The ICE Cyber Crime (ransomware) Virus is identical in behavior to the FBI Moneypak infection. A home customer of mine recently called and asked that I remove it. I tried the fix identified in several top searches for the keyword “ice cybercrime center virus removal“, for example (click here). Nothing seemed to work for me.
Ideally it’s best to try a Windows System Restore anytime a computer becomes infected. As the FBI MoneyPak changed over time, it became more powerful. This newest version, now named ICE disables all system restore access including from the safe-mode command prompt. As you’ve probably found, it simply reboots the PC when you try to access it.
If you’ve never used system restore from the command prompt, here are the instructions. Power off the computer, then turn it back on. As the computer is booting back up, press the F8 key repeatedly until you are presented with the Advanced Boot Options screen. Select Safe Mode with Command Prompt.
When the command prompt appears, type rstrui.exe. This command starts the Windows System Restore. Select a restore date one day before you began having problems. For the majority of low to medium level threats, it’s always best to start with the Windows restore. It can save you a lot of time and effort.
The ICE virus rewrites a portion of the operating system causing the computer to restart every time you try to access safe mode. Here is where a lot of people would simply call a computer repair technician or take their computer to the Geeks.
Lucky for all of us, I found a fix that is pretty much guaranteed to work for you. For this fix, you’ll need a second PC or laptop connected to the Internet and a USB to SATA adapter as shown in the link. Amazon sells them for as low as $10.00.
The fix contains two parts. For the first part, download Norton Antivirus trial mode on your second PC. You can always uninstall it later or purchase a one year subscription after the 30 days on Amazon for around $12.00. Avoid Norton 360 as you probably wont need all of the added features.
The latest version of Norton antivirus doesn’t take up a lot of system resources and protects a computer from everything out there. For my small business customers, I recommend Symantec Endpoint Protection, which is essentially the business version of Norton antivirus. A lot of people have a bad taste in their mouth when it comes to Norton. It may be time to give them another shot.
On the infected PC, power it off. Next remove the power cable and the battery, if its a laptop. Take the hard drive completely out of the infected computer. To remove a hard drive you’ll simply need a phillips screwdriver. Now connect the hard drive to the USB to SATA adapter.
You’ll now see the infected hardware appear as a secondary drive on the computer its connected to. Using Windows Explorer, right-click on the infected hard drive and select Norton Antivirus > Scan Now. The scan will find the infected files placed on your computer from the ICE infection. Finally, you’ll be notified when the scan is complete.
The first time you boot up your computer, you may be faced with the following screen yet no desktop. Simply type explorer.exe to complete the boot up process.
The second part of the fix is to download and run the ICE-FBI-Fix file. If you’d like to see the contents of the file before you run it, please right-click on the file and select Open with > Notepad. To install this fix, double click on the downloaded file and select yes when prompted. Reboot to ensure everything is back on track.
If the ICE-FBI-Fix does not work for you, there is one final step. You’ll need to recreate your profile. To do that, boot into Windows, then open the Control Panel. Select User Accounts > Manage another account > Add or remove users. Create a new account with your name.
Use the new profile moving forward. Don’t forgot to delete your old profile after you’ve transferred everything over to the new one. That’s it. This is an alternative fix for the ICE Cyber Crime virus.
If you found this article to be helpful, please click on one of the social media icons to like this page. Thoughts or questions regarding this article? Please leave them in the comments area below, I’ll do my best to help you out.
About the Author (Author Profile)John Bousman is an MCSA, MCTS, MCP, Net+ and A+ Certified Technician. He is also an avid Web Developer, WordPress Jedi, SEO Connoisseur and owner of an IT Firmed in the Midwest. During the day he helps tackles Server Administration and Desktop Support issues for small business. With over 15 years experience installing, configuring and troubleshooting retail and enterprise software, he's seen it all. Make sure you checkout his profile on Google+.