Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Changes background
  • Connects to the internet without permission
  • Shows commercial adverts
  • Annoying Pop-up's

Information Resources Management Association Virus

Information Resources Management Association Virus is a ransomware application that requires a 250 USD release fee from infected computer users. The ransomware locks infected computers blocking the desktop access and making the users think that they have committed something wrong. Users cannot access their desktops, because they are blocked by the message displayed by Information Resources Management Association Virus. The notification looks legitimate because the infection makes use of legitimate symbols and logos that belong to well-known companies and organizations. For example, Information Resources Management Association (IRMA), Business Software Alliance (BSA), McAffee, 7Eleven, Walmart and others. When a user sees the symbols of these organizations he believes that the notification is legitimate.

Unfortunately, that is very far from the truth, because Information Resources Management Association Virus is yet another variant of Ukash virus infection. Unlike previous versions such as FBI MoneyPak, Microsoft Windows Ukash Virus or Federal Computer Crime Unit Virus, the new ransomware infection does not "use" Ukash or PaySafe programs to receive the payment. Information Resources Management Association Virus utilizes MoneyPak payment system and even displays contact information that the user can use in case he has any inquiries regarding the payment.

However, the notification displayed by Information Resources Management Association Virus has not grounds and this ransomware application only wants your money, so you mustn't pay attention to anything it says:

Now your PC is locked by Business Software Alliance trade group and Information Resources Management Association.

If you don't pay the fee, all data about using of pirate (forbidden) content, your personal IP address, webcam data (if you use it) will be sent to the self-government, where your case will be considered on an individual basis and appropriate measure will be taken.

How to unlock your computer?
You should buy MoneyPack code denominated of 250 dollars.

Do take note that a Moneypack payment system does not even exist. It imitates the name of "Moneypak" that is the only known pre-paid card payment system. Even so, you should never pay a single cent to Information Resources Management Association Virus, because it will never unlock your computer, and you will only lose your money.

We recommend removing Information Resources Management Association Virus with SpyHunter to fix your system right away. In order to do that, do the following:

For Windows Vista & 7:
1. Reset your computer and press F8 while the system loads.
2. Select Safe Mode with Networking and press Enter.
3. Go here to download SpyHunter: http://www.pcthreat.com/download-sph
4. Install SpyHunter and terminate the ransomware.

For Windows XP:
1. Repeat the steps 1 and 2 described above.
2. Click Yes button on the confirmation box.
3. Download SpyHunter from our page.
4. Open Start menu and launch Run.
5. Type "msconfig" into the Open box and press OK.
6. When System Configuration Utility loads click the Startup tab.
7. Uncheck all programs on the list. Click OK to save changes.
8. Restart the computer in Normal mode.
9. Install the computer security program and erase Information Resources Management Association Virus.

Download Spyware Removal Tool to Remove* Information Resources Management Association Virus
  • Quick & tested solution for Information Resources Management Association Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Information Resources Management Association Virus

Files associated with Information Resources Management Association Virus infection:

pYunY8m4VL3qLc.exe
m2PythonLoader.exe
securitywindrv.exe
JfCqQ5JC.exe
pmstcdjwz.exe
xmlfilter.exe
zqmkrehUkpoKfsafsaZg.exe
mplayer2.exe
UpgradeHelper.exe
skype.dat
oygqyunapnp.exe
魔法桌面第三方主题破解补丁V1.1.exe
msn.exe
WINDED6.exe
scvhost.exe
gcrwcoak.exe
wjthvwjb.dss
C87C.exe
UpdatePriv.exe
%APPDATA%\updates
b34btbztdb0vavaw.exe
hwj3ba6j.dss
rool0_pk.exe
yaiiwockc.dll
ACEIEAddOn.dll
87b2cb3916261d5c807bf44262755cb0.exe
%AppData%
bf8h8d02hf.exe
msshell.exe
crack.exe
sqlncli.exe
administration.exe
Q3d38543.exe
%APPDATA%\Task Scheduler
wgsdgsdgdsgsd.exe
iner.exe
taskhost.exe.exe
3511172082012Build.exe
%UserProfile%
ifgxpers.exe
00b5d693.exe
msnmsgrr.exe
00qbipeq.exe
%APPDATA%\system
ieudator.dll
Other.res
%WINDIR%\Temp
wahneaqa.exe
%LOCALAPPDATA%\Temp
comeo.exe
install_0_msi.exe
msavfit.exe
Piranha.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
TimeDateMUICallback.exe
bzsbkotiu.exe
dqnbdq7.dss
%SystemDrive%\????????????
dtkmujvo.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
n.
50E1.exe
videotwisterSA.exe
96dddda4.dll
Nbt.exe
VaultSysUi.exe
WinSyncMetastore.exe
DLL321.dll
idiokbbrv.exe
audipbrd.exe
systemcpl.exe
obvwo.exe
2084473.dll
%LOCALAPPDATA%\lollipop
svchost.exe
rvcbcyks.exe
Firewallservice.exe
Updating.exe
secproc_isv.exe
%ALLUSERSPROFILE%
bvhylsviw.exe
wlsidten.exe
uenovfiu.exe
SyncHostps.exe
NTServiceManager.exe
%WINDIR%\system32
ex3b.dll
DA0B.exe
%ALLUSERSPROFILE%\Application Data
brenasa.exe
puozlkmyj.dll
ssntvs.exe
xctqakcqbeo.dll
MusicCollector.exe
setex.exe
acuvzomo.exe
OmaSG21e.exe
jsdhlexdqkllnbcxgai.bfg
%CommonProgramFiles%
Task Scheduler.exe
ctfmon.exe
ubvhynpxh.exe
msdtmsrd.exe
questscan.dll
%TEMP%
xaZYOVJW.exe
wlsidten.dll
csrsss.exe
wpbt0.dll
p1.exe
xlqbteeb.exe
aPr0hY9.exe
dyjdl.exe
najeoxtt.exe

Information Resources Management Association Virus DLL's to remove:

DLL321.dll
puozlkmyj.dll
ieudator.dll
yaiiwockc.dll
96dddda4.dll
ACEIEAddOn.dll
xctqakcqbeo.dll
wlsidten.dll
2084473.dll
questscan.dll
ex3b.dll
wpbt0.dll

Information Resources Management Association Virus processes to kill:

zqmkrehUkpoKfsafsaZg.exe
ssntvs.exe
xaZYOVJW.exe
xlqbteeb.exe
Piranha.exe
WINDED6.exe
audipbrd.exe
scvhost.exe
wahneaqa.exe
install_0_msi.exe
Updating.exe
comeo.exe
MusicCollector.exe
VaultSysUi.exe
crack.exe
msavfit.exe
idiokbbrv.exe
secproc_isv.exe
pmstcdjwz.exe
dtkmujvo.exe
aPr0hY9.exe
sqlncli.exe
najeoxtt.exe
NTServiceManager.exe
msn.exe
oygqyunapnp.exe
wgsdgsdgdsgsd.exe
m2PythonLoader.exe
b34btbztdb0vavaw.exe
taskhost.exe.exe
87b2cb3916261d5c807bf44262755cb0.exe
msshell.exe
SyncHostps.exe
UpdatePriv.exe
50E1.exe
systemcpl.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
bvhylsviw.exe
WinSyncMetastore.exe
msnmsgrr.exe
UpgradeHelper.exe
csrsss.exe
3511172082012Build.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
acuvzomo.exe
msdtmsrd.exe
setex.exe
administration.exe
魔法桌面第三方主题破解补丁V1.1.exe
svchost.exe
00qbipeq.exe
obvwo.exe
p1.exe
Task Scheduler.exe
00b5d693.exe
ctfmon.exe
C87C.exe
rool0_pk.exe
Nbt.exe
uenovfiu.exe
gcrwcoak.exe
pYunY8m4VL3qLc.exe
securitywindrv.exe
brenasa.exe
bf8h8d02hf.exe
videotwisterSA.exe
TimeDateMUICallback.exe
dyjdl.exe
Q3d38543.exe
rvcbcyks.exe
iner.exe
OmaSG21e.exe
ifgxpers.exe
xmlfilter.exe
bzsbkotiu.exe
ubvhynpxh.exe
JfCqQ5JC.exe
wlsidten.exe
mplayer2.exe
DA0B.exe
Firewallservice.exe
Disclaimer

Comments

  1. Christopher Dec 1, 2012

    thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my have a anti-virus, then too this virus infect my system but from where it entered? Anyone let me know let me know about this?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.