How To Remove The United States Cyber Security Department Of Defense Ransomare Virus (US Security Malware)

Sean Doyle

Sean Doyle is an engineer from Los Angeles, California. Primary focuses include internet security and web spam. Google+

21 Responses

  1. Anonymous says:

    what if the virus is on my phone ?how will I be able to remove it.

  2. Anonymous says:

    I had this show up from the US Department of Defense saying i had to pay 450 dollars. I started freaking out thinking i did something wrong. Restoring my computer right now, hope it works

  3. Anonymous says:

    My question is if y’all know about it how come they haven’t found parties responsible and lock them up?

  4. Anonymous says:

    I removed this by (1) booting a UBCD disk then (2) deleting the flashapp files that were recently added to the windows/system32 folder. Rebooted and it was gone.

  5. Anonymous says:

    i got it last night, thankfully i happened to stumble onto this page while trying to research if or not it was a violation of rights. malwarebytes picked up over 40 files that avg missed! MANY THANKS to you, and to the security pro’s at malwarebytes.

  6. Anonymous says:

    BTW – I’m almost 100% postive I got it while downloading NFL Clipart. The last time I got a virus it was from Clipart as well. You just never know I guess

  7. Anonymous says:


  8. Pete says:

    Ugh, now I can’t delete the file because: “The action can’t be completed because the file is open in Windows host process (Rundll32)” It also seemed to erase many settings (cookies?) from different websites.

    • Sean Doyle says:

      Ctrl+Shit+Esc > Processes tab and kill it. Erasing cookies is fine, it’s actually good.

      • Pete says:

        no, the Task Manager would not operate. Malwarebytes software fixed it all now. BTW, while it was scanning, it made 3 attempts at something outgoing. Trying to infect others I assume (iexplore).

        • Sean Doyle says:

          iexplore.exe is a an Internet Explorer file as well as a very common name which many malware infectoins use. Most likely if a bugged process occurred, some sort of connection to the internet was trying to be accomplished.

  9. Pete says:

    My infestation prevented the task manager from working. I was only able to get to my desktop by forcing shutdown and quickly cancelling when it tried to shut down a background program.

    I tried to manually remove the “ctfmon” program from my startup directory, but it replicates it as fast as I can delete it. The same happened with a c prompt. So then I followed the %userprofile% instructions above. I did not find any “rool” file, but I did find “install_0_msi.exe”. I’ll try to delete that then return to the %appdata% procedure above. I think I’ll go buy software.

    • Sean Doyle says:

      If you do not want to purchase software, and without knowing the details of your issue, I suggest a system restore. Window’s automatically creates restore points. If you are unfamiliar, check it out!

      • Anonymous says:

        I totally freaked out when I saw this virus in my computer. Now I will try to get rid of it with these instructions. Just one question… how did I possibly get it? I just connected with a new company hours before it showed up. The sites I visited were: google, facebook, google maps, amazing race site and I downloaded a Flayer Player update… I wish I could tell if the it was a fake update… I was in a hurry and did not make sure if it was truly from Adobe… :( How do people get this virus? Thanks a lot for your answer and these instructions.

        • Sean Doyle says:

          I can’t certainly diagnose where the infection was contracted or in what exact time table it occurred on your system but there are many infected websites around the internet which contain malware.
          If that was your order of process (Google, FB, etc) while utilizing your new connection, the Flash Player update may be a red flag… though Adobe did release a new update on the 21st of August (version 11.4.402.265).

      • Pete says:

        Restore was turned off. I can’t imagine I had it that way (but maybe I did). I assume it turned that off as well. It did all kinds of things.

        • Sean Doyle says:

          Rarely have I noticed restore points being removed in association with ransomware.
          Sometimes restore points are removed if a restore was successful or not completed correctly (in which Windows will notify you it was unsuccessful/not a human error).

          If you want to discuss details in depth feel free to email me

          I would actually like to see your Malwarebytes log if you do not mind. It may help others.

  10. Anonymous says:

    Thank you so much! Youre the best!

  1. October 16, 2012

    […] How To Remove The United States Cyber Security Department of … […]

Leave a Reply

Your email address will not be published.