The warning supposedly coming from Canadian Security Intelligence Service (also known as CSIS) is a ransomware program that is very dangerous for your system integrity. Its danger is explained by the fact that this is a typical screen or desktop locker that takes the PC hostage and doesn’t let you do anything with it. Furthermore, the very presence of this scam is threatening because it may bring other malwares into your computer. Ransomware is a program that locks the desktop of infected workstation and then wants users to pay fine (penalty or forfeit) to unlock it. In the majority of the cases ransomwares present themselves as some local police warning. Hence, this notification supposedly coming from Canadian Security Intelligence Service is also fake and it is not associated with CSIS law enforcement organization of Canada. Here is what this message says once it infects your computer:
Government of Canada
Gouvernement du Canada
Canadian Security Intelligence Service
Service canadien du renseignement de sécurité
This operating system is locked due to the violation of the laws of the Canada!
Following violations were detected: Your IP address is [removed]. This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.
This computer lock is aimed to stop your illegal activity.
To unlock the computer you are obliged to pay a fine of $ 100.
You must pay the forfeit through Ukash:
To do this, you should enter the 19 digits code in the payment form and press OK (if you have several codes, enter them one after the other and press OK).
If an error occurs, send the codes to address firstname.lastname@example.org
As you see, hackers instruct users to donate some funds into their pockets as a fine for fake crimes that users have never committed (like the ones described above). Please do not ever pay any funds through Ukash payment systems. This is surely a serious mistake! In such case money will never be returned back to you. Likewise, please do not send any Ukash voucher codes onto email address email@example.com . Instead, please carefully follow the special removal guide we’ve recently developed that is applicable for ransomware virus removal.
CSIS ransomware unlocking procedure
Note! This tutorial is effective for all Ukash and Paysafecard viruses.
1. Restart your computer and press F8 while it is restarting.
2. Choose safe mode with networking.
3. Launch MSConfig.
Press Start –> Run
or press [Win]+R on keyboard
4. Disable startup items rundll32 turning on any application from Application Data.
5. Restart your system once again.
6. Scan with https://trojan-killer.net/download.php?trojankiller to identify file and delete it.
Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
1. Reboot normally.
2. Start –> Run.
3. Enter: https://trojan-killer.net/download.php?trojankiller If malware is loaded, just press alt+tab once and keep entering the string blindly then press Enter.
4. Press Alt+tab and then R (letter) couple of times. The process of ransomware virus should be killed.