USA Cyber Crime Investigations Virus

Also Known As: USA Cyber Crime Computer Blocker
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

USA Cyber Crime Investigations, Cyber Command of [State name] virus removal instructions

What is USA Cyber Crime Investigations?

The USA Cyber Crime Investigations, Cyber Command of [State name] message, "ATTENTION! Your computer has been blocked up for safety reasons listed below", blocks computer screens and demands payment of a $300 fine (using MoneyPak or MoneyGram) for alleged law violations. This is a scam. These messages are not sent by any legitimate authorities from the USA - they are caused by a ransomware virus created by cyber criminals. The virus originates from a family called Urausy and targets PC users from the USA - specifically, various states including California, Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia, and Florida. This targeting is possible since ransomware viruses are capable of detecting the IP addresses of computers infiltrated. This information allows cyber criminals to serve localized variants of their fake messages.

PC users should be aware that no legitimate authorities or organizations, internationally, use computer screen-blocking messages to collect fines for any law violations. This is a scam and paying the fake fine is equivalent to sending your money to cyber criminals. The USA Cyber Crime Investigations message, which demands payment of a fine to unblock your computer, is a scam - ignore this message and do not pay any fines. The correct way to deal with this message is to eliminate it from your computer.

USA Cyber Crime Investigations virus

The USA Cyber Crime Investigations virus targets various states of the USA, however, if cyber criminals are unable to detect a specific location of the PC targeted for infection, the user's screen is locked with the message, "Mandiant U.S.A Cyber Security". Commonly, these ransomware viruses are distributed using 'exploit kits', which infiltrate users' operating systems via security vulnerabilities detected within outdated software (Java, Flash, etc.) Therefore, the best way to protecting your computer is to keep all software up-to-date and use legitimate antivirus and anti-spyware programs. The USA Cyber Crime Investigations ransomware virus is a typical scam, which exploits the names of legitimate authorities in order to make the fake message appear authentic. To create a sense of urgency, cyber criminals implement a 48-hour countdown timer and stipulate that the fine be paid within this period - otherwise a criminal case will be opened. In fact, this is merely a cleverly-designed scam, which attempts to trick PC users into paying the bogus fine. If your computer is infected with the USA Cyber Crime Investigations virus, use the removal instructions provided to eliminate this scam from your PC.

Fake message displayed by the USA Cyber Crime Investigations virus:

USA Cyber Crime Investigations.

Cyber Command of [State name] (Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia, Florida or California).

ATTENTION! Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, ware.) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
Unauthorized access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of United States of America criminal law ("Law on negligent and reckless disregard of computers and computer aids").
Article 215 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to 100.0000 fine.
Further, after information of your personal computer was examined, it was found out that your personal computer had been regularly used for bulk spamming, either arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 301 of United States of America criminal law ("On bulk-spamming and malware (virus) dissemination`).
Article 301 of United States of America criminal law provides for the punishment of deprivation of liberty for term up to 5 years, and up to 250.0000 fine.
Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.
However, pursuant to Amendments to the United States of America criminal law dated October 9, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incident before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case wilt be opened against you. Amount of firm is 300$. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise, your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
Please mind, that you should enter or4 verified pussy of vouchers and abstain from caching out of vouchers once used for fine payment. If erroneous pussy were entered, or if attempt was made to cancel vouchers after transaction, then, apart from above breaches, you will be charged with fraud (Article 377 of United States of America criminal law; 1 to 3 years of imprisonment) and criminal case will be opened.

Quick menu:

USA Cyber Crime Investigations virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

remover for USA Cyber Crime Investigations virus

If you need assistance removing USA Cyber Crime Investigations Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of this virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer. After removing the USA Cyber Crime Investigations virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the USA Cyber Crime Investigations virus:

Add comment
PCrisk.com is not responsible for the content of the comments.


About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.