Icpp foundation website virus
Closed
Lilian
-
Apr 10, 2010 at 10:10 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 7, 2010 at 04:22 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 7, 2010 at 04:22 AM
Related:
- Icpp foundation website virus
- Goose virus - Download - Other
- Can jpg have virus - Guide
- Online virus scan - Guide
- Ntuser.dat virus - Guide
- Chrome redirect virus - Guide
16 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 11, 2010 at 05:28 AM
Apr 11, 2010 at 05:28 AM
Hello Lilian,
I am not at all surprised that Norton did not prevent the infection as matter of fact I would have been surprised if it had. Call Symantec to help you, they will charge $99.95 USD.
Seem that your system is infected by a redirecting trojan and Spybot Search and Destroy is now very well equiped to handle these Trojans.
Download, install and run Spybot. During the installation process, I suggest you uncheck the Tea Timer component for I sometimes find it a pain.
https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/
If you still encounter difficulties, you are welcome to return for there other solutions.
I would appreciate your feedback.
Regards
I am not at all surprised that Norton did not prevent the infection as matter of fact I would have been surprised if it had. Call Symantec to help you, they will charge $99.95 USD.
Seem that your system is infected by a redirecting trojan and Spybot Search and Destroy is now very well equiped to handle these Trojans.
Download, install and run Spybot. During the installation process, I suggest you uncheck the Tea Timer component for I sometimes find it a pain.
https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/
If you still encounter difficulties, you are welcome to return for there other solutions.
I would appreciate your feedback.
Regards
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 22, 2010 at 05:55 AM
Apr 22, 2010 at 05:55 AM
Angela,
See my answer of April 11th, your solution is there
See my answer of April 11th, your solution is there
I have read all the posts here but they dont seem to have the solution to my problem. The trouble is, I have to MANUALLY(push the power button) shut off my computer then MANUALLY power it back on. Once the computer boots up, the fake icpp notice pops open automatically & nothing else. There is NO desktop screen, no icons, no toolbars, no time table, NOTHING- just a blue screen. I cant access my start menu even when I press the key on the keyboard. All these post say to download & run something but I cant access ANYTHING on my computer.
Didn't find the answer you are looking for?
Ask a question
You have to Ctrl Alt Del when the screen pops up with the fake lawsuit then click new task then type regedit ...then you have to go in the registry and erase all instances of IQManager...ONLY edit registries if you know what you are doing but this WILL fix it
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 29, 2010 at 03:34 PM
Apr 29, 2010 at 03:34 PM
Hello Papageorgio,
Thank you very much for your hint which I find most interesting. I am curious how you found it.
Cheers
Thank you very much for your hint which I find most interesting. I am curious how you found it.
Cheers
please help!!! the problem is same..."have read all the posts here but they dont seem to have the solution to my problem. The trouble is, I have to MANUALLY(push the power button) shut off my computer then MANUALLY power it back on. Once the computer boots up, the fake icpp notice pops open automatically & nothing else. There is NO desktop screen, no icons, no toolbars, no time table, NOTHING- just a blue screen. I cant access my start menu even when I press the key on the keyboard. All these post say to download & run something but I cant access ANYTHING on my computer."
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 29, 2010 at 04:21 PM
Apr 29, 2010 at 04:21 PM
Hello Moni
Can you boot in safe mode ?
Do you have access to command prompt?
What is your OS?
Can you boot in safe mode ?
Do you have access to command prompt?
What is your OS?
ambucias...i have the same prob as moni. safe mode doesn't work, but i can do safe mode with command prompt. what do i do now?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
May 1, 2010 at 05:00 PM
May 1, 2010 at 05:00 PM
Hello a;whatever,
If you can go into safe mode with command prompt go to safe mode with networking you should then be able to download RKill and follow my directives from April 11.
If you can go into safe mode with command prompt go to safe mode with networking you should then be able to download RKill and follow my directives from April 11.
I love you Ambucias , ahah
you saved my life and alot of money ,
i keep getting these errors or "...encountered a problem and needs to close"
problems is there something still wrong ?
you saved my life and alot of money ,
i keep getting these errors or "...encountered a problem and needs to close"
problems is there something still wrong ?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
May 4, 2010 at 05:01 AM
May 4, 2010 at 05:01 AM
Love you too Riley,
Please give me details what is that encountered a problem and needs to close? Yes there is still something wrong but not major. Also please tell me what is your OS.
Please give me details what is that encountered a problem and needs to close? Yes there is still something wrong but not major. Also please tell me what is your OS.
License key to unlock your pc: RFHM2-TPX47-YD6RT-H4KDM
Remove Files and Folders:
%UserProfile%Application DataIQManager
%UserProfile%Application DataIQManageriqmanager.exe
%UserProfile%Application DataIQManagersettings.ini
%UserProfile%Application DataIQManagertorrents
%UserProfile%Application DataIQManageruninstall.exe
%UserProfile%Application DataIQManagerwallpaper.jpg
%UserProfile%Application DataIQManagerlanguages
%UserProfile%Application DataIQManagerlanguagesCzech.lng
%UserProfile%Application DataIQManagerlanguagesDanish.lng
%UserProfile%Application DataIQManagerlanguagesDutch.lng
%UserProfile%Application DataIQManagerlanguagesEnglish.lng
%UserProfile%Application DataIQManagerlanguagesFrench.lng
%UserProfile%Application DataIQManagerlanguagesGerman.lng
%UserProfile%Application DataIQManagerlanguagesItalian.lng
%UserProfile%Application DataIQManagerlanguagesPortuguese.lng
%UserProfile%Application DataIQManagerlanguagesSlovak.lng
%UserProfile%Application DataIQManagerlanguagesSpanish.lng
%UserProfile%Application DataIQManagerlanguagestemplate.lng
%UserProfile%DesktopI-Q Manager.lnk
Remove Registries:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIQManager
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "iqmanager.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = "%UserProfile%Application DataIQManageriqmanager.exe
Source: http://www.removeadware.com.au/articles/copyright-violation-alert/
Remove Files and Folders:
%UserProfile%Application DataIQManager
%UserProfile%Application DataIQManageriqmanager.exe
%UserProfile%Application DataIQManagersettings.ini
%UserProfile%Application DataIQManagertorrents
%UserProfile%Application DataIQManageruninstall.exe
%UserProfile%Application DataIQManagerwallpaper.jpg
%UserProfile%Application DataIQManagerlanguages
%UserProfile%Application DataIQManagerlanguagesCzech.lng
%UserProfile%Application DataIQManagerlanguagesDanish.lng
%UserProfile%Application DataIQManagerlanguagesDutch.lng
%UserProfile%Application DataIQManagerlanguagesEnglish.lng
%UserProfile%Application DataIQManagerlanguagesFrench.lng
%UserProfile%Application DataIQManagerlanguagesGerman.lng
%UserProfile%Application DataIQManagerlanguagesItalian.lng
%UserProfile%Application DataIQManagerlanguagesPortuguese.lng
%UserProfile%Application DataIQManagerlanguagesSlovak.lng
%UserProfile%Application DataIQManagerlanguagesSpanish.lng
%UserProfile%Application DataIQManagerlanguagestemplate.lng
%UserProfile%DesktopI-Q Manager.lnk
Remove Registries:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIQManager
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "iqmanager.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = "%UserProfile%Application DataIQManageriqmanager.exe
Source: http://www.removeadware.com.au/articles/copyright-violation-alert/
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
May 7, 2010 at 04:22 AM
May 7, 2010 at 04:22 AM
Osprey,
Thank you very much for this valuable hint and solution.
Regards
Thank you very much for this valuable hint and solution.
Regards
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 11, 2010 at 04:38 PM
Apr 11, 2010 at 04:38 PM
Hello,
This Trojan Horse is sturdier than I first thought, this time we will send it to the glue factory.
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
You should now see a window that shows all of your desktop icons, including the rkill.com program. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the horse programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself. So, please try running Rkill until malware is no longer running.
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
There, fini with the foundation.
This Trojan Horse is sturdier than I first thought, this time we will send it to the glue factory.
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
You should now see a window that shows all of your desktop icons, including the rkill.com program. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the horse programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself. So, please try running Rkill until malware is no longer running.
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
There, fini with the foundation.
Thank you for taking the time to help with this problem.
I have attempted the steps you mentioned. Rkill detects iqmanager.exe and terminates on the first run. However, after about 20 subsequent runs, I still have the locked background, and cannot access my desktop, with Rkill terminating no other programs. I downloaded MBAM, but as I cannot access the desktop I was unable to rename it. I ran from the downloads window in Firefox, and after completing a full scan about 17 infected objects were detected and removed. I wanted to paste the results here, but have no way to do so, at least not that i could think of.
At this point, with iqmanager no longer running, I could not even bring up a browser window, and was forced to reboot. Alas, the malware is still present. I'm not sure how to proceed. Any other ideas? And again, thank you for your time.
I have attempted the steps you mentioned. Rkill detects iqmanager.exe and terminates on the first run. However, after about 20 subsequent runs, I still have the locked background, and cannot access my desktop, with Rkill terminating no other programs. I downloaded MBAM, but as I cannot access the desktop I was unable to rename it. I ran from the downloads window in Firefox, and after completing a full scan about 17 infected objects were detected and removed. I wanted to paste the results here, but have no way to do so, at least not that i could think of.
At this point, with iqmanager no longer running, I could not even bring up a browser window, and was forced to reboot. Alas, the malware is still present. I'm not sure how to proceed. Any other ideas? And again, thank you for your time.
Ok, I've managed to get my desktop back. I opened explorer through task manager and deleted the iqmanager directory. I then ran regedit and changed the shell in hkey_current_user/software/microsoft/windowsNT/currentversion/winlogon from iqmanager.exe back to c:\windows\explorer.exe.
I'm going to continue running antivirus software, as I am skeptical as to whether this thing has been taken care of permanently.
Thanks again for all the help, and if there is anything else you would recommend for the safety of my system, please let me know.
I'm going to continue running antivirus software, as I am skeptical as to whether this thing has been taken care of permanently.
Thanks again for all the help, and if there is anything else you would recommend for the safety of my system, please let me know.
I did all things that are above,,
but I'm still having problem
I still cannot see any of icons on my back ground, and there seems no way to solve this problem...
but I'm still having problem
I still cannot see any of icons on my back ground, and there seems no way to solve this problem...
i have a new acer laptop and i just got rid of this icpp virus by using contol+alt+del and gowing to task manager then file then new task and typing in contol panel then removing ap manager ( i didnt have anything under iq manager) then i restarted my computer and it was gone. then i emptyed my recyle bin
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Apr 30, 2010 at 04:49 PM
Apr 30, 2010 at 04:49 PM
Thank you Chris G
First off. n00bs.
Second. Your using Norton, Spybot, and/or McAffee.
https://torrentfreak.com/malware-extort-cash-from-bittorrent-users-100411/
This should have some info on your problem.
Second. Your using Norton, Spybot, and/or McAffee.
https://torrentfreak.com/malware-extort-cash-from-bittorrent-users-100411/
This should have some info on your problem.
Apr 11, 2010 at 10:46 AM
I am having the same issue with the ICPP virus. I've downloaded and run spybot, but the trojan remains. Any other ideas on how I might be able to remove it? I'm using Mcaffee antivirus. Thanks for the help.