U.S.A. Cyber Crime Investigations malware is a ransomware that targets computer users from the USA. It has several versions that attack computers based on the state they are located in, for example, Cyber Command of New York virus, Cyber Command of South Texas virus and so on. The program is installed with the help of Trojan viruses without users’ consent.
Once inside the system, U.S.A. Cyber Crime Investigations malware locks your computer entirely. You will not be able to access any of your programs or surf the Internet. The program only displays a message in the middle of your computer screen pretending to be a police institution accusing you with violating the law. The virus states that you have to pay a fine in order to get your computer unblocked. Below we provide the message that appeared on the screen of computer that was infected in New York:
U.S.A. Cyber Crime Investigations
Cyber Command of New York
Attention! Your computer has been blocked up for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
U.S.A. Cyber Crime Investigations malware uses two payment systems to collect the money – MoneyPak and Money Gram. Both of these systems are legal and they both require pre-paid cards in order to make a transfer. Please note, Police would never use such methods to collect the fines from you. It is just one more prove that U.S.A. Cyber Crime Investigations malware is a scam that was only designed to make financial benefits for cyber criminals. It has nothing to do with police of the USA.
Remove U.S.A. Cyber Crime Investigations malware as soon as possible, if your computer was infected by any version of this malicious program. Since the program blocks an infected system, it is not easy to eliminate it. If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for U.S.A. Cyber Crime Investigations malware but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify U.S.A. Cyber Crime Investigations malware files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for U.S.A. Cyber Crime Investigations malware files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
Thanks for security researcher Kafeine for sharing about this group of ransomware programs.
Automatic Malware removal tools