Security Center 2012 is a new rogue anti-virus software designed to run the money chase campaign to deceive users worldwide and to trick them into paying for the totally powerless anti-malware program. In other words, when somebody actually purchases this type of software it would not benefit the PC at all. The system remains under the same vulnerable condition. So, once other real threats try to enter it Security Center 2012 would not detect them. Be not surprised with this fact, however, because this application is the hoax that must not be treated as reliable security tool. Its name has been chosen by fraudsters to make you think it is legitimate. Nevertheless, our outward impressions about certain products or programs do not often coincide with the real facts about them, their features and capabilities. This is the exact story when we analyze this rogue anti-malware program.
Archive for February, 2012
Spanish-speaking countries, regretfully, did not escape the impact of ransomware attacks nowadays striking the entire world. So, some PCs are today being under the lock of this virus that hijacks the desktop and replaces the common desktop background with its own, quite a scary one. Here is what is says:
Hackers use UK’s Metropolitan Police name as the instrument of scaring users with the fake information. They developed a special application that belongs to ransomware malware group. This is the virus that locks the desktop at each system startup without letting user do anything on the infected PC. In addition, users are being accused of doing many bad things through their PCs. The list of false accusations is quite large and unpredictable for some, especially when such scary notice is received by some 90-year old woman who was raised in the Puritan traditions of the past. Here is the misleading notice that some users could get:
Online Internet fraudsters probably don’t want to stop their endeavors to develop new examples of rogue security applications. They intend to deceive as many simple users as possible. So they create new malware samples every day and then launch them into the world wide web. Users should be aware of them, especially of how to get rid of such potentially unwanted and even hazardous applications. So, meet Windows Shield Tool – the new money chase mechanism prepared by hackers. Have a look at its GUI. If you have the same software on your PC then please be advised that you have a virus on your computer.
The scary notice that you see at the screenshot is the background of the computer desktop infected and locked with new ransomware that targets users primarily of Belgium and France. Some users also tend to name this cyber infection as eCops virus in their search queries. This is because of eCops logo placed in the very upper part of this scareware notification. We’ve researched about eCops organization. This is a Belgian online reporting service to which the Internet user can report crimes related to Belgium, committed on or by means of the world wide web. The web-page of eCops clearly says that this organization makes sure that all such reports are investigated by the appropriate service. So, this is the authority that helps to prevent sites with misleading information, unwanted advertisement or a fraudulent offers over the Internet. It also fights against child pornography on websites. It is obvious that this is a good company that helps to prevent cyber crimes committed by some users online. However, eCops has nothing to do with this ransomware program you see at the screenshot. On the contrary, this virus was prepared by hackers who want to earn extra money by deceiving users online. As we said, this malware attacks users primarily of France and Belgium, but there are chances that other countries might suffer because of it too. Below please find the quotes of what the ransomware accuses users of:
Certain specific features of Windows Telemetry Center program clearly prove its malicious origin. In particular, we mean several of its outward peculiarities, i.e. its GUI and some other inner parameters. The tool claims to be able to scan your computer for availability of possible threats, such as malwares, viruses, spyware, rogues – the items that could represent danger to your system security if they indeed enter your system. At the same time, in this specific situation all threats reported by Windows Telemetry Center are fake (invented infections). In order for us to be more precise, the application intentionally notifies users of fake cyber infections simply in order to give you quite a considerable volume of scary but yet fake information. The recommendations that are given after some of those bogus system scans and deceitful popup alerts are quite predictable – the scam instructs you to click the registration button on its interface window and fill in your private and bank details, including credit card information – to finish the registered copy authentication. Thus, the hoax is nothing but the next clearly earnings-directed instrument prepared by crooks to gain more and more funds. Even if one purchases Windows Telemetry Center such purchase will not assist in times of real virus attacks on PC security. There will be some imitation of threat elimination, but the truth of the matter is that that these reported threats never were present on your computer. Thus, it makes no point performing this rogue’s admonitions or trusting it. It’s strongly recommended that you take some time to research the issue of its successful removal. You may find out how this fake anti-malware can be deleted. In case certain extra issues take place along the way, please make sure to share your comments and we’ll do all our best to assist you.
The message titled as “Der Zugang zu Ihrem Computer wurde gesperrt” is the new ransowmare creature developed by cyber frauds with the intentions to scare users into sharing some of their income with the crooks. Just as many other virus applications of such type, this one accuses users of keeping and spreading music clips and files over the Internet, thus violating the copyright laws of those companies / people to whom such music samples belong. Without a doubt, this scary ransomware warning was prepared by malware developers and you should avoid acting like you are being instructed by the virus software. You would be told by this program to effect the payment of 50 Euro as the price to unlock your system. Otherwise, the scam says, your name and surname, as well as your location would be reported to the law-enforcement agencies. Indeed, it is not really a pleasant event to receive such a scary notification. The saddest event, however, is when somebody actually decides to obey the commands of this virus program. So, if you see the following message in front of your computer please ignore it completely and get yourself prepared to unlock your system with the software that was specifically elaborated to help users whose PCs suffered from such ransomware virus.
Der Zugang zu Ihrem Computer wurde gesperrt virus
Atif Ihrem Computer wurden illegal heruntegeladene Musikstücke (“Raubkopien”) gefunden.
Durch den Download wurden die Musikstücke vervielfältigt, so dass ebenfalls eine Strafbarkeit gemäß § 106 Urhebergesetz gegeben ist.
Der Download von urheberrechtlich geschützten Musikstücken durch das Internet oder einer Musiktauschbörse ist illegal und wird gemäß § 106 Ui liebergesetz mit Geldstrafe oder Freiheitsstrafe von bis zu 3 Jahren bestraft. Weiterhin ist der Besitz nach § 184 Absatz 3 StGB strafbar und kann auch zur Einziehung des Rechners führen, mit dem die Dateien heruntergeladen wurden.
Eine eindeutige identifizierung Ihrer Person ist mithilfe Ihrer IP-Adresse und des Hostnames problemlos möglich.
Die gefundenen Raubkopien wurden verschlüsselt und in ein geschütztes Verzeichnis kopiert.
Um die Sperre aufzuheben und weiteren Strafrechtlichen konsequenzen aus dem Weg zu gehen, sind Sie verpflichtet eine Mahngebühr in Höhe von Euro 50,- zu bezahlen. Zahlbar durch unseren Payment- Partner Paysafecard. Nach erfolgreicher Bezahlung wird Ihr Computer automatisch entsperrt.
Um die Bezahlung durchzuführen, geben Sie den erworbenen Paysafecard-Code in das dafür vorgesehene Zahlungsfeld ein, wählen Sie den Wert Ihres Codes und drücken Sie anschliessend auf “Absenden”.
Die GEMA ist gesetzlich legitimiert – und steht in engem Kontakt zu den Gesetzgebern.
1. Fragen Sie den Händler nach einer Paysafecard im Wertvon€50.
2. Erhalten Sie Ihren Paysafecard Code.
3. Geben Sie den Paysafecard Code in das dafür vorgesehene Feld ein.
This type of ransomware cannot be deleted (unlocked) so easily, compared to other viruses of this group / category. Rebooting your system into safe mode, safe mode with networking, safe mode with command prompt would not help. The locked status of your computer would still be active. So, you would have this same “GEMA” backround instead of your common desktop theme. Nevetheless, do not panic. Please follow this special removal guide developed by Kaspersky Labs. Use the program recommended by them, it is called Kaspersky Rescue Disk 10. This is the software that will help you fix your problem and remove the blocked status from your PC. Complete instructions to delete this virus are available here – http://support.kaspersky.com/de/viruses/rescuedisk
L’accès à votre ordinateur a été fermé is a title of new ransomware’s scary warning, the virus that targets users of France and some other French-speaking countries. It actually says that users were noticed to download, listen and distribute pirate copies of music files clips, thus having violated the copyright laws. As a fine, they are instructed by the malware makers to effect the forfeit sum in the amount of 50 €. The ransomware then promises users to unlock the infected systems. Otherwise, the virus says, the information about illegal activity and online piracy would be reported to the respective governmental bodies and authorities. The virus instructs scared users to make payment by means of Paysafecard funds processing system via indicating the special code in the respective field. The detailed example of what the scareware warns users about is presented in the quotation below.
L’accès à votre ordinateur a été fermé.
Sur votre ordinateur il y avait des chansons qui ont ete téléchargés illégalement (“piratage “).
Lorsque vous avezfait un téléchargement des chansons qui ont été polycopiés, cela est également une infraction pénale conformément au § 106 de la loi Dioit d’auteur.
Télécharger de la musique, qui est protégée par le droit d’auteur à l’aide d’Internet ou le partage de fichiers musicaux est illégal et conformément au § 106 de la loi Droit d’auteur est passible d’une amende ou d’emprisonnement pouvant aller jusqu’à deux ans. En outre, conformément à paragraphe 3 de la loi de § 184 du Code pénal, la propriété est également soumise à une arrestation, il petit entraîner la peite de l’ordinateur par lequel ces fichiers ont été téléchargés.
Le piratage trouvé a été chiffré et copié au catalogue protégé par le mot de passe.
Pour débloquer et pour d’autres actes, qui ont été le résultat d’une violation de la loi, vous devez à payer une amende – 50 €. Le paiement est effectué par notre partenaire – Paysafecard. Dans le cas de réussite des procédures de paiement, votre ordinateur se débloque automatiquement.
Pour l’application du présent code de type de paiement dans le domaine de Paysafecard proposé pour le paiement, alors le coût de votre code et cliquez sur «Envoyer*.
GEMA a les droits légaux et est en contact étroit avec le pouvoii législatif.
Please do not make the mistake some people have already made. They did what the malware instructed them to do and simply wasted their money. There is no guarantee given by this ransomware that your desktop would be unlocked. Instead of wasting your time and money you need to follow the removal guide to delete this virus and to unblock your PC. These virus uninstall instructions and excellent program was developed by Kaspersky Labs. Please find more information about this virus and how to get rid of it at this site – http://support.kaspersky.com/fr/viruses/rescuedisk
The warning titled as “Access to your computer was denied” is a ransomware program designed by computer hackers with the intention of convincing users to pay the fine supposedly because of their violation of copyrights. The fine instructed by malware developers to be paid in favor of crooks makes up €50. Thus, this virus totally blocks (locks) the desktop of infected system and does not allow users to do anything with it (except for indicating the Paysafecard password in the respective box to unlock your system). However, there is no guarangee that your desktop would be restored and unlocked. If one tries to reboot the PC (whether in normal mode, safe mode, safe mode with networking or safe mode with command prompt) the same problem remains – the system continues to be locked. Surely there is something that must be done with it, and this “something” is quite urgent to be accomplished by users whose system got infected. Below please find the example (quotation) of what the malware actually tells users when it enters the infected system.
Access to your computer was denied.
Illegally downloaded music tracks (in other words, “pirated copies”) have been detected at your PC.
While being downloaded the before mentioned tracks were copied -that’s also a criminal offense in conformity with §106 of the Digital Millennium Copyright Act.
Both copyrighted music tracks download in the Internet and music files exchange are illegal subject to compliance with §106 of the Digital Millennium Copyright Act and punished by either imposition of monetary fines or up to three years of imprisonment. Moreover, following p.3 §184 of the Criminal Code the property is subject to detention – it can carry forfeit of the computer has been formerly used for the above mentioned files downloading.
The legible identification both of your person and that who uses your IP-address and Host Name poses no problem anyway.
The detected pirated copies were ciphered and copied to password-protected directory.
For unblocking and commission of any other actions resulted from infringement of rule of law you should pay a penalty equal to €50. The payment should be delivered through our financial partner – Paysafecard. When the payment procedure is complete successfully your PC will be unblocked automatically.
For the completion of the above mentioned payment insert enter Paysafecard’s password in proper box and press “Enter”.
GEMA holds legal rights and permanently contacts with state legislation.
1. Refer to nearest-located dealer for Paysafecard equal to €50.
2. Receive your personal Paysafecard password.
3. Enter your Paysafecard password to proper box.
Without hesitation, to receive such a warnign could be quite scary even if you have never done anything like what you’re being accused of. But, nevertheless, you must ignore it completely, otherwise there is a risk that this virus would draw your attention more and more. Finally it may convince you to do what it is meant for. Be clever. Don’t trust this hoax. Ignore what it tells you. In order to delete this ransomware you might try to follow some special ransomware guides listed in the caterory named “ransomware” of this blog, however, most probably they would not help you. The problem of your PC being locked would remain. In such cases we can only recommend you to go to Kaspersky’s site, download the program recommended there and get rid of this virus that locked your desktop. So, please follow this removal guide at Kaspersky’s site to delete this ransomware-type infection with its help – http://support.kaspersky.com/viruses/rescuedisk. Kaspersky’s Lab has good tool Kaspersky Rescue Disk 10 that can help you restore your desktop that was hacked by ransomware tool.
Do you encounter Windows Smart Partner scam regularly on your PC each time you turn it on? Does this fact annoy you? If this is the case then your PC has unambiguously caught one of the most severe and misleading rogue applications spread over the Internet today. Please carefully read this article aimed to assist you in describing what this rogue does and how users can uninstall it. Windows Smart Partner penetrates into one’s PC in a manner that you probably will not be able to easily trace. It’s primarily a trojan-involved procedure and attack the available security software may not notice timely and thus allows the rogue to implant itself into your system. While running on your workstation the hoax would be persistent in trying to draw your attention to the alleged problems of presence of various threats on your machines. It asserts that malwares, spyware and other dangerous items are going to ruin your security protection barriers and commence demolishing your PC. You are probably guessing why this tool is performing such a role and what it is going to instruct you to do finally. The answer is it tries to convince you to obtain its so-called licensed version which is claimed to be the solution that will assist you in deleting the threats. However, the reality is that none of the infected items reported by this scam are actually inside of your system – the frauds prepared this fake threat list for the only purpose of scaring users. Hence, you should not trust Windows Smart Partner. Likewise, it is not a good decision to do what it instructs you to. Below please find the pattern of your sequence of steps for deleting this badware: restart your system and choose Safe Mode with Networking by repeated hitting F8 key, go to this same article and download one of anti-virus programs reviewed here. Some of them even have totally free version to detect and remove viruses like Windows Smart Partner.