Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Wednesday, April 14, 2010

Remove "Copyright Violation: Copyrighted Content Detected" fake warning (Uninstall guide)

Tell your friends:
Fake warning "Copyright Violation: Copyrighted Content Detected" is a part of ransomware infection that attempts to convince you to pay a fee for allegedly found copyrighted material on your computer. Actually it's a Trojan horse Trojan.Fakecopyright [Symantec]. Once this Trojan is installed, it will scan your computer for .torrent files and then will display fake Copyright Violation alert window stating that copyrighted material have been found and that you should pay a fee ($399.85) or they will pass your case to the courts where you will be tried by a judge. That's ridiculous, you shouldn't trust it. This is yet another scam. If you find that your computer is infected with I-Q Manager Antipiracy foundation (Copyright Violation: Copyrighted Content Detected) ransomware please follow the removal instructions below to remove it from your PC as soon as possible.




(Video by rogueamp)

"Copyright violation alert
Copyright violation: copyrighted content detected
Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. Please read the following bulletin and try solving the problem in one of the recommended ways."



If you select the "Pass the case to court", or "Settle case in pre-trial order", the threat will attempt to display a web page that contains an online order form for the amount of $399.85.



The biggest problem is that this threat then may lock the compromised computer until the user enters a correct license number for the program. Thankfully, S!Ri posted a registration code which should unlock your computer: RFHM2-TPX47-YD6RT-H4KDM. (I haven't tested it, so I don't know for sure)

The home page of the bogus ICPP Foundation is icpp-online.com (193.33.114.77). You should add it and add icpp-online.com to the list of blocked web sites. Also note that this fake Copyright Violation alert has been localized to the following languages: Czech, Danish, Dutch, English, French, German, Italian, Portuguese, Slovak and Spanish.


"Copyright Violation: Copyrighted Content Detected" or I-Q Manager alert removal instructions:

1. Click Start -> Control Panel
2. When in the Control Panel, double-click on one of the options below depending on your version of Windows
a) Add or Remove Programs icon (for Windows XP users)
b) Uninstall Program (for Windows Vista and Windows 7 users)
3. The Add or Remove Programs (Windows XP) or the Uninstall Program (Windows Vista & 7) screen will be displayed. Scroll through the list of programs and look for entries with I-Q Manager, uninstall them. You are done, close the Control Panel screen.
NOTE: If the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the program.

Your computer should now be free of the I-Q Manager or Copyright Violation: Copyrighted Content Detected malware. However, if it's still on your computer then complete these additional steps:

1. Click Start -> Run.
2. Input: regedit. Then click OK.
3. Navigate to and delete the following registry entries and subkeys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"iqmanager.exe" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
4. Exit the Registry Editor.
5. Download one of the following anti-malware programs (all programs are free):
6. Install selected anti-malware program, update it and run a full system scan.


I-Q Manager or Copyright violation alert files and registry values:

Files:
  • %UserProfile%\Application Data\IQManager
  • %UserProfile%\Application Data\IQManager\iqmanager.exe
  • %UserProfile%\Application Data\IQManager\settings.ini
  • %UserProfile%\Application Data\IQManager\torrents
  • %UserProfile%\Application Data\IQManager\languages
Registry:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQManager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "iqmanager.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\IQManager\iqmanager.exe"
Share this information with other people:

22 comments:

wheelz1551 said...

Damn, please help I don't know how to fix this but apparently my regedit has been "disable by administrator" I'm guessing the malware did it but how can I fix it?

Anonymous said...

I have this trojan, but the "iqmanager" in the text above, can also be "admanager". The removal seems to work just the same.

Good luck on this one
Kodjiro

wheelz1551 said...

Could the trojan also be apmanager because that's what I have instead of iqmanager or admanager

Admin said...

Q: Could the trojan also be apmanager because that's what I have instead of iqmanager or admanager?

A: Yes, it could be AP Manager.

Brandon said...

Have this virus. Took my computer to a pro and he could not get it out of there. The serial #RFHM2-TPX47-YD6RT-H4KDM was able to get me past the payment screen to my desktop but then the virus just started from the top again.

Problems I have been having that I dont see addressed in most websites about this virus:

1) My taskmanager has been disabled and I cannot access it.
2) The virus will not allow me to install a current malware program and it causes the one I have (malware bytes) to crash right before it finishes its scan.
3) In the regedit/hkey stuff (sorry if this is not right terms I just watched while the tech worked) I can find no file with iqmanager, ip manager, admanager or anything else w/ "manager" in the name. I guess this virus must either have a new name or have some way to hide on these lists.

Anyway, this is a DEVESTATING blow.. (as im sure it is for everyone)... lost all my home business files, lost all my pictures (cross country trip, pics of my baby nephew, etc) and who knows what else. Every minute I realize something else I did not have backed up.

Thanks for your post about this virus.

Other people who have dealt with this, Please post links to other resources for combating this virus, particullarly ones that might address my specific problems.

Thanks for your time.

Anonymous said...

Thank you so much for all of these videos! You told me exactly what I needed to do in order to remove a bunch of trojans today.

:)

Anonymous said...

Help. I can't download anything. Safe Mode does not work. I can only get to the command prompt in safe mode. Any advise?

Anonymous said...

press cntl+alt+esc while the safe mode is stuck

dan said...

Hi, ive entered the code RFHM2-TPX47-YD6RT-H4KDM which has removed the icpp screen pictured at the top of this page. It has taken me back to my desktop but nothing else is working, i have no icons on the desktop and no way of progressing any further. Please help, what can i do next.

Anonymous said...

My Laptop just got the same virus. When it first got infected, it hold the CPU hostage. I got to reboot my laptop. When I logged in, it popped up "Copyright Violation Alert" window.

Below are the steps I did to get my laptop back to the main window so that I can run my Norton Anti-virus to remove this virus:
1) Press CTRL+ALT+DEL to bring up the taskmanger
2) from taskmanager, click file-->New Task
3) on the New Task Window, type in "control.exe", and click "OK"
4) You are now in the main window, just simply run your Anti-virus to scan the harddrive to remove all the virus files that associated with it.

Ben said...

I had similar issues as Brandon, however I did not suffer the same loss of data.

I believe it is because of two main differences.

I maintain a separate partition for data on my machine. So I have multiple drives on my computer one for my OS and one for my data. Most of these buggers don't jump drives.

The second difference, the big one, is that I maintain an account on my computers with no save location for the profile. When I log into this account a new temporary profile is created.

This bugger was connected to profiles so I had an account that was not locked out. It had no profile to attach to. I have this account for all my sensitive transactions, so when making online purchases and any other actions where I enter sensitive data, the OS is unable to save
anything, it all exist in a temp that is removed when I log off

I used this profile to transfer the data that I failed to move to my data partition prior the crash.

Additionally there are other options, for gaining access to your system should your task manager become locked out. If any number of select files are missing, these prompts to install the required file will come through, the bug. They want you to install the missing file. When browsing for the file you can right click and select the explore option. This will launch explorer and give you a bit more access to your system.

I used the igfxext.exe file removal to gain access, to delete a file like this you can gain entry through safe mode command prompt.

I hope this helps someone. Good Luck.

Anonymous said...

Same problem as Brandon...

Cant get anywhere...

Anonymous said...

typed in the code its taken me back to my desktop but same problem nothing else is working.

Anonymous said...

same as Brandon as well - please advise how can we install any software when the desktop is completely "locked" by the virus? (no taskbar either - as Brandon explained)

dan said...

i just fixed this prob if you have vista try plugging in removable hardware such as a card reader with card inserted, turn your pc off, and back on manually
(hold the button in) then if your pc is like mine with this forign item plugged in it wont start up let it run for a minute then unplug it then manually restart it again and windows will try to figureout why it didnt start up then when it ask you to restore to an earlier point do it then delete all the virus info off your pc

Anonymous said...

hey guys
using windows 7
i have fixed my issue with this damn virus
i too was not being able to open up any taskbar or anything and the code was not working. so, this was how i did it

restart pc in safe mode with command prompt
in command prompt type "control.exe" without quotes
once in, go to >recovery > restore to previous date ( i went back to yesterday)
restart pc
this should now let you into windows
download malwarebytes
do scan

i can confirm that i did the above and now using pc as normal

thanks and take care

Anonymous said...

Thanks all for this very useful information. On my system it was called ARManager and I had to log in as administrator in safe mode to get around the task manager being locked.

I figured out it was ARManager by looking in the Application Data directory. The real proof was the location of the languages sub folder.

I don't know how to help people who can't log in as adminstrator, I was lucky I guess.

Anonymous said...

HOW BOUT VISTA? ...CONTROL.EXE DOESN'T TAKE YOU TO "RECOVERY"?

Anonymous said...

hey its me again - the one that explained how i did it in command prompt!

control.exe should take you to the control panel where you do a system restore

vista guy, i apologise, vista has a diff syntax. go to
http://www.howtogeek.com/howto/windows-vista/new-vista-syntax-for-opening-control-panel-items-from-the-command-line/

hope that helps

Anonymous said...

Thanks for your suggestions everyone.

I was hit with a twofer. Entering the code to get rid of cpp-online virus worked, but once I got to the desktop I had a annoying popups courtesy of Antispyware Soft which made the computer unusable. System restore was not an option - when I tried in Safemode it would say that it was disabled by Administrator. I couldn't access Registry Edit either. What I did was run Hijackthis and kill some suspicious processes. Two of them were Registry disable, and System restore.

Anonymous said...

Thank you VERY much, the key helped me to get into windows again,
now im trying to remove the trojan.
THANKS

Anonymous said...

Hello, i also have this problem with my computer as well!! but i have windows VISTA!! ON STEP 2B IT SAYS "DOUBLE CLICK UNINSTALL PROGRAM ON THE CONTROL PANEL!!, ON MY COMPUTER THERE IS NO UNINSTALL PROGRAM ON THE CONTROL PANEL!!! JUST ADD OR REMOVE PROGRAM!! WHAT SHOULD I DO!!!