W00t! The first batch of Ukash Viruses for 2013 is here! Now aren’t they lovely?^^ Actually, absolutely not. And here I thought that perhaps ransomware infections would dwindle out of existence with the news that Spanish police arrested ransomware gang, icspabut of course not. Now we have things like ICSPA Virus ruining our mood, and the problem is that it’s the same old threat, with a new face, meaning – ABSOLUTELY ANNOYING.

So what do we know about ICSPA Virus? Well, we are sure of the fact that this ransomware infection is distributed by Urausy Trojan. Also, it’s not exactly the infection name, as much as an alias, because there are several new Ukash infections that have the International Cyber Security Protection Alliance logo plastered on their interfaces, and so it makes poor users think that (ack!) they are busted because their computers are locked by some huge international cyber security organization. Here’s a news flash for you – the original ICSPA has NOTHING to do with the infection. You have been FOOLED.

The infections known to be using the name of ICSPA are United Kingdom Police Virus, Royal Canadian Mounted Police Virus, Australian Federal Police Virus and so on. The main idea behind these infections is that the ransomware locks down your computer and scares you shitless by displaying a fake law enforcement authority notification, for example:

You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.

The amount of fine is £100. You can pay a fine Ukash or PaySafeCard.

The message above is an extract of the notification displayed by United Kingdom Police Virus (a.k.a. ICSPA Virus). So, basically, this infection makes users think that they have done something terribly wrong. When the user is scared he is more bound to do what he is told, so it’s no surprise that tons of people end up transferring money via Ukash or PaySafeCard, thinking that, oh my gosh, I have to avoid prosecution!

Umm, reality check! What prosecution? ICSPA Virus is computer MALWARE and it cannot initiate a legal case against any person. We have to initiate cases against people who have CREATED ICSPA Virus. However, before we get to that, we need to get our desktops back, now don’t we?

How to unlock your PC:

Windows Vista & Windows 7

  1. Restart the computer and tap F8 key continuously once BIOS screen loads.
  2. In case Windows logo shows up, restart the PC and try again.
  3. Now use arrow keys to navigate and choose Safe Mode with Networking. Press Enter.
  4. Access the Internet and download a reliable malware scanner.
  5. Follow the scanner installation wizard to install it, and then run a full system scan.

Windows XP

  1. Repeat the steps above from 1 to 3.
  2. When a confirmation dialog box appears, click Yes.
  3. Access the Internet and download the malware scanner.
  4. Open Start Menu and launch Run.
  5. Type “msconfig” into Open box. Click OK.
  6. Click the Startup tab on System Configuration Utility when it shows up.
  7. Un-tick all programs that you see on the list.
  8. Click OK to save changes and exit the utility.
  9. Restart your computer again in Normal Mode.

There’s a bunch of computer security websites out there, that always offer pieces of advice on malware removal, so I’d recommend browsing those sites and contacting them. Or you can leave me a comment if you have any questions about ICSPA Virus. I will try to answer it as best as I can.



2 thoughts on “ICSPA Virus

  1. i have xp and tried to start it on safe mode with networking but the icspa screen still comes up which locks my screen. I cant get to the browser. Thanks

    • Hi.
      Sorry for late reply. Yeah, I’ve heard that there are cases, even when Safe Mode with Networking doesn’t work :/
      In that case, I think you should try loading Safe Mode with Command Prompt. Try this:
      1) Restart your computer again, and load Advanced Boot Options menu (F8).
      2) Choose Safe Mode with Command Prompt. I think ICSPA Virus should not appear now.
      3) Run “regedit” and look for Winlogon.
      4) When you find it, look for a small key called “Shell” under Winlogon. Usually it says either explorer.exe or is simply blank. If you see anything else written there, then delete it and type in explorer.exe. Save changes.

      From there, just you should be able to boot your computer in Safe with mode with Networking and follow the instructions posted in the article. Good luck!!
      And don’t hesitate to ask again, if you have any question about it 🙂 or if something does not work out T.T

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s