IRMA (BSA) virus is a new face of the money extortion scam similar to FBI and Ukash viruses. As compared to country specific “police” ransomware, IRMA (BSA) scam is more universal since the Information Resources Management Association and Business Software Alliance are international organizations. Certainly, IRMA and BSA have nothing to do in common with the message shown under these names. This text is compiled by cyber criminals for asking victims to pay $200 or $250 with MoneyPak as a fine for some unspecified violation of the law concerned with prohibited content and piracy on the Internet. Since neither of these organizations is related to law enforcement, none of them would ask you to pay fines for violating laws with means that are impossible to trace such as MoneyPak. Should you make such a payment, your money would enrich cyber criminals that wouldn’t even bother to unlock your computer as the message says. Definitely, it is better to ignore this message and get some guide or removal tool that can help you to unlock your PC and get rid of IRMA (BSA) virus.
IRMA (BSA) virus Removal Guide
What is IRMA (BSA) virus?
IRMA (BSA) virus is a classic ransomware designed to scare people and extort money. This scam is spread with Trojans coming from malicious or infected websites. This virus might infect your PC when you click a link in some email message from unknown web source or download free program or media files from insecure websites. When IRMA (BSA) virus infects your computer, it is set to run on Windows startup. Then it locks your access to the desktop and exposes a message with a vague allegation in violating some of laws related to the Internet. This message asks for a fine paid with MoneyPak within 72money for the violation and for unlocking your computer.
Do not expect that your payment would help you to unlock your computer since this message is a fake made by cyber criminals, and they are avoiding any risk of being caught. As a result, you will be left with locked computer and the need to somehow remove IRMA (BSA) virus.
If your computer is not infected, then just be carefull while browsing the Internet, downloading files, and opening your email. Scan downloads and email messages with your antivirus program before opening. It will help you to protect your computer from being infected by IRMA (BSA) virus.
IRMA (BSA) Virus Removal Tool
The removal of IRMA (BSA) virus is difficult to inexperienced user because the access to computer is locked and web browsers are redirected or blocked. This virus might blocks or obscure the use of a Safe Mode helpful during malware removal with exception is a Safe Mode with Command Prompt. Errors made during the removal process might damage computer system with a possible loss of valuable user’s data. Professionally designed removal tools are a better choice than manual removal unless you have a sufficient experience in malware removal or some background in system management.
IRMA (BSA) Removal Tool helps to remove IRMA (BSA) virus and other malicious programs. It offers you free scanner for advanced malware detection, free professional support for removing complex computer infection, and real-time protection against malicious software.
Note: Since “Save Mode with Networking” startup option might be obscured by this IRMA (BSA) virus, it is better to download these removal tools to a different computer and copy them to USB device or CD. Then you can transfer this programs to infected computer and use them with infected computer started in a “Safe Mode with Command Prompt” that is not blocked by IRMA (BSA) virus.
Remove IRMA (BSA) virus manually
The first thing that might help to remove IRMA (BSA) virus is your System Restore utility. It saves your system settings for some certain point in time, and if it is properly set, then your computer might be restored to the condition that was right before it was infected. You need to run Windows System Restore on a computer started in a Safe Mode with Command Prompt. After this utility is started, choose some appropriate restore point and restore your system. This way is relatively simple; however, you need to find and remove malicious files by hand and scan your system, including System Restore files, with your antivirus since these some viruses are targeted to infect System Restore files.
If there are no saved restore points and your System Restore is not running, then try to remove IRMA (BSA) virus in a different way:
1. You need to check and repair proxy settings for your browser to prevent redirecting your computer to malicious websites that might help to reinstall malware being removed. It is just a precaution needed in a case of this malware foreseen future development, but it will protect you against some spyware programs that might come along with IRMA (BSA) virus.
2. When done with fixing proxy settings, start your computer in a Safe Mode with a Command Prompt and log as a system administrator. Open Startup folder and remove suspicious files out there.
For this click Start, select All Programs and find Startup folder. Look at the startup folder and remove any suspicious program that you cannot identify. IRMA (BSA) uses random name that consist of characters and numbers. It might be also named as well-known windows files for hiding in a disguise. These malicious programs usually have different extension names and are placed in a different location as compared to real files. After you remove IRMA (BSA) virus from the startup list, restart your system and see if it helps to stop the virus.
3. If removing suspicious files from the Startup list doesn’t help to block this virus, than check and fix registry keys commonly used by malicious programs for the automatic start settings. To remove this keys:
Click Start and type regedit.exe at the command prompt. Then, press Enter.
Press OK button, or Enter key, when done.)
In Registry Editor Look for the keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [some path to randomly named IRMA (BSA) executable file]
Note: Write this path and file name down. It will help you to find and remove IRMA (BSA) virus main executable file later.
Expand the key:
Look for the value of Shell subkey found in the right pane. It should be set to “Explorer”. If there is some other file or some additional string placed after “Explorer”, then remove any extras and leave only “Explorer” as a subkey value.
IMPORTANT: Before you make changes to your system registry, please make a backup file for the key that you are going to change or remove. You can do this by opening File menu in the Registry Editor and clicking Export. Then follow instructions on the screen. If something goes wrong, you can restore the registry key by double clicking saved file. If no problems are found, then you can discard backup files later.
Kill IRMA (BSA) virus malicious processes
Note: The file is located in either %AppData% or %Temp% directory in the current user profile.
Remove IRMA (BSA) virus malicious entries made in the system registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [path to random]\[random chars].exe
Delete IRMA (BSA) virus files and folders:
%UserName%\%Application Data%\[random chars folder name]\[random chars].exe
%UserName%\%Temp%\[random chars folder name]\[random chars].exe
Complete IRMA (BSA) removal
IRMA (BSA) virus might come with other malware, and it is often the case with infected and malicious websites. After you remove IRMA (BSA) virus, you need to update your antivirus software and run a deep scan for viruses. You can also use some free antivirus scanner from trusted vendors to double check the result of the removal. Some malicious programs might be bundled with spyware programs, and you need to remove these spyware with some antispyware program.
Find more about computer system protection against malicious programs.