Remove Mandiant USA Cyber Security virus (MoneyPak Scam)

The Mandiant USA Cyber Security MoneyPak ransom is a computer virus, which locks your computer and displays a notification from the Interpol which states that you have been associated with child pornography sites or other illegal online activity, and demands the payment of a 300$ fine in the form of a MoneyPak or MoneyGram vouchers.

The Mandiant USA Cyber Security virus is described as drive-by malware because unlike many viruses, which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of United States law, thus rendering the computer unusable.
The bogus message goes on to say that the user’s Internet address was identified by the Mandiant USA Cyber Security as having been associated with child pornography sites, using unlicensed software, or sharing copyrighted files.
To unlock their machines, users are required to pay a fine of 300$ using a MoneyPak or MoneyGram card service within 48 hours to gain access to your computer again. Paying the “fine” will not necessarily return your computer to a usable state, so this is not advisable.

If your computer is infected with Mandiant USA Cyber Security virus, you’ll see the following lock screen:
Mandiant USA Cyber Security MoneyPak virus
When you are locked out of Windows you will be shown a screen that contains the following text:

Mandiant U.S.A. Cyber Security
FBI. Department of Defense
U.S.A. Cyber Crime Center
Interpol

Attention!
Your computer has been blocked up for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.

Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.

Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
…..
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is 300$. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

It is important to remember that this is a computer infection and not an actual alert from the Mandiant USA Cyber Security. Therefore, ignore anything it displays and instead use the removal guide below to remove the Mandiant USA Cyber Security ransomware from your computer.

Mandiant USA Cyber Security – Virus Removal Guide

The Mandiant USA Cyber Security MoneyPak virus can be removed by using either System Restore from Safe Mode with Command Prompt (Option 1), or if this infection will not allow you to start your computer in Safe Mode, then we can use HitmanPro KickStart (Option 2).
OPTION 1: Remove Mandiant USA Cyber Security virus with System Restore
OPTION 2: Remove Mandiant USA Cyber Security virus with HitmanPro KickStart

OPTION 1: Remove Mandiant USA Cyber Security virus with System Restore

The Mandiant USA Cyber Security virus, will prevent you from starting your regular Windows session or boot into Safe Mode with Networking, however this trojan will allow not deliver its payload when booting into Safe Mode with Command Prompt.

STEP 1: Restore your computer to a previous date to remove Mandiant USA Cyber Security lock screen virus

In this first step, we will try to boot your computer in Safe Mode with Networking, and from there, we will perform restore your computer files and settings to a previous date.

  1. To get started with Safe Mode with Command Prompt, turn off your computer. As soon as you press the power button, begin tapping the F8 key multiple times to open the Boot Menu.
  2. Using your arrow keys, highlight Safe Mode with Command Prompt, and select Enter.
    [Image: Boot in Safe Mode with Command Prompt]
  3. Allow Windows time to load the necessary processes, and very soon you’ll see a full screen command prompt window as I showed you before.
    Image of Use System Restore to remove malware
    If you are using Windows XP, you’ll need to enter %systemroot%\system32\restore\rstrui.exe and press Enter.
    However, if your computer is Windows Vista,7 or 8, it’s a little bit easier. Simply type rstrui.exe and press Enter.
  4. System Restore will open and you’ll need to select a restore point prior to when your computer was infected with Mandiant USA Cyber Security virus.
    Image of Remove Mandiant USA Cyber Security virus with System Restore]

STEP 2: Scan your computer for Mandiant USA Cyber Security virus

Even after performing a System Restore to a previous date, there might be some left over files from this Mandiant USA Cyber Security virus infection. Therefore, we will perform a system scan with Malwarebytes Anti-Malware and HitmanPro, to check for any infections that might be present on your machine.

Run a computer scan with Malwarebytes Anti-Malware to remove Mandiant USA Cyber Security virus

To remove the Mandiant USA Cyber Security malicious files we will be using Malwarebytes Anti-Malware Free, a powerful on-demand scanner which can detect and remove this infection.

  1. Download the latest official version of Malwarebytes Anti-Malware Free.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. After you have downloaded Malwarebytes Anti-Malware,double click on mbam-setup.exe file to start the installation process and then follow the prompts to install this product.
    Image: Malwarebytes Anti-Malware installation
  3. On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer for any possible infections.
    Image: Malwarebytes quick scan
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Mandiant USA Cyber Security malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Mandiant USA Cyber Security virus]
  5. When the scan is finished a message box will appear, click OK to continue.
    [Image: Malwarebytes scan report]
  6. You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has found on your computer.
    Make sure all the infected objects are Checked (Ticked) for removal and then click on the Remove Selected button to remove them.
    Image of Malwarebytes Anti-Malware removing Mandiant USA Cyber Security virus

Run a computer scan with HitmanPro to remove Mandiant USA Cyber Security virus

HitmanPro is a cloud on-demand scanner, that uploads unknown files to the a scan sloud where are analyzed using the anti-virus programs of 5 different vendors (Bitdefender, Emsisoft, G-Data, IKARUS and Dr. Web).

  1. You can download the latest official version of HitmanPro from the below link.
    HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
  2. Double click on the HitmanPro.exe file to start the HitmanPro and then follow the prompts to start a system scan with this program.
    [Image: hitmanpro-scanning.png]
  3. HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take anywhere from 5 to 10 minutes.
    [Image: hitmanpro-scanning.png]
  4. Once the scan is complete,a screen displaying all the malicious files that the program has found will be shown as seen in the image below.After reviewing each malicious object click Next.
    [Image: HitmanPro detecting Mandiant USA Cyber Security malicious files]
  5. Click Activate free license to start the free 30 days trial and remove Mandiant USA Cyber Security virus.
    [Image: hitmanpro-activation.png]
  6. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

OPTION 2: Remove Mandiant USA Cyber Security virus with HitmanPro KickStart

As the Mandiant USA Cyber Security Ransomware infection locks you out of your computer, you will need to create a bootable USB drive that contains the HitmanPro.Kickstart program. We will then boot your computer using this bootable USB drive and use it to clean the infection so that you are able to access Windows normally again.
You will also need a USB drive, which will have all of its data erased and will then be formatted. Therefore, only use a USB drive that does not contain any data that you need. This USB drive must also have a size of at least 32 MB.

  1. Download HitmanPro KickStart on a clean computer from the below link.
    HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro KickStart)
  2. Once the USB drive is attached to your computer, double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows), then click on the little picture of the person performing a kick.
    Create bootable HitmanPro Kick.Start usb]
  3. In the next screen, select the USB drive that you would like to use and then click on the Install Kickstart button.
    Install HitmanPro on USB
  4. Now remove the HitmanPro Kickstart USB drive and insert it into the infected computer.
  5. Once it is inserted, turn off the infected computer and then turn it on. As soon as you power it on, look for text on the screen that tells you how to access the boot menu. This text will typically contain a key that they want you to press on your keyboard in order select the device you wish to use to boot your computer. The keys that are commonly associated with enabling the boot menu are F8, F11 or F12.
    Start computer from HitmanPro Kick.Start USB
    Once you determine the proper key that you need to press to access the Boot Menu, restart your computer again and start immediately tapping that key. Once the boot menu appears, you can select the device you wish to boot your computer from. Select the USB drive that you have installed HitmanPro.Kickstart on and that is inserted into the infected computer.
  6. When your computer will load from the HitmanPro Kickstart USB, you will be presented with a screen asking you to select the USB boot options you wish to use.
    Load computer from HitmanPro KickStart to bypass Mandiant USA Cyber Security virus
    At this screen, please press 1 (Bypass Master Boot Record) on your keyboard and you will see that Windows begins to start normally.
  7. When Windows starts, you should login as normal and you will once again see the Mandiant USA Cyber Security screen locker. After about 15-20 seconds, the HitmanPro window will appear on top of the Mandiant USA Cyber Security virus, and you’ll need to click on Next button to install this on-demand scanner.
    HitmanPro installation process
  8. When HitmanPro has completed it’s scan, click on the Next button, then click on Activate free license to remove Mandiant USA Cyber Security virus.
    Remove Mandiant USA Cyber Security virus with HitmanPro

Your computer should now be free of the Mandiant USA Cyber Security Uaskh virus. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

It’s your turn to help!

All our instructions are completely free of any charge. If you like to support our work with a donation, your charitable contribution supports our team in their mission against malware.






About George Ionescu

My name is George Ionescu, and I'm one of the "good people" from PcInfected.com
I have joined this website in an attempt to help the Internet users when trying to remove malware from their machines.