cancel
Showing results for 
Search instead for 
Did you mean: 

ICE Cyber Crime virus

I have the ICE Cyber Crime virus on my desktop. I can't get past step two in trying to remove. I shut the computer off and waited at least 10 seconds, switched it on and immediately started pressing F8.

I then arrowed to Safe Mode With Networking, hit enter, selected XP professional as operating system, hit enter, got a page of script, then screen went to "to Begin click user name. Windows then shut down, and restarted (no mention of safe mode)  it displayed Welcome, then opened up to Ice Crime Center screen. How do I get into safe mode and try to get a virus removal tool?

18 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 19

Re: ICE Cyber Crime virus

Moved to Top Threats as a better spot.

You'll have to create a bootable USB drive using another machine as per this tutorial:  http://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-ransomware

See "Automated Removal Instructions for ICE Cyber Crime Center Ransomware using HitmanPro.Kickstart", but read the whole thing.

Re: ICE Cyber Crime virus

Thank you. I followed the instructions, however when I got to Step 10, the HitmanPro window never appeared. Any suggestions?

Georgeas

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 19

Re: ICE Cyber Crime virus

You'll have to ask them about that.  At the bottom of that tutorial it states:

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.

Re: ICE Cyber Crime virus

I recommend you to remove this virus by rebooting your PC into safe mode with networking and scanning your PC with McAfee. Basically, safe mode with networking should work very well with ICE Virus. What I mean is that ICE virus doesn't really block this mode, since this is a Reveton-type of ransomware.

You may use these instructions on how to remove ICE virus in safe mode with networking - http://www.system-tips.net/remove-ice-cyber-crime-center-virus/

If this solution doesn't work, then try the option to restore your PC to an earlier date by running System Restore (provided that you have this system restore option. See how to do it here.

Message was edited by: andreygvozd on 6/14/13 9:09:53 AM CDT
bdg
Level 7
Report Inappropriate Content
Message 6 of 19

Re: ICE Cyber Crime virus

Not any of the online solutions seem to work on the variant of virus that infected my computer. The furthest I could get was the boot screen. I could not make it past the user logon without the ICE screen showing up. When trying to execute any program, my computer would automatically restart.  I tried a boot USB from HitmanPro.  It didn't work either.  Kapersky was no help either. What worked for me was: 1. Hit F8 then select 'Safe Mode with Command Prompt" option 2. Logon to user 3. At command prompt window, type "rstrui.exe", which is the restore command. 4. Select an earlier time period to restore to 5. Computer will restart after restore process 6. Logon to user 7. Run Malwarebytes and HitmanPro to clean any remaining files 8. Free from the ICE virus

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 7 of 19

Re: ICE Cyber Crime virus

bdg wrote:

Not any of the online solutions seem to work on the variant of virus that infected my computer. The furthest I could get was the boot screen. I could not make it past the user logon without the ICE screen showing up. When trying to execute any program, my computer would automatically restart.  I tried a boot USB from HitmanPro.  It didn't work either.  Kapersky was no help either. What worked for me was: 1. Hit F8 then select 'Safe Mode with Command Prompt" option 2. Logon to user 3. At command prompt window, type "rstrui.exe", which is the restore command. 4. Select an earlier time period to restore to 5. Computer will restart after restore process 6. Logon to user 7. Run Malwarebytes and HitmanPro to clean any remaining files 8. Free from the ICE virus

Safe Mode is often a saviour as you found out.   Glad you found a way.

mndad
Level 8
Report Inappropriate Content
Message 8 of 19

Re: ICE Cyber Crime virus

bdg, how did you get the cmd propmt?  My safemode with command prompt also reboots before I can do anything.  I also tried to catch the executable file name but all I see is system32....

Thanks.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 9 of 19

Re: ICE Cyber Crime virus

If you've got Vista or Windows 7 see if this is any use -

http://forums.malwarebytes.org/index.php?showtopic=127895

If you can't get the PC to boot into Advanced Boot Options using F8, or if you've got a different OS, please let us know. Could be something's modified the MBR or even the BIOS.

heini
Level 7
Report Inappropriate Content
Message 10 of 19

Re: ICE Cyber Crime virus

I'm reading a lot about this virus, since A caught it yesterday. Did not had much time to try out all the reamoval procedures... It seems the biggest issue is to get past the lock screen to run antivirus software....

Have anybody tried to remove the harddrive of the infected computer to connected it as external drive to a clean computer, and run the antivirus software from the clean computer scanning the infected harddrive?

Would this work or is there a flaw in my approach?

I appreaciate any feedback. Best regards.