Wednesday, May 21, 2014

Phishing Certpolice.info, How to Remove and Unblock Browsers

VilmaTech Onlione Support and this website
should not be mistakenly taken to be
associated, affiliated, sponsored
or owned by Certpolice.info’s
creator or distributors.
The provision of information
and solution is the one and only intent.





OUTLINE
  • What is Certpolice.info?
  • Why am I blocked by Certpolice.info?
  • One should be informed of the dangers from Certpolice.info
  • Follow manual steps to remove Certpolice.info and unblock your browser


Certpolice.info disguises itself as an official police site. It has been found to attach itself and lock browser, preventing PC users from closing any of tabs and asking for so-called ransom. As a matter of fact, it is a technically browser hijacker, what makes PC users panic is that Certpolice.info manages to block the entire browser rather than constantly directing users to certain website like the average ones, safesear.ch for example.



Why am I blocked by Certpolice.info?


Usually, getting Certpolice.info implies that you have visited some prohibited sites like child porn. Since such website could trap for numerous clicks and once visitors got blocked by the browser hijacker, Certpolice.info has a very good reason to ask for and get ransom.

Of course, as a browser hijacker carrying malicious code, Certpolice.info is capable of landing on a machine by:
  1. taking advantage of vulnerability in installed programs, Microsoft services.
  2. attacking bugs on certain website that attracts many PC users.
  3. capitalizing on the bugs on loosely programmed applications.


Inform of Certpolice.info’s Dangers 


First of all, it is not wise to fill out a form and submit ransom so fix on the Certpolice.info page. By asking for those information, Certpolice.info on one hand manages to receive the money and collect your confidential information on the other. If one updates virus knowledge frequently, one should be known that JS technique is indispensible when building a web page, and Certpolice.info is no exception. However, this technique can be utilized maliciously to record any in-put information.

Second, it is not advisable to remove Certpolice.info automatically as it would waste precious timing to remove the browser hijacker quickly and completely. As a browser hijacker, Certpolice.info uses BHO and JS combined technique to load into system configuration and keep popping up on target machines, there’s no typical vicious feature has been found to be attached and thus security utilities will not help flag or remove Certpolice.info.

Third, to access the recorded information, backdoor program has been found to be adopted. It should be informed that backdoor program has been widely adopted by programs and applications for convenient inspection and thus future improvement. Such program can also be utilized maliciously to load down additional vicious items for extra income.
start a live chat to get expert help in removing Certpolice.info



Follow manual steps to remove Certpolice.info and unblock your browser


Step1
Reset browsers.


IE
Tools menu > Internet Options > Advanced tab > Restore Defaults button > OK.

Firefox
Firefox button > Help > Troubleshooting information > ‘Reset Firefox’ button.

Chrome
‘Customize and Control Google Chrome’ menu > ‘Options’ > ‘Under the Hood’ tab > ‘Reset to Defaults’ button.

Opera
Show hidden files and folders (explicit instruction shown in Step3) > navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini file.

Safari
Safari menu > ‘Reset Safari’ > tick all given options > ‘Reset’ button.



Step2
use Task Manager to locate and end the suspicious processes.

1. bring up Task Manager

Win+R key combination > Run box > type “CMD” > Enter key > put in one of the three commands:
taskkill.exe /im msblast.exe
taskkill.exe /im teekids.exe
taskkill.exe /im penis32.exe
> hit Enter key


2. use PID and other functionality to help locate suspicious items.

Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to  Certpolice.info's path(by searching for Certpolice.info on the whole machine beforehand) or the path that doesn't belong to system.

use Task Manager to find out the processes related to Certpolice.info



Step3
unveil all hidden items to remove the items related to Certpolice.info.

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
show hidden items on Windows8

a. navigate to the below directories to remove the items generated on the day when Certpolice.info was firstly detected:
%Program Files%\Common Files\
%DriveLetter%\
%SystemRoot%\system32\%Temp%\
%SystemDriver%\
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\

variable declarations
  • %SystemDriver% - the system division is "C:\" by default.          
  • %SystemRoot% - the directory of WINDOWS is known as“C:\Windows” by default.
  • %ProgramFiles% - the default installation directory of system programs defaults to“C:\ProgramFiles”.

(tip: how to locate the related items? One should find out the ones were created on the day when Certpolice.info was firstly detected. To show the date, one should:

right click on the space of a window that is under inspection > select "Arrange by" > select "day")
show the date of the items related to Certpolice.info


b. Remove all the Temp files.

Windows

remove all the temp files under the following directories.
C:\WINDOWS\Temp
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File

Mac OS X
Finder > Utilities folder > terminal:

access Terminal to remove the temp files generated by Certpolice.info on Mac
  1. type
    cd ~/Library/Logs
    sudo rm -rf ~/Library/Logs/*
    and press Return button.

  2. type
    rm -rf ~/Library/Safari/Downloads.plist
    cd ~/Library/Caches
    sudo rm -rf ~/Library/Caches/*
    and press Return button.



Certpolice.info appears to be ransomware, but it is a browser hijacker in nature. The above steps should help victims unblock browser. However, as what has been made clearly that additional unwanted items might have wormed into a target machine due to backdoor program, one should remove all the dangerous items so that Certpolice.info will not come back easily. To guarantee that there will be no Certpolice.info’s re-image, one should always follow good PC practices after the removal. Should you encounter unexpected situation and don’t know what to do, get exclusive help according to your concrete situation by contacting VilmaTech Online Support.
get expert help in removing Certpolice.info




No comments: