Copyright Violation Alert

[martin-737]

Has anyone encountered this nasty? It wouldn't even let me reboot in safe mode not even the recovery console. I did a search but couldn't find anything other than a previous thread about the latest nasty that's hard to kill but I did not find anything about this "Copyright" thing. Any help? I am running Windows XP sp3 and I am trying to run combofix but I am not booting.

[MobilePCPhysician]

Remove the hard drive and use an enclosure or just slave it to a known clean computer. Run an antivirus program, and malwarebytes. Remove anything they find, and then put it back into the computer.

[Niclo Iste]

Can you give any details leading up to the infection? I dealt with a clients PC lately that was fine until he got an infection. Turns out the infection triggered windows to come up as an unauthorized serial activation. Long story short the service shop in korea that the client went to used an illegal VLK the bug tripped up the system to report itself to MS and I had to get my hands physically on the PC (He lives in korea and luckily was coming to my area the next week) so I could get his CD-Key off the bottom of the laptop and reregister his windows correctly and legally.

[martin-737]

My wife and I went to Acapulco from 4-16 to 4-26, we stayed @ her parents. I ran out of memory form my cameras and borrowed a laptop from one of my wife's cousins. I tried to burn a few DVDs and empty my SD cards. That laptop was seriously infected. You know the symptoms. Alert messages from the tray saying "click this icon to scan your computer" or "somebody is trying to steal your identity, click here blah blah". Her system is all in Spanish and the alerts were in English. I asked her if she knew what that was, she said "No. Whenever that comes on, I just ignore it" The first DVD I was burning failed, could not be finalized. I tried to burn CDs and did burn some but I was going to take some 20 CDs to empy my memory cards so I did what I could and tried to work with it. That laptop even turned off on me while burning a CD. Back in Houston I emptied my memory cards and whatever was in the 11 CD's I could burn in ACA into my PC. Three days later, I wondered if I could savage anything from the unfinished DVD, I put it in and I got a new icon for some APmanager and my computer became sloppy. I got the same messages from my wife's cousin's laptop and my computer became so slow that I had to run Task Manager to end the programs but I got a message saying "Task Manager has been disabled by your administrator". I restarted the computer and it would not restart, it got stuck with a black screen like after POST and right before windows. I restarted again, this time to <Last Good Configuration> and that's when I got the "Copyright Violation Alert" browser. After Windows kicks in and before your desktop comes on (I do not use a password, windows goes right to My Desktop). It takes up the entire screen and you cannot get to your desktop. I rebooted in safe mode and entered into the Administrator account. From there I run Malwarebytes. I rebooted it again and went to Owner account, different from Adminstrator account but with administrator rights. Well even in safe mode Owner accoutn gets the same nasty. Rebooted it again and went to Administrator acct. and followed this thread While my computer was booting and rebooting, I was googling my symptoms form my laptop (needles to say I did not see the end of my wife telling me "I told you to bring YOUR laptop") which runs Vista Home. Downloaded some remedies to my laptop and transferred them to my PC in falsh drives. My laptop also got infected. I read about this infection being called I Q Manager but more recently APManager. Everything I read about it is very recent, Apr 2010, it is some rootkit or backdoor nasty but being so recent I did not find much info. Some people cannot acces their desktop at all. Many advices call for you to go to Contro Panel and uninstall IQManager (or APManager) from there but I did not see them. Others show a screenshot of MBAM showing IQManager but when I ran it it did not show up. So I followed the instructions in the thread sown above and posted this thread Unfortunately, even though I had to be patient, as of this moment I had not a single answer. I decided to run a System restore (from Safe Mode Administrator Account) to a day before we left to Aca. Voila! it worked. However, as I'm writing this, already two IE popped up. I will probably download and run combofix or something, but it will have to be tomorrow.

[martin-737]

About my laptop:Windows Vista Home. When I was plugging the USB flash drives to copy files from the laptop into my infected computer, I got the symptoms I had nasties. This time though, I did not get the "Copyright Violation Alert" browser, instead, I got new icons in my desktop to websites like Youporn and Porn tube and some others. I ran the latest version of HJT and S&D. Now it works "fine" I get a message in my system tray saying that Windows blocked some programs that need permission @ start up, and IE behaves like somebody else is controlling it. Sometimes closes the browser or it behaves like it clicked on a link without the pointer ever moving. I still control the mouse pointer but the browser minimizes or maximizes, or my e-mail goes back to inbox, or it shuts down IE etc. Not so often but once is enough to know something is not right. Even my router stopped working when I was battling with my computer. I had to reset it. I was afraid the nasty was all over my network. All computers work now but like I said, 99&#37; Ok.
What could it be?

[martin-737]

One more detail I missed from my laptop, I've had it for three years but there are no System Restore points previous to Apr 30 2010 which is three days ago so I cannot use it to restore my laptop. And in the list of blocked programs from Windows defender there was a program called x from unverifiable publisher. It runs some piouqi.exe file. I googled it and it returned no results found. I deleted it.

[Niclo Iste]

Ok sounds like it's not the same type of infection. I am curious though, what protection softwares are on the infected machine?

[martin-737]

I think it's Symantec, not sure though.

[davelar3212]

I haven't seen this myself, but I did find this link: http://www.zdnet.com/blog/security/h...ansomware/6329

I think this is what you may have.

[slgrieb]

Yes, martin-737, I don't think there is any doubt that you still have multiple infections, so I'd still run ComboFix and follow up with both Spybot, Malwarebytes, and a virus scan.