I have been infected with a rogue antivirus while attempting to access an Icefilms source for the sixth time in as many weeks. The infection has definitely come from a link to an icefilms source. The latest one happened an hour ago. I cannot post the link because to copy and paste it would require opening the link which would then reinfect my system. The infections have occurred when I open the link to the movie I have intended to watch. The latest one was the first source for the movie Kill The Irishman.
I am a computer technician with 28 years of experience and I clean this crap from people's pc's on almost a daily basis. It does not matter what security applications you have installed. I have removed the very same rogue antivirus program from pc's that were supposedly protected by Norton, Bitdefender, Kaspersky, McAfee, Nod32 , Trend Micro as well as a plethora of free antivirus programs.
Someone mentioned MalwareBytes and SuperAntiSpyware. These programs do NOT offer real time protection unless you are using a paid for subscription and are only really useful for cleaning up after the fact.
If you are using any flavor of XP you have to boot to SAFE MODE with NETWORKING SUPPORT. The infection is often root kit based and no amount of scanning with standard antivirus programs will reveal the infection. You then need to be able to connect to the net and download COMBOFIX to your desktop. Often the infection will rear its ugly head the second you try to launch any browser. If that is the case then you need to download combofix from another pc and copy it to your desktop in safe mode with net support. Having done that open Task Manager and wait for the infection to appear. When it does appear, switch to Task Manager and look for an oddly named .EXE file ( tonight, in my case, it was jii.exe ) kill the process then immediaately launch combofix. Once combofix has launched, do NOT click on anything other than any response combofix requires from you. It may want to update and it may want to install the Recovery Console. Allow it to complete. If combofix wants a reboot make sure you choose safe mode with net support before your os boots to standard mode. Combofix will produce a logfile displaying files and/or folders it has deleted.
Every time I have gotten this infections from an Icefilms source, combofix has deleted files and folders related to something named PriceGong.
Next you can use MalwareBytes and/or SuperAntiSpyware to clean up any other files or registry entries left behind.
Reboot to standard mode, DISABLE System Restore, reboot and ENABLE System Restore to purge the infection completely.
Another tip for XP users is to install Comodo Time Machine. It is far superior to System Restore and by virtue of the way it works, will NOT restore an infection like System Restore will if you choose to restore to a date BEFORE the infection occurred. Another thing this type of infection does is to break XP's EXE file association. If you cannot launch .EXE files then copy and paste this link, http://filext.com/WinXP_EXE_Fix.reg
into your browser's address bar, save then launch it to restore the registry settings that control EXE file associations.