The ICE Cyber Crime Center Virus

Also Known As: ICE Virus
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

The ICE Cyber Crime Center Virus removal guide

The ICE Cyber Crime Center message locks computer users' screens demanding payment of a $400 fine for alleged law violations. This is a scam. The message has no connection with U.S. Immigration and Customs Enforcement and was created by cyber criminals in the hope that unsuspecting PC users believe the false accusations made (watching pornography, using copyrighted files, use of unlicensed software) and pay the bogus fine. In fact, no authorities (including The ICE Cyber Crime Center) use screen-blocking messages to collect fines for any law violations. This fake message is called ransomware and this particular infection originates from a family called Reveton.

Ransomware infections are especially rogue since they are localized. Computer users from different countries observe variants of the fake message, which exploits the graphics and names of local authorities. This particular ransomware predominantly targets computer users from the USA, however, users from Australia with machines infected by this virus, observe the same message as if sent from the Australian Federal Police (AFP). Do not trust any messages supposedly sent from local authorities and ordering payment of fines to unblock your PC - this is a scam. Paying the fine when ordered by these messages is equivalent to sending your money to cyber criminals.

The ICE Cyber Crime Center Virus

A variant of this ransomware virus:

ICE virus

The ICE Cyber Crime Center virus is distributed using Trojans and drive-by downloads. Computer users should express caution when using P2P networks, social networks, and when downloading software updates from unverified sources. To prevent ransomware infiltrations, keep your operating system and installed software (Flash, Java, etc.) up-to-date. Furthermore, use legitimate antivirus and anti-spyware software. If you observe a message from "The ICE Cyber Crime Center" requesting payment of $400 using MoneyPak, ignore it and proceed with the removal steps provided.

A fake message displayed by The ICE Cyber Crime Center virus:

The ICE Cyber Crime Center.

Your computer has been blocked.

 

To unlock your computer and avoid other legal consequences, you are obligated to pay a release fee of 300 USD (green dot MoneyPak).

 

Possible violations are described below:

Article - 174. Copyright
Imprisonment for the term of up to 2-5 years (The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 USD.

Article 183. Pornography
Imprisonment for the term of up to 2-3 years. (The use or distribution of pornographic files). A fine from 180,000 up to 25,000 USD.

Article 184. Pornography involving children (under 18 years)
Imprisonment for the term of up to 10-15 years. (The use or distribution of pornographic files). A fine from 20,000 up to 40,000 USD.

Article - 104. Promoting Terrorism
Imprisonment for the term of up to 25 years without appeal (Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 USD with property confiscation.

Article - 68. The distribution of virus programs
Imprisonment for the term of up to 2 years (The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 up to 28,000 USD.

Article - 113. The use of unlicensed software
Imprisonment of the term of up to 2 years (The use of unlicensed software). A fine from 10,000 up to 22,000 USD.

Article - 99. Cheating with payment cards, carding
Imprisonment for the term of up to 5 years (The operation with the use of payment card or it's details which was not initiated or not confirmed by the holder). A fine from 30,000 up to 75,000 USD with property confiscation.

Article - 156. Spamming pornographic content
Imprisonment for the term of up to 2 years. (Spamming pornographic content by means of the e-mail or social Networks). A fine from 16,000 up to 36,000 USD.

An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.
In connection with the decision of the Government as of June 7, 2013, all of the violations described above could be considered as criminal. If the fine has not been paid, you will become the subject of criminal prosecution. The fine is applicable only in the case of a primary violation. In case of a second violation you will appear before the Supreme Court.
Amount of the fine is 300 USD. Payment must be made within 48 hours after the computer blocking. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine.

The ICE Cyber Crime Center virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with The ICE Cyber Crime Center virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

remover for The ICE Cyber Crime Center virus

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Cannot boot in Safe Mode with Networking? (The ICE Cyber Crime Center virus is blocking Safe Mode with Networking)

If you have more than one user account within your operating system, log-in to the clean account and download the recommended malware removal software, install it and run a full system scan. Remove all security infections detected. If, however, you have only one user account, please follow this guide (this describes how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove The ICE Cyber Crimes Center ransomware).

If The ICE Cyber Crimes Center scam also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, and then boot your PC in Normal Mode and login to the newly-created user account ('removevirus'). This account will be unaffected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

remover for The ICE Cyber Crime Center virus

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of The ICE Cyber Crime Center virus.

Other methods used to eliminate this ransomware infection from your PC:

Remove The ICE Cyber Crime Center virus using a Rescue Disk.

Comments 

 
#22 admin 2014-03-20 00:23
Hi Saraim1, the message that blocks your computer's screen and demands to pay a fine in order to unblock it is definitely a scam - you can find the official statement here - https://www.ice.gov/news/releases/1302/130215washingtondc2.htm
Quote
 
 
#21 sairam1 2014-03-19 07:32
Hi, how to know it's fake? Will they come to arrest me?
Quote
 
 
#20 Ruby 2013-12-12 22:00
My laptop got locked by the same virus too. But the problem is i have no access to the password of Admin account since it locked the guest one...
Quote
 
 
#19 admin 2013-11-12 06:30
Hi Stanley, you shouldn't pay the fine and no they won't arrest you. It's a scam created by Cyber criminals - follow the provided removal guide and eliminate this scam from your PC.
Quote
 
 
#18 Stanley 2013-11-11 14:20
Hi I just got the virus last night. I was wondering what would happen if I don't pay the 300$. Can they really arrest me?
Quote
 
 
#17 admin 2013-08-16 07:08
Hi Cora, the Ice Cyber Crime Center message which demands to pay a fine in order to unblock your computer is fake, no authorities are going to arrest you. This message is created by Cyber criminals - it's a ransomware virus. You can read the official statement from ICE here - https://www.ice.gov/news/releases/1302/130215washingtondc2.htm
Quote
 
 
#16 Cora 2013-08-16 00:33
I want to know if this is real or fake. I want to say that if it was real, they would be coming to my house to arrest me, but I'm still scared. I tried all of the removal techniques but using a USB and I think my computer is completely screwed because when I try turning it on, goes to a blue screen stating memory has been dumped and to contact tech support. I'm not too worried about the computer because I just got a new one, I just need to know if I'm going to get arrested for something I didn't do! HELP!
Quote
 
 
#15 admin 2013-08-01 04:24
Hi hafiz, reinstall of one's operating system would definitely solve this ransomware issues, however if you want to save time you can use the provided removal guide.
Quote
 
 
#14 hafiz 2013-08-01 04:00
how about re installing ? Is that another way ?
Quote
 
 
#13 Michael 2013-07-31 19:16
Got this virus yesterday. Virus was blocking all "Safe Mode" options and I could not restore to a previous date.

Only option I had was F8, "repair computer", command prompt. In command prompt I typed regedit.

In the registry I clicked CURRENT USERSOFTWAREMIC ROSOFTWINDOWSCU RRENTVERSIONRUN and DELETED all files EXCEPT (DEFAULT)

In the registry I clicked CURRENT USERSOFTWAREMIC ROSOFTWINDOWS NTCURRENTVERSIO NWINLOGON and DELETED SHELL

Restarted windows and in command prompt typed "start explorer" and got my desktop back. Did a virus scan and sure enough deleted ecllasovgthlkao wo.exe.

Went back to registry regedit and went into CURRENT USERSOFTWAREMIC ROSOFTWINDOWS NTCURRENTVERSIO NWINLOGON and gave value data to SHELL of explorer.exe (It had cmd.exe)

Restarted computer and it works fine now.
Quote
 
About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.