Ice Cyber Crime Center Virus Interface



The United States Courts Ransomware is a computer virus that hinders access to your Windows desktop and data files until you pay a fine in the amount of $300. It displays a bogus threat of legal prosecution indicating that the computer that it has compromised has been involved in illegally downloaded material such as, mp3s, movies or software. The United States Courts virus will also take a picture of the person that logs into the computer and it will display that photo as an added scare tactic. It also states that the fine must be paid through MoneyPak within 48 hours to avoid it's fake legal threats. The time limit is just another scare tactic to get you to pay the ransom quickly.


___________________________________________________________

The United States Courts Ransomware Displays a Warning That Includes:

YOUR COMPUTER HAS BEEN LOCKED

Criminal Case NO. 4:12CV072011

Illegally downloaded material (MP3's, Movies or Software) has been located on your computer.

By downloading or uploading, those files have been reproduced, thereby involving a criminal offense under 17 U.S.C.A. SS506(a) and 18 USCA SS2319 (2)(A)(B).

(a) Whoever violates section 506(a) (relating to criminal offenses) of title 17 shall be punished as provided in subsection (b) of this section and such penalties shall be in addition to any other provisions of the title 17 or any other law. (b) Any person who commits an offense under subsection (a) of this section--

(2) shall be fined not more than $250,000 or imprisoned for not more than two years, or both, if the offense:

(A) involves the reproduction of distribution, during any one-hundred-and-eighty-day period, or more than one ten but less than one hundred phono records or copies infringing the copyright in one of more sound recordings;

or

(B) involves the reproduction or distribution, during any one-hundred-and-eighty-day period, of more than two but less than sixty-five copies infringing the copyright in one or more motion pictures or other audiovisual works.

To unlock your computer and to avoid other legal consequences, you are obligated to pay a release of $300. Payable through GreenDot Moneypak. After successful payment, your computer will automatically unlock.

Failure to adhere to this request will involve criminal charges and possible imprisonment.

To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the "Submit" button.

Please note: This find may only be paid within 48 hours, if you left 48 hours pass without payment, the possibility of unlocking computer expires.

In this case the criminal case against you will continue automatically.


_________________________________________________________________

To remove the United States Courts ransomware, you'll need to download two utilities onto a clean computer and then transfer them to the infected computer via a burned cd/dvd. Those utilities include:




How to remove the United States Courts Ransomware from your computer

  1. To start, reboot the infected computer into "Safe Mode with Networking", by pressing the Function F8 key at system start up, before the "Windows Logo' appears.












  1. Log back into the infected account at the login screen.
  2. Once the desktop appears, click on “Start” and then “Computer” and then select the drive where the needed software that you downloaded on the clean system and then transferred on a burned cd is located.
  3. Next, start the copy of “Rkill” by clicking on “rkill.exe”. This utility will scan your computer and terminate malicious processes running in your computer’s memory.
  4. After “Rkill’ completes, extract the copy of Emsisoft Emergency Kit by double clicking on it’s executable.
  5. After the kit has been decompressed execute it by clicking on “Start.exe”
  6. Once it opens, click on “Emergency Kit Scanner”.


















  1. Next click on “Update Now” to update the kit’s definition files.

















  1. After the update completes, perform a deep scan of your computer.



















  1. After the deep scan completes, remove any malicious files and configuration files it finds.
  2. Next, after removing the malicious files, restart the computer normally.


At this stage your computer should be clear of the United States Courts ransomware. If it still shows signs of the original infection, proceed to the removal techniques below.


__________________________________________________


If there are still indications of the original infection, you’ll need to perform an additional scan with one more utility. For this technique you’ll need to download copies of:


You should be able to download the utilities at this stage from “Safe Mode with Networking”.

  1. So to start, reboot the computer into “Safe Mode with Networking”.











  1. Next log back into the account that displayed the infection.
  2. Once the desktop opens, download the utilities listed above. If you have a problem downloading them, use a clean system to download the files and then transfer them back to the infected computer via a burned cd/dvd.
  3. Once you have the two files, execute the copy of “Rkill” and let it complete it’s scan and configuration changes.
  4. Next, disable the real time protection from your currently installed anti-virus and then start “Combofix’ by clicking on it’s executable. It will take an estimated 20 minutes to complete it’s scan and removal process.
  5. After “Combofix completes and displays it’s log file, restart the computer normally.
  6. Once again check for any indications of the United States Courts ransomware. If there are still indications of it at this point, you will probably need to contact a professional to remove the infection.







Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.


©Smithtechres.com 2013 All Rights Reserved. Website Privacy Policy. Site Map

Emsisoft emergency kit interface Windows xp advanced options menu Emsisoft emergency kit security status screen Windows xp advanced options menu
Share on Twitter Share on Stumble Upon Share on Digg Share on Delicious


Providing cost-effective local computer repair and network support in the middle Tennessee area

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries

Related Tutorials That May Be Of Interest To You

  1. FBI MoneyPak Virus Removal Tutorial
  2. Mandiant USA Cyber Security Ransomware Removal Tutorial

The FBI and Mandiant Logos are the property of their respective organizations.

Mandiant Logo FBI Logo


You may also be interested in the following tutorials: