Is your computer locked by a fake message titled with “Pirated software has been detected” that asks you to pay $500 CAD? Watch out! This isn’t a real warning from the government or any legitimate authorities even though it displays Canadian flags and badges of Department of Justice or National Intellectual Property Rights Coordination Center. In fact, it is a virus designed by hackers to mislead you and extort your money. The following page contains step by step instruction to help you unlock your computer.
‘Pirated software has been detected’ is a fake alert that belongs to a new variant of ransomware Trojan used to attack computer users in Canada. Other variants like Ministry of Public Safety Canada Virus Scam and Royal Canadian Mounted Police Virus were widely spread before and they have already tricked thousands of innocent users. This virus can get into a computer without any permission, so you may wonder why your computer got locked while you are watching video on YouTube or on Facebook. Basically speaking, this malware spreads via spam e-mails, malicious or hacked Web pages, peer-to-peer networks. Once it is downloaded, it locks you out of your computer and displays bogus message “This computer was automatically blocked. Reason: Pirvated software has been detected.” From the message, it says you are suspected to violate some law related to pornography or copyright, therefore your computer has been blocked and you are required to pay $500 CAD to unlock your computer in 3 days. Also it claims that all your files are encrypted due to violation of the law of Canada. On the top of the message, it shows badges of several authorities like DOJ or others and also with the logo of Canada’s national flag, confusing inexperienced users into thinking this page really comes from the government. And it also says that if you do not follow this warning, you will have to face more serious problems and may even be arrested. The message may look scary, but it is not true. This is a scam and you shouldn’t fall for it. It has no relations with police or any other official institutions and only uses official names and logos to win users’ trust.
Fortunately when ‘Pirated software has been detected’ message popped up on your computer it didn’t really encrypt your files as it mentioned. However, if you keep it stay on your machine, it will damage your whole system and probably harm your hard drive and make you lose everything. This malware takes over your computer screen and don’t let you do anything once infected. At that moment, pressing Ctrl+Alt+Del won’t help to bring task manager up so you won’t be able to end its malicious process that runs in the background. You cannot close or minimize this fake message either and no matter how many times you have clicked on the mouse, it did nothing. The only thing you are allowed to do is to hold the power button for a few seconds and do a force shutdown. But this action cannot change anything since once you turn the computer on, the virus will pop up right away blocking your system. Obviously we can see the main purpose of this ransomware scam is to take the victim’s computer system hostage and then extort a $500 CAD ransom in order to return access to the infected computer system. Although ransomware like this one has been very common, sadly there is no antivirus program can get rid of it completely. We suggest users manually remove ‘Pirated software has been detected’ virus from the computer to make sure it can be away for good.
It will take control of your computer rapidly once it is downloaded.
It will pretend itself as a legit warning and then ask for a ransom.
It can disable your task manager and even pop up in safe mode.
It can connect to a remote IRC server and forward the data to cyber criminals without a computer user’s awareness.
It can’t be simply uninstalled or removed in control panel.
Since ‘Pirated software has been detected’ Virus has completely locked up your computer making you difficult to gain access, you will need to manually remove it instead of using antivirus programs to do so. Also, antivirus programs cannot completely catch this virus. Otherwise, it would have caught it at the beginning when this malware tries to sneak inside. Below are some basic steps on how to get rid of this virus manually. However, due to the changeable characters of this virus, you may not find the exact same files or entries to delete. That’s also why the manual removal requires expertise to do it. You will need to go through files and entries under different locations to define and delete. Any mistake could lead to unpredictable problems during the process. Thus, a backup of important files and programs is suggested before ‘Pirated software has been detected’ malware removal. A flash drive or external hard drive will be needed.
1. Since you cannot gain access to the infected computer under regular mode because of this lock screen, please restart the computer and put it in Safe mode with Networking first. Here’s the guide: Restart the computer upon the locking screen and start hitting F8 key repeatedly when PC is booting up again; if successfully, Safe mode options will show up on the screen for you to select. Please use arrow keys to highlight Safe mode with Networking option and hit enter key. System will be loading files into this mode afterward.
Attention: If virus stays in your computer for a long time, it may work in the background and block you from accessing safe mode with networking, thus, you’ll see virus page still or the virus forces you to log off and restart your computer automatically. In that case, please choose: Safe mode with command prompt and try if it helps. If none of them helps, please contact YooCare expert for instant help.
2. Open Control Panel from Start menu and search for Folder Options. Go to Folder Options window, under View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK.
3. Under Safe mode with Networking, please hit Ctrl+Shift+Esc (Ctrl+Alt+Delete) keys together to pull up Windows Task Manager; go to Processes tab on top and scroll down the list to find processes associated with ‘Pirated software has been detected’ scam and click End process.
4. Open Registry Editor by pressing Windows+R keys and pull up Run box and searching for regedit.
5. Find out and delete files and registry entries as below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\random
6. Restart computer back to Regular mode and check out if the warning page still shows up again.
‘Pirated software has been detected’ message is related to a new type of Ransomware which starts hitting thousands of PC users located in Canada now. This message is not real, instead it is designed by remote hackers in an effort to convince the user that they have violated laws of Canada and they must pay CAD $500 immediately. To be more specific, this malware completely locks your computer as soon as it is inside and then it displays a message accusing you on violating the law of the Canada. The message states that you have been involved into viewing and distributing pornographic or copyrighted content and for this reason you must pay a fine of $500 CAD now. If you do not agree to pay, it claims that you will have to face more serious consequences and may get arrested. The virus has a convincing appearance but please note that official institutions won’t use such methods to collect any money from someone who violated the laws. What you are facing is just a hoax. Remove it quickly before it has ruined your computer.
Note: Manual removal is a skillful and risky job, if any mistakes are made in the process, you may damage your computer immediately. If you are not sure how to do, please contact YooCare PC experts 24/7 online for help right now.
Published by on November 29, 2014 9:14 am, last updated on November 29, 2014 9:16 am
Leave a Reply
You must be logged in to post a comment.