Virus and Spyware Removal Guides, uninstall instructions

What is Sacem?

The Sacem message ("Ordinateur est verrouillé") blocks computer users' screens, demanding payment of a 100 Euro fine. This is a scam. These messages are called ransomware and employed by cyber criminals to trick PC users into paying bogus fines for supposed law violations.

This particular ransomware states that a fine must be paid for downloading copyrighted music files from the Internet. Note that Sacem is an organization from France, which protects, represents, and provides services for, music authors and composers. This organization is in no way related to messages that block computer screens.

The Sacem “Ordinateur est verrouillé" ransomware originates from a family called Gimemo and targets PC users predominantly from France.

What is KODA?

Any message displayed by Koda, stating that your computer has been blocked ("Din computer er blevet låst"), is a scam created by cyber criminals. In fact, Koda (a non-profit collective rights management society that administers Danish and international copyrights for music creators and publishers) does not send messages such as this.

Fake messages are, however, created by cyber criminals with the intention of tricking unsuspecting PC users into paying a bogus 1000 DKK fine for supposed copyright law violations.

This fake message states that the computer lock was applied, since the user has downloaded copyrighted music fines from the Internet. These statements are false and made only to scare PC users.

What is Luxorr?

The Luxorr message blocks computer users' screens and demanding payment of a 100 Euro fine for allegedly downloading copyrighted music files from the Internet. This is a scam, a fake message, which exploits the name of Luxorr (Luxembourg Organisation For Reproduction Rights) in an attempt to scare PC users into paying a bogus fine.

Do not trust any information displayed by this message - the accusations of copyright law infringements are fake and paying this fine is equivalent to sending money to cyber criminals responsible for releasing this scam.

Fake messages such as these, which block computer screens and demand payment of fines to unlock PCs, are called ransomware. This particular ransomware infection originates from a family called Gimemo and targets PC users predominantly from Luxembourg.

What is Tono?

Tono is a legitimate organization, which protects the financial and legal rights of Norwegian and foreign composers, authors, and publishers of music. A recently-discovered ransomware infection exploits the name of this organization in order to trick unsuspecting PC users from Norway into paying a bogus 1000 NOK fine.

The fake message blocks computer users' screens, demanding payment of the fine using PaySafeCard for supposed copyright violations (downloading pirated music files). Tono has no connection with this message - this is a ransomware infection created by cyber criminals, and paying this fine is equivalent to sending money directly to them.

What is Buma Stemra?

The Buma Stemra message blocks computer users' screens, demanding payment of a 100 Euro fine for allegedly downloading copyrighted music files. This is a scam, a message created by cyber criminals that has no connection with the legitimate organization called Buma Stemra.

Fake messages such as these, which exploit the names of various authorities and organizations, are called ransomware infections. The main purpose of creating these messages is to trick unsuspecting PC users into paying bogus fines - money which is sent to cyber criminals.

This particular ransomware infection targets PC users from the Netherlands, exploits the name of Buma Stemra, and originates from a family of rogue screen lockers called Gimemo.

What is Creativetoolbars.com?

The Search.creativetoolbars.com website is promoted using a browser toolbar called SmartBar. This browser extension promises to enhance computer users' Internet browsing experience by providing them with Facebook and Twitter widgets, shortcuts to online games, etc.

This browser toolbar is not a virus and not related to malware infections, however, its developers use a deceptive promotion method called bundling. Commonly, this toolbar installs on users' computer without their consent using so-called 'installers'.

What is Policia Federal Argentina?

The Policia Federal Argentina message blocks computer users' desktops, demanding payment of a 200 ARS fine. This is a ransomware virus and should not be trusted - a scam developed by cyber criminals. The main goal of PFA ransomware is to extort money from unsuspecting PC users.

There are several ransomware families targeting computer users from Argentina including Raxm and Urausy (screenshots below). No genuine international authorities collect fines for any law violations by locking PC users' screens - this message is a cleverly-designed scam, which exploits the names of local authorities.

What is Instant Savings App?

The Instant Savings App browser add-on is developed by Innovative Apps, who claim that by installing it, Internet users will be able to save time and money when shopping online. This extension is compatible with Internet Explorer, Google Chrome, and Mozilla FireFox.

Whilst on first inspection Instant Savings App appears legitimate, in fact it is a potentially unwanted program distributed using a method called bundling.

The outcome of deceptive marketing methods such as these is that Instant Savings App users install this add-on unwillingly. This plug-in is not a virus or related to malware, however, it installs on users' computers together with free software downloaded from the Internet.

What is Polícia de Segurança Pública?

The Polícia de Segurança Pública message blocks computer users' desktops demanding payment of a 100 Euro fine. This is a scam, a deceptive message created by cyber criminals and targeting at PC users from Portugal.

This type of infection is called 'ransomware' and PC users should realize that the Portuguese Police do send these messages - it is a scam created by cyber criminals to infiltrate PCs by exploiting security vulnerabilities.

There are a number of ransomware families targeting PC users from Portugal including Reveton and Urausy. In both cases, cyber criminals make false accusations pertaining to watching pornography or downloading copyrighted content in order to scare unsuspecting PC users into paying the bogus fine.

What is ČESKÁ REPUBLIKA POLICIE?

The ČESKÁ REPUBLIKA POLICIE message blocks users' computer screens demanding payment of a 3000 CZK fine for supposed law violations relating to copyright, spam, etc.  

This is a ransomware scam, a type of infection developed by cyber criminals who operate by exploiting local authority names and displaying fake messages in order to extort bogus fines from computer users.

This ransomware predominantly targets computer users from the Czech Republic, however, note that there are several different families relating to this type of infection. The Czech Republic is targeted by the Reveton and Urausy ransomware families.