DirtyDecrypt.exe file locking ransomware virus locks files. This virus appears to locking specific files. That includes photos, pdf files, excel, and other financial data. It does not lock all files. But very specific to files that recently been used or modified. When user tries to open file or PDF file DirtyDecrypt.exe locks that files and shows it is been encrypted. It shows following message on screen:

File is encrypted
This file can be decrypted using the program DirtyDecrypt.exe
Press CTRL+ALT+D to run DirtyDecrypt.exe
If DirtyDecrypt.exe not opened сheck the paths:
C:\Program Files\Dirty\DirtyDecrypt.exe
C:\Documents and Settings\[USERNAME]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe
C:\Program Files (x86)\Dirty\DirtyDecrypt.exe
C:\Users\[USERNAME]\AppData\Roaming\Dirty\DirtyDecrypt.exe
C:\Documents and Settings\[USERNAME]\Application Data\Dirty\DirtyDecrypt.exe

It asks for $100 or 100 Euro to decrypt those files and get rid of that virus. This is new type of ransomware. Previously we have seen viruses where it locks screen and user have to buy MoneyPak or Ukash. But DirtyDecrypt.exe file locking ransomware virus is newer version or improved version of threat. Most antivirus cannot detect DirtyDecrypt.exe file. This exe also encrypts files and folder. It can load Rootkit to computer browser and causes headache for computer users. Most likely DirtyDecrypt.exe file locking ransomware virus removes all restored point and known good configuration. Some command file shows up on screen asking you to run. But do not run this program. To remove DirtyDecrypt.exe file locking ransomware virus please follow this guide. For some reason if you cannot decrypt your files please get in touch with our tech experts.
Read More →

You have 48 hours left to enter your payment is a message from a various ransomware. This one can be as it is from Spamhaus XBL Advisory infecting users from Switzerland. There are other version of similar screen lockers. In USA similar ransomwares is known as FBI MoneyPak Virus or FBI cybercrime division international cyber security protection alliance Virus or department of justice virus. Canada it is known as Royal Canadian Mounted Police (RCMP) Ukash virus, for Australia it is known as Australian Federal Police (AFP) Ukash virus and for UK it known as Police Central e-crime Unit (PCeU) virus. So don’t panic. Here is the extract from the “You have 48 hours left to enter your payment” virus”

The Spamhaus Project
XBL Advisory
Ref: XBL198923423
tracking time: 1 w 10 h 03 m
Responsible agent: Who Cares
Address: 12348 Avenue blah blaha CH-1209 Geneva Switzerland
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms).
You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT
what exactly is The Patriot Act?
The Patriot Act is short for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
We have the right backed by law:
Sec. 201. Authority to intercept wire, oral, and electronic communications relating to terrorism.
Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
Sec. 209. Seizure of voice-mail messages pursuant to warrants.
Sec. 217. Interception of computer trespasser communications.
With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers.
You IP address was identified and isolated by our organization in connection with a complaint to the involvement of distributed denial of service attack such organizations: NASDAQ and BATS stock exchange markets and WIKI LEAKS.ORG website. Such attacks caused $15 billion in damage. In order to isolate this infected file we have blocked your access to the outside world and your IP address was listed in our XBL Block List. You cannot use the internet or any of your programs.
You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay a fine of $ 300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP address will be restored to good standings with XBL Block List.
If you don’t pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our losses. Do not take a chance to be convicted as a felon.
Our Spamhaus agent has conducted a full check of your system and found following violations:
• You are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and philosophic.
• You possess unlicensed software and pirate audio and video records.

Read More →

The ICE Cyber Crime Center virus is a ransomware. This particular type of Reveton virus infecting user from the United States of America. It show message stating your computer has been blocked. Here is actual message from the ICE Cyber Crime Center virus:

ICE Cyber Crime Center
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.
Your computer has been blocked!
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of $400.
After paying the fine your computer will be unblocked. (In the case of second violation you will become the subject of criminal prosecution without the right to pay the fine!)
Please note: The fine may only be paid within 48 hours, if you let 48 hours pass without payment, the possibility of unlocking your computer expires. In this case a criminal case against you will be initiated automatically.

It asks for $400 to unlock computer. If you have multiple account, ICE Cyber Crime Center virus can lock all of them. Just ignore this message. We have seen various ransomware over the years. To give you just an idea, in USA similar ransomwares are known as FBI MoneyPak Virus or FBI cybercrime division international cyber security protection alliance Virus or department of justice virus. Canada it is known as Royal Canadian Mounted Police (RCMP) Ukash virus, for Australia it is known as Australian Federal Police (AFP) Ukash virus and for UK it known as Police Central e-crime Unit (PCeU) virus.
To remove ICE Cyber Crime Center Virus follow this guide and remove this virus. If you cannot get into safe mode with networking then you might need help from technicians. Feel free to call our tech team and learn how can we help you remove ICE Cyber Crime Center Virus.
Read More →

Joint Chiefs of Staff virus is a screen locker virus. It shows message from “Joint Chiefs of Staff” and warn users that their work of computer has been suspended on the grounds of the violation of the law of the United States of America. Even though message looks legit but It is not. There are two types of Trojan involved in locking down your computer. First one it known as Reveton and second is Urausy. Both are locking user computer since 2012 and demanding ransom to unlock. Joint Chiefs of Staff virus is not as not exception. Some users mentioned this virus as Moneypak Virus. Here is the actual message on screen:

Joint Chiefs of Staff
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.
Possible violations are described below:
Article – 184. Pornography involving children (under 18 years)
Imprisonment of the term of up to 10-15 years (The use or distribution of pornographic files)
Article – 171. Copyright
Imprisonment for the term of up to 2-5 years (The use or sharing copyrighted files)
Article – 113. The use of unlicensed software
Imprisonment for the term of up to 2 years (The use of unlicensed software)
The first violation may not entail the criminal liability if the payment of the fine in connection with the law of loyalty to the people, on 26 January 2013, in repeated violations of the criminal responsibility is inevitable.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $400.
How do I unlock computer using MoneyPak?
1. Find a retail location near you.
2. Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash. A service fee of up to $4.95 will apply.
3. To pay fine, you should enter the digits MoneyPak resulting code in the payment form and press Pay MoneyPak.
In connection with the decision of the Government as of January 26, 2013, all of the violations described above could be considered criminal. If the fine has not been paid, you will become the subject of criminal prosecution. The fine is applicable only in the case of a primary violation. In the case of second violation you will appear before the Supreme Court of the USA.
Amount of the fine is $400. Payment must be made within 48 hours after the computer blocking. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine. The Department of the Fight Against Cyber activity will confiscate your computer (after 48 hours)
An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted.
All illegal activities conducted through your computer have been recorded in the Police Database, including photos and videos from your camera for further identification. You have been registered by viewing pornography involving minors.
After paying the fine your computer will be unblocked. (In the case of second violation you will become the subject of criminal prosecution without the right to pay the fine!)
Please note: The fine may only be paid within 48 hours, if you let 48 hours pass without payment, the possibility of unlocking your computer expires. In this case a criminal case against you will be initiated automatically.

When user are browsing online most likely they have clicked on wrong link or malicious site’s link. Not knowing what it is user gets infected with this Joint Chiefs of Staff Virus. Some user complains they did not do anything stupid online. They were just watching Youtube link. Well, hackers also use ads to promote their product. So if you have clicked on wrong link there you can get infected with Joint Chiefs of Staff Virus.

Screen locked by Joint Chiefs of Staff Virus

Joint Chiefs of Staff Virus locked screen

As we mentioned this is just fake message. So do not pay any attention to it. To remove Joint Chiefs of Staff Virus and unlock your computer we have described various methods here. Depending upon each situation or skills you have you can use one of the method to remove this virus.
Read More →

Mixi DJ Toolbar is browser hijacker virus. When user downloads free app or application that provides free application, they are also installs unwanted application like Mixi DJ Toolbar. It installs 4 components in your machine. First one is Mixi DJ Toolbar. Second is Mixi DJ search updater. Third is extension of Mixi DJ. Forth is actual application you wanted to download. Sometimes it is observed Mixi DJ Toolbar is associated with another malware named Yonto and Conduit. It can alos changes your default home page to search.conduit.com/?SearchSource. Also it changes your default search engine. If you notice closely you will see all your search are coming from mixidj.delta-search.com site and most of them are not actual item you are looking for. To remove this program here are some steps. For removing from internet explorer:

1. Go to the Start Menu. Select Control Panel >>> Add/Remove Programs.
If you are using Windows Vista, Windows 7, select Control Panel >>> Uninstall a Program.
2. Search for Delta toolbar on IE in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.
3. Open Internet Explorer. Go to Tools >>> Manage Add-ons. Select Toolbars and Extensions. Uninstall everything related to Delta Ltd. from the list: Mixi DJ toolbar, Mixi DJ toolbar helper, Mixi DJ IE plugin, MixiDJ.com, etc.
4. Select Search Providers. First of all, choose Bing or Google search engine and make it your default search provider (set as default). Then select Search the web (Mixi DJ) and click Remove button to uninstall it (lower right corner of the window.
5. Go to Tools >>> Internet Options. Select General tab and click Use default button or enter your own website, e.g. Google.com instead of mixidj.delta-search.com. Click OK to save the changes.

To remove Mixi DJ Toolbar from Google Chrome follow this guide:

1. Open Chrome. Click on the Customize and Control Google Chrome icon.
2. Under “On startup“, choose the option “Open a specific page or set of pages.”
3. Click on “Set pages” and delete Mixi DJ’s page from the list by clicking the small “x” icon besides it.
To change the Search Engine in Google Chrome, please follow the instructions below:
1. Open Chrome. Click on the Customize and Control Google Chrome icon.
2. Click on Settings >>> Under “Search” click on “Manage search engines“: If you see Mixi DJ Search as default, please click on a different option (Google, Bing etc.), make it default.
3. Remove Mixi DJ by clicking the small ‘x’ .
You may also check if any Mixi DJ extension is installed in your Google Chrome. For this, please do as follows :
1. Open Chrome. Click on the Customize and Control Google Chrome icon.
2. Go to Tools >>> Extensions.
3. Remove any Mixi DJ extension (Translator, Toolbar) from the list by clicking on the small trash can icon that will appear when you point the cursor over it.

To remove Mixi DJ Toolbar from Firefox or Mozilla follow this guide:

1. Open Mozilla Firefox. Go to Tools >> Add-ons.
2. Select Extensions. Uninstall the following extension: Mixi DJ To remove Mixi DJ Toolbar.
3. Click the small magnifier icon at the right top corner. Select Manage Search Engines from the list.
4. Select Search the web (Mixi DJ) and click Remove button. Click OK to save the changes.
5. Go to Tools >> Options. Under the General tab reset the startup homepage.

Please continue here with following steps to clean the entire infections. This will ensue your system is clean and traces of Mixi DJ Toolbar virus are removed.
Read More →