Mandiant U.S.A. Cyber Security virus removal guide

andy | July 16, 2013

The bogus warning supposedly coming from Mandiant U.S.A. Cyber Security is a serious virus infection. It has nothing to do with FBI. Department of Defense, U.S.A. Cyber Crime Center or Interpol. This virus is classified as ransomware because it locks the desktop of the attacked PC and then asks for the ransom to be paid in favor of cyber crooks who are the authors of this scam. If your system got locked by this scam then please follow the instructions set forth below.

Mandiant U.S.A. Cyber Security virus

Mandiant U.S.A. Cyber Security virus

When Mandiant virus attacks the PC the whole desktop gets locked. User cannot really do anothing with his/her PC. The malware has the only mission – to make users really scared about their future destiny. The locker accuses users of performing various crimes online through the attacked computer. As a solution to unlock it the virus tells that users must pay the fine (which is not a real fine but rather the ransom).

If your system got locked by Mandiant virus please ignore its fake and scary warning! No matter how scary the message is – you should disregard it completely. Do not pay any fine through Greendot Moneypak payment system or through Moneygram. Doing so is a serious mistake, because the funds go immediately into the pockets of cyber frauds. Instead please follow the guidelines below.


Quotation from scary message:

Mandiant U.S.A. Cyber Security
FBI. Department of Defense
U.S.A. Cyber Crime Center
Interpol
Attention!
Your computer has been blocked for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
Amount of fine is 300$. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Ransomware unlocking procedure

Note! This tutorial is effective for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.

  1. Restart your computer and press F8 while it is restarting.
  2. Choose safe mode with networking.
  3. safe mode with networking

  4. Press Start menu and select Run, or press [Win]+R on keyboard.
  5. Run command

  6. Type msconfig
  7. msconfig

  8. Disable startup items rundll32 turning on any application from Application Data.
  9. Restart your system once again.
  10. Scan your system with GridinSoft Trojan Killer to identify file and delete it.

Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:

  1. Reboot normally.
  2. Click Start and choose Run.
  3. Enter the text specified in the quotation below. If malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter.
  4. http://trojan-killer.net/download.php

  5. Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your PC with it.

Download GridinSoft Trojan Killer for thorough system checkup

Leave a comment

*