What is the Sabam virus (Fake SABAM malware/ransomware)?
The Sabam virus is a malware infection categorized as ransomware (similar to the FBI virus) that infects computer systems undetected disguised as the Belgian Society of Authors, Composers and Publishers known as SABAM. The Sabam virus uses ransomlock Trojans to unethically lock a computer system from being accessed or used. Once a system is locked, the Sabam infection displays a full screen page that claims the computer has been used in illegal cyber activity such as downloading illegal content and copyrighted, “pirated” music and/or videos.
The malicious purpose of the Sabam virus is to frighten and persuade infected computer users into paying a ransom or “fake fine” between €50 to €200 ($50 – $200 USD) using popular credit systems including Paysafe card, Esso, Finac, Octa+, Total, Relay, and Q8.
Please note, you are not in trouble with SABAM and paying the “fake fine” will not remove the SABAM virus, nor protect your computer from further complications relating to the infection. Use the instructions provided in this article to easily and safely remove the Sabam virus and unlock your computer without paying the ridiculous fine or seeking unnecessary technical assistance.
Sabam virus dangers and symptoms
The Sabam virus and ransomware malware category in general are very dangerous infections that leave a computer system and owner completely vulnerable to severe cyber criminal activity including credit theft, extortion, identity theft, and more. The fake Sabam infection is even capable of causing a computer system to lose complete functionality and/or may wipe an entire hard drive, in turn causing a slew of hardware frustrations.
Described below is the process of the SABAM infection, as well as dangers and symptoms.
- The Sabam virus infects a computer system with help of ransom lock Trojans that allow the Sabam infection to operate as the cyber criminals intended it to.
- The Sabam virus locks computer systems and displays a fake SABAM screen page that claims the computer via IP address and geographical location has been involved with illegal online activity including the downloading of pirated media such as music and videos. The same fake Sabam page also details the payment or “fake fine” system, demanding a penalty or fine be paid in order to unlock the computer. (Please note, paying the fine will not fix the Sabam virus. DO NOT pay the fine!)
Some of the content on the fake Sabam virus page are detailed below:
Illegaal gedownloads muziak stukken (“door piraterj verkregen”) zijn gelegen op de computer.
Met het downloaded de ledjes zijn gekopleerd, zodak kan ook een strafbear feit onder 106 van de Auteurswet.
- If the Sabam virus is not removed from your computer your computer is at risk of further and more severe backdooor intrusions, not to forget, the Sabam virus is capable of installing keyloggers to record keyboard strokes and can take complete remote control of a computer system. – Meaning, a cyber criminal can control and use an infected computer from an unspecified location as if they are sitting in front of the infected computer.
What is SABAM? Is SABAM a real collective rights company?
SABAM is a real company or collective rights organization though the Sabam virus is completely unrelated to the legitiamte Belgian Society of Authors, Composers and Publishers.
SABAM collects, distributes and manages (in the broadest sense of the word) all copyrights in Belgium and all other countries where reciprocal agreements have been negotiated (with their sister associations, i.e. other collection societies).
The collective rights organisation SABAM is a cooperative company with limited liability under Belgian law (CVBA/SCRL). Under no circumstance is it a ministry or a semi-public undertaking.
The organisation was founded in 1922 by a number of authors. SABAM’s members consist of thousands of artists from every artistic discipline imaginable SABAM is primarily associated with music but represent composers, writers, publishers, playwrights, choreographers, directors, screenwriters, dialogue writers, broadcasters, subtitlers, translators, novelists, poets, comic book writers, illustrators, journalists, sculptors, painters, videographers, designers, photographers, graphic artists…
Source: http://www.sabam.be/en/sabam/who-are-we
- If you are infected with the SABAM virus, if you simply notice the SABAM screen prompt on your computer you are NOT in trouble with SABAM, they will NEVER lock your computer for such issues. Use the directions detailed blow to remove the SABAM virus from your computer.
How to remove the Sabam virus (SABAM Ransomware Removal)
The SABAM virus is very dangerous and if present on a system should be removed immediatly. Use the directrions below to remove Sabam ransomware affecting your system.
To ensure removal of the fake Sabam virus is complete it is recommended to scan your system with a reputable Anti-Malware scanner such as Malwarebytes (free or paid).
1. Malware Removal Software – Tools
Malwarebytes is the most recommended Antivirus (Anti-Malware) software used to scan, detect, and remove ransomware including the SABAM virus and similar ransomware such as the Anonymous virus and FBI virus. View other Antivirus recommendations.
- Use a reputable Antivirus or Anti-Malware such as suggested Malwarebytes software to perform a full system scan in order to detect and remove the SABAM ransomware virus.
2. System Restore (Troubleshoot)
To easily remove the SABAM virus perform a system restore to an automatic restore point created by Window’s each week and during system updates. System restores are great for troubleshooting the removal of software and malware, especially ransomware.
3. Safe Mode With Networking
To troubleshoot internet or network access in case of malfunction, in order to remove the SABAM virus, use the steps below.
The primary objective of using the Safe Mode with Networking option is to install or update proper utilities from the internet to assist in removing the SABAM virus.
Log into an account with administrator rights.
1. As the computer is booting tap the F8 key continuously to reach the correct menu screen (pictured below). On the Advanced Boot Options screen, use your keyboard to navigate to “Safe Mode with Networking” and press Enter.
Please note, the screen may appear black with the words “safe mode” in all four corners. Click your mouse where the Windows start menu usually is to bring up the necessary browsing menu or window.
2. If you are able to access the internet, install software such as Malwarebytes and remove the SABAM ransomware virus.
3. If you still can’t access the Internet after restarting in safe mode with networking, try resetting your Internet Explorer proxy settings using the 2 separate options detailed below.
How To Reset Internet Explorer Proxy Settings
- Option 1
In Windows 7 click the Start button . In the search box type run and in the list of results click Run.
-or-
In Windows Vista click the Start button and then click Run.
-or-
In Windows XP click Start and then click Run.
Copy and paste or type the following text in the Open box in the Run dialog box and click OK:
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyEnable /t REG_DWORD /d 0 /f
In Windows 7 click the Start button. In the search box type run and in the list of results click Run.
-or-
In Windows Vista click the Start button and then click Run.
-or-
In Windows XP click Start and then click Run.
Copy and paste or type the following text in the Open box in the Run dialog box and click OK:
reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyServer /f
Restart Internet Explorer and then follow the steps listed previously to run the scanner
- Option 2
Launch Internet Explorer. In Internet Explorer go to: Tools >Internet Options >Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
4. It is now recommended to download Malwarebytes (free or paid version) and run a full system scan to remove the SABAM virus.
Extra Removal Tips:
- Users infected with ransomware are usually allowed to access other user accounts on Windows. If such accounts have administrator rights, you will be able to launch an Anti-malware program using the administrative account.
- Some ransomware infections use flash. Try to deny Flash to make the SABAM ransomware screen go away and/or to make the infection improperly function. To disable Flash, go to Macromedia support site and select Deny: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing so, it is suggested to run a full system scan with and Anti-malware program suggested in this article.
Leave a Comment