Home Malware Programs Ransomware ACCDFISA Protection Program Ransomware

ACCDFISA Protection Program Ransomware

Posted: February 27, 2012

ACCDFISA Protection Program Ransomware Screenshot 1ACCDFISA Protection Program is a fake application that pretends to be a notice and threat from legal authorities that have found your computer to be engaged in pornography-related crimes. However, as a standard ransomware Trojan, ACCDFISA Protection Program isn't from any sort of real legal institution and isn't able to carry out its threats of encrypting or deleting your files. Since ACCDFISA Protection Program will block your ability to access all programs, including anti-malware scanners that could remove ACCDFISA Protection Program, SpywareRemove.com malware researchers recommend that you delete ACCDFISA Protection Program by using Safe Mode, a USB drive-based boot or a secondary OS to access your operating system while ACCDFISA Protection Program is disabled. Above all else, you should never waste money on ACCDFISA Protection Program's ransom, which is unnecessary for restoring your PC to its original state of well-being.

ACCDFISA Protection Program – a Supposed Spy on Unreal Crimes

ACCDFISA Protection Program is a ransomware Trojan that's installed without your consent and locks up Windows as soon as your PC boots. Once loaded, ACCDFISA Protection Program will display a generic warning message that includes accusations of child pornography, threats of AES file encryption and even threats to delete your files and entire operating system. Although the ACCDFISA Protection Program claims that you can avert these disastrous consequences by paying into its Ukash, Paysafecard or MoneyPak-based payment options, SpywareRemove.com malware experts recommend that you save your money for better things than ACCDFISA Protection Program's ransom attempt. ACCDFISA Protection Program isn't able to carry out any of its threats, and there's no need to spend money on its ransom to remove ACCDFISA Protection Program from your PC.

ACCDFISA Protection Program's warning message is readily identified by the following text, which is reminiscent of other Ukash Virus-style ransomware Trojans (such as the Scotlands Yards Ukash Virus, the Strathclyde Police Ukash Virus, Police Central e-crime Unit (PCEU) ransomware, Gendarmerie Nationale Ransomware, Fake Federal German Police (BKA) notice variante and the ' I Suoi Archivi Sono Stati Cifrati' Trojan):

Warning! Access to your computer is limited.
WHY?
From your computer was detected mailing (spam) advertises illegal sites with child pornography, which contradicts law and harm other network users.

Probably your computer has been infected and as a result our service blocked access to your computer, including a fully networked access (except for our staff).

Excising ACCDFISA Protection Program and Its Cheap Ransom Attempt from Your PC

While it's active, ACCDFISA Protection Program will prevent you from using other applications, and SpywareRemove.com malware researchers stress the necessity of disabling ACCDFISA Protection Program before you'll be able to scan your PC and delete ACCDFISA Protection Program appropriately. Common methods of doing this include, but aren't limited to:

  • Using Safe Mode, a Windows feature that can be accessed from the boot menu by pressing F8 during a reboot (but before Windows begins to load).
  • Installing a secondary operating system on a USB thumb drive or other portable device and booting your PC from that device.
  • Switching to a second operating system that's already installed on your computer.


ACCDFISA Protection Program Ransomware Screenshot 2

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ACCDFISA Protection Program Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\tracerpts.exe File name: %System%\tracerpts.exe
File type: Executable File
Mime Type: unknown/exe
%System%\ucsvcsh.exe File name: %System%\ucsvcsh.exe
File type: Executable File
Mime Type: unknown/exe
%System%\csrsstub.exe File name: %System%\csrsstub.exe
File type: Executable File
Mime Type: unknown/exe
%System%\dcomcnfgui.exe File name: %System%\dcomcnfgui.exe
File type: Executable File
Mime Type: unknown/exe
%System%\tcpsvcss.exe File name: %System%\tcpsvcss.exe
File type: Executable File
Mime Type: unknown/exe
%System%\wcmtstcsys.sss File name: %System%\wcmtstcsys.sss
Mime Type: unknown/sss
C:\ProgramData\local\undxkpwvlk.dll File name: C:\ProgramData\local\undxkpwvlk.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\ProgramData\local\vpkswnhisp.dll File name: C:\ProgramData\local\vpkswnhisp.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\how to decrypt aes files.lnk File name: C:\how to decrypt aes files.lnk
File type: Shortcut
Mime Type: unknown/lnk
C:\ProgramData\local\aescrypter.exe File name: C:\ProgramData\local\aescrypter.exe
File type: Executable File
Mime Type: unknown/exe
C:\ProgramData\local\crdfoftrs.dll File name: C:\ProgramData\local\crdfoftrs.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\ProgramData\local\svchost.exe File name: C:\ProgramData\local\svchost.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\ucsvcsh.exe File name: C:\Windows\SysWOW64\ucsvcsh.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\wcmtstcsys.sss File name: C:\Windows\SysWOW64\wcmtstcsys.sss
Mime Type: unknown/sss
C:\decrypt\decrypt.exe File name: C:\decrypt\decrypt.exe
File type: Executable File
Mime Type: unknown/exe
C:\Decrypt\Decrypt.exe File name: C:\Decrypt\Decrypt.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\csrsstub.exe File name: C:\Windows\SysWOW64\csrsstub.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\dcomcnfgui.exe File name: C:\Windows\SysWOW64\dcomcnfgui.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\tcpsvcss.exe File name: C:\Windows\SysWOW64\tcpsvcss.exe
File type: Executable File
Mime Type: unknown/exe
C:\Windows\SysWOW64\tracerpts.exe File name: C:\Windows\SysWOW64\tracerpts.exe
File type: Executable File
Mime Type: unknown/exe
C:\Users\Public\Desktop\how to decrypt aes files.lnk File name: C:\Users\Public\Desktop\how to decrypt aes files.lnk
File type: Shortcut
Mime Type: unknown/lnk

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "svchost"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiServiceSysHostHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofms

Additional Information

The following messages's were detected:
# Message
1"ACCDFISA Protection program Warning! Access to your computer is limited.
2After that our experts withing 1-3 hours will do audit and clean up your computer from viruses sending out spam and send out you sms on the cell phone or email (from which you sent card code and your reference number) control code (which unlock your PC) that must be enter here."
3As the virus sends the illegal spam mail is very dangerous and modifies itself every 48 hours, including removing our program protection, you have 48 hours, otherwise we will remove all protection program data including the operating system and all your files without possibility of recovery.
4Probably your computer has been infected and as a result our service locked access to your computer, including a fully networked access (except for our staff).
5To find Paysafecard location stores near you visit www.paysafecard.com or Ukash at ukash.com
6To solve this problem you need to buy and send sms with MoneyPak or Paysafecard or Ukash code (100$ or 100E) and your Reference Number: 471951751100 to the special service phone number: +18722161445 or email: antispam@cyberservices.com)
7WHY? From your computer was detected mailing (spam) advertises illegal sites with child pornography, which contradicts law and harm other networking users.
8You can buy MoeyPak card at the nearest stores: Walgreens, Walmart, CVS/pharmacy, Kmart, SevenEleven, Rite Aid or go to www.moneypak.com to find location stores near you.