Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Changes background
  • Connects to the internet without permission
  • Shows commercial adverts
  • Annoying Pop-up's

Information Resources Management Association Virus

Information Resources Management Association Virus is a ransomware application that requires a 250 USD release fee from infected computer users. The ransomware locks infected computers blocking the desktop access and making the users think that they have committed something wrong. Users cannot access their desktops, because they are blocked by the message displayed by Information Resources Management Association Virus. The notification looks legitimate because the infection makes use of legitimate symbols and logos that belong to well-known companies and organizations. For example, Information Resources Management Association (IRMA), Business Software Alliance (BSA), McAffee, 7Eleven, Walmart and others. When a user sees the symbols of these organizations he believes that the notification is legitimate.

Unfortunately, that is very far from the truth, because Information Resources Management Association Virus is yet another variant of Ukash virus infection. Unlike previous versions such as FBI MoneyPak, Microsoft Windows Ukash Virus or Federal Computer Crime Unit Virus, the new ransomware infection does not "use" Ukash or PaySafe programs to receive the payment. Information Resources Management Association Virus utilizes MoneyPak payment system and even displays contact information that the user can use in case he has any inquiries regarding the payment.

However, the notification displayed by Information Resources Management Association Virus has not grounds and this ransomware application only wants your money, so you mustn't pay attention to anything it says:

Now your PC is locked by Business Software Alliance trade group and Information Resources Management Association.

If you don't pay the fee, all data about using of pirate (forbidden) content, your personal IP address, webcam data (if you use it) will be sent to the self-government, where your case will be considered on an individual basis and appropriate measure will be taken.

How to unlock your computer?
You should buy MoneyPack code denominated of 250 dollars.

Do take note that a Moneypack payment system does not even exist. It imitates the name of "Moneypak" that is the only known pre-paid card payment system. Even so, you should never pay a single cent to Information Resources Management Association Virus, because it will never unlock your computer, and you will only lose your money.

We recommend removing Information Resources Management Association Virus with SpyHunter to fix your system right away. In order to do that, do the following:

For Windows Vista & 7:
1. Reset your computer and press F8 while the system loads.
2. Select Safe Mode with Networking and press Enter.
3. Go here to download SpyHunter: http://www.pcthreat.com/download-sph
4. Install SpyHunter and terminate the ransomware.

For Windows XP:
1. Repeat the steps 1 and 2 described above.
2. Click Yes button on the confirmation box.
3. Download SpyHunter from our page.
4. Open Start menu and launch Run.
5. Type "msconfig" into the Open box and press OK.
6. When System Configuration Utility loads click the Startup tab.
7. Uncheck all programs on the list. Click OK to save changes.
8. Restart the computer in Normal mode.
9. Install the computer security program and erase Information Resources Management Association Virus.

Download Spyware Removal Tool to Remove* Information Resources Management Association Virus
  • Quick & tested solution for Information Resources Management Association Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Information Resources Management Association Virus

Files associated with Information Resources Management Association Virus infection:

idiokbbrv.exe
TimeDateMUICallback.exe
rool0_pk.exe
Nbt.exe
Task Scheduler.exe
msn.exe
wlsidten.dll
%APPDATA%\system
wahneaqa.exe
videotwisterSA.exe
2084473.dll
wgsdgsdgdsgsd.exe
Q3d38543.exe
ubvhynpxh.exe
comeo.exe
%LOCALAPPDATA%\lollipop
Other.res
m2PythonLoader.exe
ACEIEAddOn.dll
VaultSysUi.exe
svchost.exe
msdtmsrd.exe
msshell.exe
puozlkmyj.dll
zqmkrehUkpoKfsafsaZg.exe
96dddda4.dll
acuvzomo.exe
install_0_msi.exe
p1.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
Firewallservice.exe
bvhylsviw.exe
rvcbcyks.exe
ssntvs.exe
uenovfiu.exe
wlsidten.exe
msavfit.exe
DA0B.exe
00b5d693.exe
3511172082012Build.exe
sqlncli.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
obvwo.exe
SyncHostps.exe
DLL321.dll
pYunY8m4VL3qLc.exe
jsdhlexdqkllnbcxgai.bfg
UpgradeHelper.exe
iner.exe
securitywindrv.exe
b34btbztdb0vavaw.exe
csrsss.exe
pmstcdjwz.exe
taskhost.exe.exe
%APPDATA%\Task Scheduler
00qbipeq.exe
gcrwcoak.exe
WinSyncMetastore.exe
najeoxtt.exe
JfCqQ5JC.exe
dtkmujvo.exe
audipbrd.exe
dyjdl.exe
ex3b.dll
xctqakcqbeo.dll
%AppData%
%LOCALAPPDATA%\Temp
魔法桌面第三方主题破解补丁V1.1.exe
dqnbdq7.dss
C87C.exe
87b2cb3916261d5c807bf44262755cb0.exe
ieudator.dll
MusicCollector.exe
hwj3ba6j.dss
aPr0hY9.exe
Piranha.exe
oygqyunapnp.exe
%TEMP%
scvhost.exe
Updating.exe
secproc_isv.exe
yaiiwockc.dll
OmaSG21e.exe
xaZYOVJW.exe
msnmsgrr.exe
xlqbteeb.exe
ifgxpers.exe
WINDED6.exe
questscan.dll
administration.exe
%WINDIR%\system32
%SystemDrive%\????????????
crack.exe
%APPDATA%\updates
%CommonProgramFiles%
mplayer2.exe
%UserProfile%
bzsbkotiu.exe
xmlfilter.exe
%WINDIR%\Temp
systemcpl.exe
50E1.exe
n.
wpbt0.dll
brenasa.exe
skype.dat
%ALLUSERSPROFILE%
%ALLUSERSPROFILE%\Application Data
NTServiceManager.exe
setex.exe
ctfmon.exe
UpdatePriv.exe
wjthvwjb.dss
bf8h8d02hf.exe

Information Resources Management Association Virus DLL's to remove:

ACEIEAddOn.dll
DLL321.dll
ieudator.dll
2084473.dll
yaiiwockc.dll
wpbt0.dll
questscan.dll
wlsidten.dll
ex3b.dll
xctqakcqbeo.dll
96dddda4.dll
puozlkmyj.dll

Information Resources Management Association Virus processes to kill:

cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
C87C.exe
Firewallservice.exe
rool0_pk.exe
TimeDateMUICallback.exe
setex.exe
crack.exe
WINDED6.exe
ifgxpers.exe
p1.exe
MusicCollector.exe
Updating.exe
pmstcdjwz.exe
secproc_isv.exe
VaultSysUi.exe
dyjdl.exe
Task Scheduler.exe
b34btbztdb0vavaw.exe
uenovfiu.exe
wgsdgsdgdsgsd.exe
Q3d38543.exe
ssntvs.exe
comeo.exe
rvcbcyks.exe
audipbrd.exe
brenasa.exe
wahneaqa.exe
msnmsgrr.exe
50E1.exe
securitywindrv.exe
87b2cb3916261d5c807bf44262755cb0.exe
iner.exe
idiokbbrv.exe
mplayer2.exe
svchost.exe
m2PythonLoader.exe
Piranha.exe
msn.exe
oygqyunapnp.exe
najeoxtt.exe
videotwisterSA.exe
gcrwcoak.exe
3511172082012Build.exe
xaZYOVJW.exe
dtkmujvo.exe
Nbt.exe
NTServiceManager.exe
bvhylsviw.exe
UpgradeHelper.exe
taskhost.exe.exe
sqlncli.exe
JfCqQ5JC.exe
魔法桌面第三方主题破解补丁V1.1.exe
bzsbkotiu.exe
msdtmsrd.exe
WinSyncMetastore.exe
aPr0hY9.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
administration.exe
UpdatePriv.exe
xmlfilter.exe
csrsss.exe
scvhost.exe
DA0B.exe
systemcpl.exe
install_0_msi.exe
ctfmon.exe
msshell.exe
00b5d693.exe
ubvhynpxh.exe
xlqbteeb.exe
wlsidten.exe
msavfit.exe
00qbipeq.exe
pYunY8m4VL3qLc.exe
bf8h8d02hf.exe
zqmkrehUkpoKfsafsaZg.exe
SyncHostps.exe
OmaSG21e.exe
obvwo.exe
acuvzomo.exe
Disclaimer

Comments

  1. Christopher Dec 1, 2012

    thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my have a anti-virus, then too this virus infect my system but from where it entered? Anyone let me know let me know about this?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.