USA Cyber Crime Investigations Virus
Written by Tomas Meskauskas
Damage level: Severe
USA Cyber Crime Investigations, Cyber Command of [State name] virus removal instructions
USA Cyber Crime Investigations, Cyber Command of [State name] message "ATTENTION! Your computer has been blocked up for safety reasons listed below" which blocks computer's screen and demands to pay a fine of $300 (using MoneyPak or MoneyGram) for supposedly made law violations is a scam. This messages wasn't send my any real authorities from USA, it's a ransomware virus created by Cyber criminals. It originates from a family called Urausy and is targeted at PC users from USA, more specifically at various states of USA. Cyber criminals who are responsible for developing this scam are targeting these states: California, Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia and Florida. Such targeting is possible due to the fact that ransomware viruses are capable of detecting the IP address of the computer that they infiltrate, this information allows Cyber criminals to serve localized variants of their fake messages.
PC users should understand that in reality none of authorities or organizations around the world are using computer's screen blocking messages to collect fines for any law violations - it's a scam and paying this fake fine would equal to sending one's money to Cyber criminals. USA Cyber Crime Investigations message which demands to pay a fine in order to unblock one's computer is a total scam, ignore this message and don't pay, the right way of treating this message is it's elimination from one's computer.
USA Cyber Crime Investigations virus is targeted at various states of USA, however if Cyber criminals are unable to detect the location of the PC that is being infected computer's screen gets locked with a message "Mandiant U.S.A Cyber Security". Most commonly such ransomware viruses are being distributed using exploit kits which infiltrate user's operating system using found security vulnerabilities in out-dated software (Java, Flash, etc.), so the best way of protecting one's computer is keeping all of the software up-to-date and using legitimate antivirus and anti-spyware programs. USA Cyber Crime Investigations ransomware virus is a typical scam which exploits the names of legitimate authorities to make the fake message appear more realistic. To create a sense of urgency Cyber criminals are using a 48 hour count down timer and states that if the fine is not payed criminal case will be opened. In reality it's just a cleverly designed scam which is trying to trick PC users into paying a non existent fine, if your computer is infected with USA Cyber Crime Investigations virus use the provided removal instructions and eliminate this scam from your PC.
Fake message presented in USA Cyber Crime Investigations virus:
USA Cyber Crime Investigations
Cyber Command of [State name] (Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia, Florida or California)
ATTENTION! Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, ware.) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
Unauthorized access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of United States of America criminal law ("Law on negligent and reckless disregard of computers and computer aids").
Article 215 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to 100.0000 fine.
Further, after information of your personal computer was examined, it was found out that your personal computer had been regularly used for bulk spamming, either arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 301 of United States of America criminal law ("On bulk-spamming and malware (virus) dissemination`).
Article 301 of United States of America criminal law provides for the punishment of deprivation of liberty for term up to 5 years, and up to 250.0000 fine.
Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.
However, pursuant to Amendments to the United States of America criminal law dated October 9, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incident before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case wilt be opened against you. Amount of firm is 300$. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise, your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
Please mind, that you should enter or4 verified pussy of vouchers and abstain from caching out of vouchers once used for fine payment. If erroneous pussy were entered, or if attempt was made to cancel vouchers after transaction, then, apart from above breaches, you will be charged with fraud (Article 377 of United States of America criminal law; 1 to 3 years of imprisonment) and criminal case will be opened.
USA Cyber Crime Investigations virus removal:
Windows XP and Windows 7 users: During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced startup options, in the opened "General PC Settings" window select Advanced startup. Click on "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into Startup Settings screen. Press "5" to boot in Safe Mode with Command Prompt.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Log in to the account that is infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
If you can't start your computer in safe mode with networking, try doing a system restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the this ransomware virus infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended malware removal software to eliminate any left remnants of this virus.
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of this infection disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing USA Cyber Crime Investigations virus from your PC restart your computer and scan it with a legitimate anti-spyware software to remove any possibly left infected files.
Other tools known to remove USA Cyber Crime Investigations virus: