Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Changes background
  • Connects to the internet without permission
  • Shows commercial adverts
  • Annoying Pop-up's

Information Resources Management Association Virus

Information Resources Management Association Virus is a ransomware application that requires a 250 USD release fee from infected computer users. The ransomware locks infected computers blocking the desktop access and making the users think that they have committed something wrong. Users cannot access their desktops, because they are blocked by the message displayed by Information Resources Management Association Virus. The notification looks legitimate because the infection makes use of legitimate symbols and logos that belong to well-known companies and organizations. For example, Information Resources Management Association (IRMA), Business Software Alliance (BSA), McAffee, 7Eleven, Walmart and others. When a user sees the symbols of these organizations he believes that the notification is legitimate.

Unfortunately, that is very far from the truth, because Information Resources Management Association Virus is yet another variant of Ukash virus infection. Unlike previous versions such as FBI MoneyPak, Microsoft Windows Ukash Virus or Federal Computer Crime Unit Virus, the new ransomware infection does not "use" Ukash or PaySafe programs to receive the payment. Information Resources Management Association Virus utilizes MoneyPak payment system and even displays contact information that the user can use in case he has any inquiries regarding the payment.

However, the notification displayed by Information Resources Management Association Virus has not grounds and this ransomware application only wants your money, so you mustn't pay attention to anything it says:

Now your PC is locked by Business Software Alliance trade group and Information Resources Management Association.

If you don't pay the fee, all data about using of pirate (forbidden) content, your personal IP address, webcam data (if you use it) will be sent to the self-government, where your case will be considered on an individual basis and appropriate measure will be taken.

How to unlock your computer?
You should buy MoneyPack code denominated of 250 dollars.

Do take note that a Moneypack payment system does not even exist. It imitates the name of "Moneypak" that is the only known pre-paid card payment system. Even so, you should never pay a single cent to Information Resources Management Association Virus, because it will never unlock your computer, and you will only lose your money.

We recommend removing Information Resources Management Association Virus with SpyHunter to fix your system right away. In order to do that, do the following:

For Windows Vista & 7:
1. Reset your computer and press F8 while the system loads.
2. Select Safe Mode with Networking and press Enter.
3. Go here to download SpyHunter: http://www.pcthreat.com/download-sph
4. Install SpyHunter and terminate the ransomware.

For Windows XP:
1. Repeat the steps 1 and 2 described above.
2. Click Yes button on the confirmation box.
3. Download SpyHunter from our page.
4. Open Start menu and launch Run.
5. Type "msconfig" into the Open box and press OK.
6. When System Configuration Utility loads click the Startup tab.
7. Uncheck all programs on the list. Click OK to save changes.
8. Restart the computer in Normal mode.
9. Install the computer security program and erase Information Resources Management Association Virus.

Download Spyware Removal Tool to Remove* Information Resources Management Association Virus
  • Quick & tested solution for Information Resources Management Association Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Information Resources Management Association Virus

Files associated with Information Resources Management Association Virus infection:

C87C.exe
Other.res
ssntvs.exe
msnmsgrr.exe
Piranha.exe
scvhost.exe
skype.dat
crack.exe
najeoxtt.exe
ifgxpers.exe
2084473.dll
p1.exe
wpbt0.dll
videotwisterSA.exe
TimeDateMUICallback.exe
00qbipeq.exe
brenasa.exe
b34btbztdb0vavaw.exe
svchost.exe
uenovfiu.exe
install_0_msi.exe
%WINDIR%\system32
secproc_isv.exe
oygqyunapnp.exe
mplayer2.exe
UpdatePriv.exe
msavfit.exe
ex3b.dll
Nbt.exe
WINDED6.exe
aPr0hY9.exe
xctqakcqbeo.dll
administration.exe
96dddda4.dll
OmaSG21e.exe
dqnbdq7.dss
87b2cb3916261d5c807bf44262755cb0.exe
ieudator.dll
%UserProfile%
Task Scheduler.exe
%TEMP%
yaiiwockc.dll
%ALLUSERSPROFILE%
comeo.exe
%WINDIR%\Temp
rvcbcyks.exe
50E1.exe
puozlkmyj.dll
3511172082012Build.exe
VaultSysUi.exe
iner.exe
msn.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
%APPDATA%\updates
zqmkrehUkpoKfsafsaZg.exe
Firewallservice.exe
taskhost.exe.exe
ubvhynpxh.exe
wlsidten.dll
bf8h8d02hf.exe
WinSyncMetastore.exe
pmstcdjwz.exe
xaZYOVJW.exe
ctfmon.exe
csrsss.exe
Updating.exe
audipbrd.exe
%ALLUSERSPROFILE%\Application Data
systemcpl.exe
obvwo.exe
DA0B.exe
jsdhlexdqkllnbcxgai.bfg
魔法桌面第三方主题破解补丁V1.1.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
JfCqQ5JC.exe
securitywindrv.exe
%AppData%
questscan.dll
hwj3ba6j.dss
%CommonProgramFiles%
xlqbteeb.exe
dtkmujvo.exe
xmlfilter.exe
idiokbbrv.exe
wgsdgsdgdsgsd.exe
m2PythonLoader.exe
Q3d38543.exe
wjthvwjb.dss
wahneaqa.exe
%LOCALAPPDATA%\lollipop
%SystemDrive%\????????????
UpgradeHelper.exe
bzsbkotiu.exe
SyncHostps.exe
00b5d693.exe
msshell.exe
gcrwcoak.exe
DLL321.dll
setex.exe
dyjdl.exe
MusicCollector.exe
msdtmsrd.exe
n.
rool0_pk.exe
pYunY8m4VL3qLc.exe
%LOCALAPPDATA%\Temp
ACEIEAddOn.dll
bvhylsviw.exe
sqlncli.exe
acuvzomo.exe
%APPDATA%\system
%APPDATA%\Task Scheduler
wlsidten.exe
NTServiceManager.exe

Information Resources Management Association Virus DLL's to remove:

puozlkmyj.dll
DLL321.dll
96dddda4.dll
2084473.dll
ACEIEAddOn.dll
xctqakcqbeo.dll
questscan.dll
yaiiwockc.dll
ex3b.dll
wlsidten.dll
ieudator.dll
wpbt0.dll

Information Resources Management Association Virus processes to kill:

TimeDateMUICallback.exe
aPr0hY9.exe
install_0_msi.exe
Firewallservice.exe
brenasa.exe
ifgxpers.exe
mplayer2.exe
ubvhynpxh.exe
oygqyunapnp.exe
OmaSG21e.exe
taskhost.exe.exe
00b5d693.exe
m2PythonLoader.exe
UpgradeHelper.exe
ctfmon.exe
C87C.exe
MusicCollector.exe
zqmkrehUkpoKfsafsaZg.exe
msavfit.exe
csrsss.exe
pYunY8m4VL3qLc.exe
bvhylsviw.exe
wlsidten.exe
xlqbteeb.exe
secproc_isv.exe
administration.exe
WinSyncMetastore.exe
pmstcdjwz.exe
87b2cb3916261d5c807bf44262755cb0.exe
VaultSysUi.exe
Q3d38543.exe
msdtmsrd.exe
SyncHostps.exe
svchost.exe
wahneaqa.exe
魔法桌面第三方主题破解补丁V1.1.exe
gcrwcoak.exe
rool0_pk.exe
uenovfiu.exe
iner.exe
rvcbcyks.exe
WINDED6.exe
msshell.exe
00qbipeq.exe
sqlncli.exe
scvhost.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
NTServiceManager.exe
audipbrd.exe
Nbt.exe
3511172082012Build.exe
DA0B.exe
50E1.exe
wgsdgsdgdsgsd.exe
idiokbbrv.exe
UpdatePriv.exe
acuvzomo.exe
obvwo.exe
setex.exe
Piranha.exe
msnmsgrr.exe
crack.exe
Updating.exe
xmlfilter.exe
bzsbkotiu.exe
dtkmujvo.exe
dyjdl.exe
xaZYOVJW.exe
ssntvs.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
msn.exe
securitywindrv.exe
JfCqQ5JC.exe
p1.exe
b34btbztdb0vavaw.exe
Task Scheduler.exe
systemcpl.exe
bf8h8d02hf.exe
najeoxtt.exe
videotwisterSA.exe
comeo.exe
Disclaimer

Comments

  1. Christopher Dec 1, 2012

    thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my have a anti-virus, then too this virus infect my system but from where it entered? Anyone let me know let me know about this?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.