Cyber Command of Utah virus - How to remove?
Cyber Command of Utah virus is one more ransomware from Urausy family. This version attacks computers that are located in Utah state. There is a bunch of other new versions of this ransomware that attack computers at the level of states. Before it was infiltrating into computers based on the countries where computers are located and using different names of police institutions. For example, users from the United States have been badly attacked by ICE Cyber Crimes virus.
Cyber Command of Utah virus is installed to random systems with the help of Trojan viruses, just like all previous versions of this ransomware. It doesn’t ask for users’ permission and infiltrates completely secretly. Once inside, the programs locks your computer entirely without leaving access to any of your programs. It also displays a warning on your computer screen blaming you for violating the law. Have a look at the message below:
U.S.A. Cyber Crime Investigations
Cyber Command of Utah
Attention! Your computer has been blocked up for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
Cyber Command of Utah virus asks to pay a fine of $300 because of using illegal content. It claims that you are suspected for downloading pirated music and videos as well as using and distributing pornographic files. As the message completely blocks your computer, you may think you are in big trouble. The truth is Cyber Command of Utah virus has nothing to do with any legal institutions. It was developed by cyber criminals who want to earn money easily.
Beware that police would never report about law violations by displaying a message on your computer screen and it would never block your computer. Another suspicious thing is that Cyber Command of Utah virus asks you to make a transfer over Moneypak of Moneygram payments systems. Although they are legal systems to make money transfers, no official institution would ask you to make a payment using prepaid cards. It is strongly recommended to remove Cyber Command of Utah virus from your system immediately after its detection.
As the virus doesn’t allow to run any programs on your computer, the removal is not that easy. If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. Spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Cyber Command of Utah virus but some others might be used.
- Restart the system once again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify Cyber Command of Utah virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Cyber Command of Utah virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
Thanks for security researcher Kafeine for sharing about this group of ransomware programs.