, you will have a bootable Anvi Rescue Disk to repair your computer.

 

 

Step 3 Configure your computer to boot from USB drive/CD/DVD

 

Restart your infected computer and configure your computer to boot from USB drive/CD/DVD that recorded Anvi Rescue Disk. Basically, you can use F8 to load USB boot menu.

For different motherboard, you may need to use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

boot menu instruction

The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:

• Ctrl+Esc
• Ctrl+Ins
• Ctrl+Alt
• Ctrl+Alt+Esc
• Ctrl+Alt+Enter
• Ctrl+Alt+Del
• Ctrl+Alt+Ins
• Ctrl+Alt+S

 

 

Step 4 Boot your computer from Anvi Rescue Disk

 

1. Restart your computer and press any key to load Anvi Rescue Disk.

2. After you enter Anvisoft Rescue Disk menu, please selected your preferred language and press Enter to continue.

Anvi Rescue disk language setting

 

 

Step 5 Scan and remove malicious files and repair registry errors

 

1. Now you are in the mini Operating system, please double click Rescue tool to start Anvi Rescue disk.

Anvi Rescue Disk

 

2. Make sure that your computer is connected to network connection before you run a scan on your computer. You can go to Network Troubleshooting Tips for Ransomware Removal using Anvi Rescue Disk for tutorial.

Internet connection

 

3. Run a full scan by clicking the “Scan Computer” button in the middle of the program to detect and kill the PC lockup virus.

Anvi Rescue disk scan

 

4. Clicking “Fix Now” to Remove the detected threat by Anvi Rescue Disk.

Anvi Rescue disk fix now

 

5. Switch to Repair tab. Scan and fix the registry error with the “Repair” module of Anvi Rescue Disk.

Anvi Rescue disk repair

Important Note: You must repair the registry error after kill the virus. You are probably disabled to boot your Windows without fixing registry damaged by the virus.

 

 

 

Step 6 Scan and remove persistent residual files with Anvi Smart Defender

 

Some ransomware variants are incredibly persistent, so you are highly recommended to download the antimalware promgram Anvi Smart Defender to remove all the detected threats as prompted.

Download-ASD-in-Rescue-Disk

After download, please restart your computer to normal Windows mode and then go to the folder: C:\Users\[username]\Downloads.

Or you can download it from this direct download link: http://www.dotfab.com/download_asd.html when you boot your computer to normal Windows mode.

1. Double click asdsetup.exe file to install Anvi Smart Defender, then switch to Scan tab to perform a Full Scan.

Anvi Smart Defender-2

 

2. When scan finished you can click on view details to check the threats have been detected.

ASD-Viewdetails

Anvi Smart Defender-scan resulte

 

3. Click on Remove button to delete all the threats have been detected.

 

Now your computer should be free from the infection of The ICE Cyber Crime Center virus. If you have any question concerning the removal of this virus, please leave a reply and we will help you to fix your problem as soon as possible.

 

How Does The ICE Cyber Crime Center Virus Infect a Computer?

 

The ICE Cyber Crime Center virus can infect a computer in various ways. In most instances, it is performed via drive-by download or Trojan horse that are placed on malicious or compromised websites. When you visit such websites, it will be downloaded automatically and then exploits the vulnerabilities in the Windows operating system or the applications on your computer to get itself installed.

Cyber criminals use spam emails to distribute The ICE Cyber Crime Center virus, too. Usually, the infected attachments containing in such emails are the executable program for The ICE Cyber Crime Center virus. The links in such emails leads you to the malicious or compromised websites mentioned above.

 

Prevention tips:

 

1. Keep the Windows operating system and all the software on your computer up-to-date, and patch the system vulnerabilities timely when prompted.

 

2. Protect your computer with up-to-date security software. Working along with your installed antivirus solution, antimalware program, Anvi Smart Defender, can provide an additional layer of protection to your computer. The Full Guard function puts your computer under real-time protection and keeps you away from malware and malicious websites.

Anvi Smart Defender free version download link: http://www.dotfab.com/download_asd.html

Anvi Smart Defender purchase link: http://www.dotfab.com/asdupgrade.php

 

3. Be careful when surfing the Internet and keep an eye on the links and pop-ups before you click on them. You are strongly recommended to turn on the security feature of IE, Firefox and Chrome. Or, you may make use of Anvi Ad Blocker to create a clean online environment. It is available for free if you are an Anvi Smart Defender pro version user.

Anvi Ad Blocker trial download link: http://www.dotfab.com/download_adb.html (Expires in 15 days)

Anvi Ad Blocker purchase link: http://www.dotfab.com/adbupgrade.php

 

4. Don’t click on links or open attachments from untrusted sources.

 

5. Apart from the above aspects, you’d better regularly perform a backup of your important files. If you don’t know how to backup files, please look for instructions in Back up your files

 

For more detailed information on how to prevent from being infected by ransomware please browse this post: What Is Ransomware –How to Prevent