ACCDFISA Protection Program Ransomware - How to remove

ACCDFISA Protection Program Ransomware

ACCDFISA Protection Program is a cyber infection, ransomware, that tries to mislead its victims that they are infected with dangerous virus illegally sending various spam messages filled with malicious links from their computers. To make this look really convincing, malware locks its victims out of the Windows desktop and displays misleading alert that asks to make a $100 payment via Moneypak or Paysafecard services. It also claims that you must do that within 48 hours if you don’t want to find all your documents and operating system deleted. In fact, it archives all the documents into archives with a password and runs malicious processes that delete files upon decryption attempt.

However, no matter that ACCDFISA states that it represents the Anti Cyber Crime Department of Federal Internet Security Agency, you must never fall for it because it seeks only to get some money from you. By convincing its victims that they have been found to spread malicious links to websites filled with child pornography or other illegal content, scammers simply try to encourage them to pay the fine. However, you must only ignore ACCDFISA ransomware and its alert, saying something like that:

ACCDFISA Protection program
Warning! Access to your computer is limited.

From your computer was detected mailing (spam)advertises illegal sites with child pornography, which contradicts law and harm other networking users.

Probably your computer has been infected and as a result our service locked access to your computer, including a fully networked access (except for our staff).

As the virus sends the illegal spam mail is very dangerous and modifies itself every 48 hours, including removing our program protection, you have 48 hours, otherwise we will remove all protection program data including the operating system and all your files without possibility of recovery.

To solve this problem you need to buy and send sms with MoneyPak or Paysafecard or Ukash code (100$ or 100E) and your Reference Number: 471951751100 to the special service phone number: +18722161445 or email: [email protected])

You can buy MoeyPak card at the nearest stores: Walgreens, Walmart, CVS/pharmacy, Kmart, SevenEleven, Rite Aid or go to to find location stores near you.

To find Paysafecard location stores near you visit or Ukash at

After that our experts withing 1-3 hours will do audit and clean up your computer from viruses sending out spam and send out you sms on the cell phone or email (from which you sent card code and your reference number) control code (which unlock your PC) that must be enter here.

After a  closer look it has been revealed that this program starts as soon as PC is rebooted. It additionally removes Windows Safeboot Registry key so that its victims wouldn’t be capable to reach Safe Mode and remove it from their PCs. If you have ACCDFISA on your computer, make sure you don’t pay for it and remove this ransomware without any delay. According to this post, malware might be distributed manually at the moment, by hackers infecting machines through stolen passwords. This means that you should change your windows password, and (if this happened to companies PC) notify administration staff.

NOTE: It is very important to decrypt data after the ACCDFISA Protection Program malware process is terminated, or you might loose information on your PC.

ACCDFISA Protection Program special removal instructions

1. If you are stuck in screen asking for Control Code, try entering 753491980167921.

2. To recover your internet access, go to your network and sharing center, press on your network, properties, Internet Protocol version 4. You will need to enter correct information of your network adapter. A good guess is using automated settings (obtain an IP address automatically). Contact your ISP for details.

3. Run :

net stop netprofms
net stop WdiServiceSysHost
sc delete netprofms
sc delete WdiServiceSysHost
reg delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v svchost /f

Reboot afterwards.

4. C:\Windows\system\wcmtstcsys.sss or C:\Windows\SysWOW64\wcmtstcsys.sss will contain all the files that have been “encrypted” by ACCDFISA Protection Program. These encrypted programs are in fact RAR archives, encrypted with password 1a2vn57b348741t92451sst0a391ba72. So encrypted has became document.doc.aes. Download winrar program and unencrypt them all.
5. Scan your PC with Microsoft’s malicious software removal tool, Malwarebytes Anti-Malware, spyhunter and your regular antivirus. ACCDFISA Protection Program might be a result of keylogger attack. It is extremely important to change passwords after this infection.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Removal guides in other languages

3 responses to “ACCDFISA Protection Program Ransomware

  1. I got infected with this and the unlock code does not work. What other options do I have?

  2. @tnerbb
    tnerbb, Did you have any luck? I am infected to but the infection is slightly different and the password doesnt work.

  3. I got a variant of it today too. Nothing is working for me either. I was able to get to safe mode but beyond that, none of the files that we’re supposed to delete are there.

Leave a Reply

Your email address will not be published. Required fields are marked *