United States Cyber Security Virus
Written by Tomas Meskauskas
Damage level: Severe
United States Cyber Security Virus removal guide
United States Cyber Security screen locker is a ransomware computer infection originating from a family of ransomware called Reveton. This screen locker is created by Cyber criminals in the hope that unsuspecting computer users will fall for the scam and pay a bogus fine of $100. Do not consider paying this fine - you will send your money to Cyber criminals and your PC will remain locked. The deceptive message within this ransomware suggests that you have been watching or distributing child pornography, etc., and thus infringing copyright laws. Do not believe a word presented in this message. It is a scam, since no authorities block computers to collect fines for law infringements. To make their screen lockers appear authentic, Cyber criminals use the names of authorities, and in this case, United States Cyber Security.
Previously, ransomware infections exploited the name of the FBI, Interpol, and other authorities. Furthermore, this ransomware infection is able to capture your computer's IP address, and using this information, the deceptive message within this screen locker is localized. Whilst the United States Cyber Security ransomware targets computer users from USA, other ransomware from this family is known to target computer users from Sweden and other countries - displaying a deceptive message in the local language and exploiting names of authorities from the country. For example, PC users from Sweden will see a message from Den svenska polisen it sakerhet.
Ransomware infections such as this are a profitable business for Cyber criminals. They continue to create new screen lockers and distribute them over the Internet. Commonly, these scams are proliferated using Trojan infections and drive-by downloads. Furthermore, Cyber criminals bundle their ransomware within other security threats such as Citadel and Zeus Trojans. To prevent these infections entering your PC, update your operating system and installed software regularly. Also use legitimate antivirus and anti-spyware programs to secure your computer. If your PC is already infected with United States Cyber Security ransomware, use the removal guide provided to help you eliminate it from your computer.
A fake message displayed within United States Cyber Security ransomware:
United States Cyber Security.
Your PC is blocked due to at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article 1, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content ( Child Porno, Zoofilla and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years. Pursuant to the amendment of the Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine of the State. Fines may only be paid within 24 hours after the infringement. As soon as 24 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 24 hours! To unlock the computer, you must pay the fine through MoneyPak of $100.
How to unlock computer using the MoneyPak?
1. Find a retail location near you.
2. Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash. A service fee of up to $4.95 will apply.
3. To pay fine, you should enter the digits MoneyPak resulting code in the payment form and press Pay MoneyPak.
When you pay the fine, your PC will be unlocked in 1 to 48 hours after the money is put into the State's account.
United States Cyber Security scam removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with United States Cyber Security ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.
After completing these steps your computer should be clean. Reboot your computer in Normal Mode.
Alternative United States Cyber Security ransomware removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened Command Prompt type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.
3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of United States Cyber Security ransomware.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing United States Cyber Security ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Anti-spyware programs known to detect and remove United States Cyber Security ransomware: