Monday, May 24, 2010

How to remove the ICPP Copyright Violation Alert Malware

A currently ongoing ransomware campaign is using a novel approach to extort money from end users whose PCs have been locked down.

By pretending to be the fake ICPP Foundation (, the ransomware locks down the user’s desktop issuing a “Copyright violation: copyrighted content detected” message, which lists torrent files found on the infected PC, and forces the user to pay $400 for the copyright holder’s fine, emphasizing on the fact that “the maximum penalties can be five years in prison and up to $250,000 in fines. And here you can write is the rest of your post but remember to close the main post with this tag

The window attempts to trick the end user into believing that:

* “Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. Please read the following bulletin and try solving the problem in one of the recommended ways. During the system scan Antipiracy foundation scanner has detected copyright issues. Please take a look at the list and choose an action: pass the case to a court or settle it in pre-trial order by paying a fine.“

Attempts to get rid of it result in the following message:

* “Performing this action is construed as refusal to cooperate with the copyright holder and unwillingness to consider pre-trial settlement. If you continue, all the data gathered will be passes to copyright protection organizations and to the court. We recommend cancelling this action and choosing the option “pre-trial settlement”.“

Gullible end users who fall victim to the scam, will then be asked to pay $399.85 for a “Legal license purchase“, “Copyright holder fine“, a “Copyright protection organization fee for the use of software tracking illegal file downloads” and a “Traffic fee“.

AP Manager is a variant of the I-Q Manager ransomware program. This version has the Trojan masquerading as a download manager for copyrighted games, movies, and music. If you visit certain sites that are affiliated with this malware and attempt to download copyrighted media, it will be added to the AP Manager download list and it will pretend to download the file to your computer. When downloading, The AP Manager will show information such as how much time is left, the speed of the download, the amount of KB transferred etc, but in reality this information is all fake as nothing is actually being downloaded to your computer.

How to remove Copyright violation alert Ransomware

Who would have thought that on your way to remove a ransomware scam that affected your PC, you would be one day pirating the application that was originally using a “copyright violation alert” theme, as a spreading technique?

ZDNET claims "A working license code that completely uninstalls the ransomware, remains the most effective post-infection app", using the current code "RFHM2-TPX47-YD6RT-H4KDM"

From my experience, like other Malware and Antivirus software who claim to remove this and the associated drivers and rootkits, I have found that Combofix is the only consistent solution to this issue.