How to get rid of the ICSPA moneypak scam virus because now I’m like those hackers in the movie Hacker.

1995-hackers-movie-still-01I’m awesome at computers!!!!!!!!!

No. No I’m actually not. At all. In fact, I’d say I’m barely computer literate. I can follow directions when people tell me how to do things, I’m not afraid to look in the files on my computer or try things out, but I really know nothing about how it works. Like, how does a program do programmy things? What’s an internet?

I actually don’t know the difference between malware and a virus so I’m going to use the terms interchangeably in this post, if you can explain it to me like I’m six in the comments that would be greatly appreciated.

So here’s what happened. Yesterday morning I got up, and as part of my morning routine I turned on my laptop. I usually hit the power button, go make coffee, feed the dog and come back because it takes a few minutes to get going. Yesterday was no exception. I turned on the computer, left the room and came back…to a weird white screen I had never seen before.

And…it looked like this.

28802_1360847914

(I found this pic on Google images, mine said $150 not $100)

So basically I had 45 heart attacks. If you don’t know, the RCMP is the federal and national police force of Canada. It’s like if an FBI warning popped up on an American’s computer. And my computer was completely locked on this screen, like I couldn’t get to my start menu, my desktop, nothing. I scanned it super quickly, saw the words “$250000 fine” “illegal” “child pornography” “zoophilia” and “deprivation of liberty” and then I guess my brain shut down for a moment. I turned off my computer by holding down the power button, let the dog in from his pee, and kind of freaked out for a bit.

Now, of course I was not viewing or distributing the files it was saying I was. And I’m the only person who uses this computer so that bit couldn’t be true. After a few moments of OMG NOOOOOO I’M GOING TO JAIL FOR SOME REASON I leveled out and thought “they must have made a huge mistake, I have to call them and fix this, I can’t pay a huge fine like that!!!” And I turned my laptop back on to find a contact number.

It turned on and went straight back to that screen. I decided to read the entire thing slowly and deliberately, to make sure I didn’t miss anything and to know exactly what it was saying I had done. And that’s when I noticed a few things that were a bit off about it. First of all, where that black box is with the handcuffs in the above image, it said my ISP address, the name of my service provider and my computer username (novaisawesome) but nowhere on the thing did it say my real name. You’d think any type of legal document dealy would have my name on it front and center, right?

Secondly, there was no contact information whatsoever.

Thirdly, and most importantly, at the bottom of the page, the font changed to some kind of comic sans type lime green lettering and said if I paid them $150 within 72 hours then the criminal charges would not be executed. Hm. Is that the same deal they offer to all child porn distributors? Oh just pay us a hundred bucks and we’ll forget everything, buddy! No worries mate!

IfiYs6wqlUul

So that made me suspicious. I went onto Ryan’s computer and googled the International Cyber Security Protection Alliance. It turns out it is a real thing, but on their front page it says:

The name of the ICSPA and various law enforcement agencies are being used in an attempt to trick citizens into making payment to criminal groups who are carrying out a ransomware scam.  Anyone who receives email communications to ‘release’ or ‘unblock’ their computer should report their concerns to their local police services and under no circumstances pay any money.  If you have received an email like this, your device is probably infected with malicious software.  You are advised to use a reputable computer repair facility to have your device disinfected, or use a reputable security product to do this for you.

Man, I felt so relieved, first of all. And then angry. Some stranger, somewhere in the world has created this sense of panic in thousands of people and in the same fell swoop, extorted money from them as well. I mean, if I were less of a critical thinker, I probably would have been scared enough to have just paid the $150. I have never ever been in a situation where I’ve thought to myself “oh shit, I’m in trouble with the law” like that and I never want to feel that way again. I would have done anything in those few minutes just to make it go away.

Anyway I didn’t have time to do anything about the virus just then, as Ryan had gotten home from his night shift and I had to get my clothes out of the bedroom before he went to bed. That whole scene tainted the entire day with an air of panic, it poisoned my blood. When I got home that night I was feeling tired and didn’t want to deal with all that computery business so I left it for this morning.

This is actually a really common virus, apparently. There are tons of YouTube videos and websites explaining how to get rid of it. I was on a mission pretty much as soon as I got up this morning and tried a bunch of things before one finally worked.

First I tried booting up in safe mode, with the intention of restoring my computer to an earlier date, but even in safe mode the fucking virus was blocking everything. I guess it just opens up in front of everything, so no matter what you do it’s there.

Then I tried unplugging the internet because one YouTuber said that the virus attaches itself to Internet Explorer, and then from there you can open up in Safe Mode and do whatever. So I unplugged every damn thing I could think of that would throw internet my way, restarted my computer in Safe Mode and…nope. Still there.

Then I tried following this guy through the steps of doing safe mode with command prompt and deleting a specific file name on the scary black screen, but my computer couldn’t find the file name, so I guess the guy in the video had a different virus than I did.

Then I tried to find out the damn name of my virus so I could delete it the same way that guy in the video did, but I had no idea how to do that so I gave up.

Then I took a break and had some breakfast. And went back onto YouTube and found another video that had a method that actually worked!

Here’s what finally ended up working for me (this is for Windows 7):

1. Restart computer. (Ctrl alt del still works with this virus you can do it that way, but if it doesn’t for whatever reason just hit the power button to turn it off and then back on again.)

2. Hit f8 a bunch of times as it’s restarting.

3. Select “safe mode with command prompt” using your arrow keys, then hit enter.

4. Don’t freak out when all you see is a black box with some computery writing stuff in it.

5. Don’t hit enter or anything, just type where the cursor already is.

6. Type NET USER /ADD USERNAME PASSWORD

7. Hit enter. It should say “command accepted” or something like that.

8. Type NET LOCALGROUP ADMINISTRATORS USERNAME /ADD

9. Hit enter. It should say the same thing again. “command accepted” or whatever.

10. Do control alt delete and restart normally.

11. Then it’ll restart and you’ll have created another account.

12. The username is USERNAME and the password is PASSWORD. Sign in.

13. Ta daaa your computer is working. Now do something to get rid of the virus.

14. I downloaded malwarebytes and ran it the quick scan, and then deleted all viruses.

15. It said I had to restart to get rid of the viruses when it was done, so I did.

16. Magic. Except this malwarebytes program is a bit annoying now, it keeps telling me it’s blocking things every five seconds. I just right clicked on it and selected “hide icon and notifications” so hopefully that helps. At least its little messages aren’t popping up anymore.

I really did feel all cool when I was typing in the commands, haha. I was like “man I wish someone was filming me and playing techno music right now”.

I’ve only been using my computer for about half an hour since I did that, but so far so good. I was so bummed out yesterday. I didn’t like the thought of having to go into a repair shop and pay like a hundred bucks for them to fix it. Especially if they weren’t familiar with this virus, because then I’d have to be all like “no, I swear I didn’t distribute animal porn, it’s not real!” you know?

Anyway so that was … a learning experience. Good times.

Advertisements

14 thoughts on “How to get rid of the ICSPA moneypak scam virus because now I’m like those hackers in the movie Hacker.

  1. This was an awesome (well, novaisawesome) 😉 post – a friend of mine dealt with this virus a couple months ago. It was a thing. A very bad thing.

  2. We actually did a news story about this virus a while ago. It’s ridiculous and makes me angry to think how many people have probably been taken advantage of because of it.

  3. Ugh! I wonder how many people have fallen for that. So glad you got to be awesome and hacker-y, I totally would’ve relished that too.

    Next time (hopefully there won’t be one) could you try a system restore? I used to do that on my PC when this would happen to me. You can set your computer to take a “copy” on a particular day, and then you can go back to the configuration of that day. Your documents are saved, but if you downloaded any programs between the copy day and the current day (including viruses) they’re gone, I believe.

    • I tried to actually but I couldn’t get anywhere, like the screen was ONLY that image no matter what I did. That was the first thing my boss suggested too. (He knows a lot more about computers than I do).
      I wish that nobody has fallen for this but … I mean … I know if it were my mom or some other people I know, they might.

  4. Holy shit, this is horrendous! I’d have been TOTALLY freaking out. You did so well to be calm and critical and then, not only that, fix the virus. Gold star for you!

  5. Oh god im so glad you wrote this. Same thing has just popped up on my apple imac (different operating system i know) and mine is asking for $300! Whaaaat!
    Im in australia. It freaked me out so bad but i have hope now that i can get this shit off my computer.

    Will try fix it up when i get home tomorrow as im off to work right now.

tell me something

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s