United States Courts (MoneyPak Malware)

Fake United States Courts that locks the computer and demands for money to unlock it is part of malware group. This fake warning normally appears on the screen after a Trojan known as Urausy have entered the computer. The main goal of this Trojan is to show warnings on the screen to make you think that authorities are chasing you for committing online offense.

There are a number of ways how attacker deploys a copy of United States Courts virus. Primary method is through drive-by-download, in which script and the harmful code is hosted on a web page. Upon visiting the page, script will run to download and install United States Courts into your computer. Next, Fake update on Java may lead you to acquire this malware. It is in disguise of the update package that may appear on the system tray of Windows. We highly suggest that you proceed to developer’s web site if you need to run an update. As much as possible, never click on warnings that may appear on the task bar. Email is another transmission method used to spread the fake United States Courts warning. Attackers are mass-mailing an email with attractive subject and used a convincing message to force you into opening the attached file. Executing the attachment likewise install the malware.

When United States Courts malware is installed on the computer, it will override the desktop with a fake warning stating some of the online crimes you have committed. It is more of an accusation rather than statement. If wants you to pay $300 as penalty. Also, paying the amount through MoneyPak code may unlock your computer.

If you want to remove United States Courts MoneyPak virus without getting through this MoneyPak scam, all you need is to remove the malware. Our procedures below will guide you to delete all the data that it has dropped on the PC. We also include free tools that you may use to clean the computer and get rid of the virus.

Screenshot Image:

United States Courts Moneypak


United States Courts Removal Procedures

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Option 1 : Please use this recommended tool to remove the virus.

First thing you should do is reboot the computer in Safe Mode with Networking to avoid United States Courts from loading at start-up.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

To start Windows in Safe Mode with Networking, please do the following:

1 Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer.

Boot in Safe Mode with Networking on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode with Networking.

Start computer in Safe Mode with Networking using Windows 8
a) Before Windows begins to load, press Shift and F8 on your keyboard.
b) On Recovery interface, click on 'See advanced repair options'.
c) Next, click on Troubleshoot option.
d) Then, select Advanced options from the list.
e) Lastly, please choose Windows Startup Settings and click on Restart. When Windows restarts, you will be send to a familiar Advanced Boot Options screen.
f) Select Safe Mode with Networking from the selections menu.


2 Once the computer boots into Safe Mode with Networking, download the Removal Tool and save it on your Desktop or any location on your PC.

Download Tool

3 When finished downloading, locate and double-click on the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.

4 Follow the prompts and install with default configuration.

5 Before the installation completes, check prompts that software will run and update on itself.

6 Click Finish. Program will run automatically and you will be prompted to update the program before doing a scan. Please download needed update.

7 When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.

8 Scanning may take a while. When done, click on Show Results.

9 Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to United States Courts.

10 Finally, restart your computer.

Note: If United States Courts prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware. You may skip Option 2 and proceed to Additional Scans below if you see that the steps above have totally removed the malware.

Option 2 : Remove United States Courts instantly with this Rescue Disk

This procedure requires a tool from Kasperky. Thus, it requires Internet access to download the files. If the virus blocks your Internet access, you have no other choice but to execute this guide from another computer.

Download Kaspersky Rescue Disk

1 Download the ISO image of Kaspersky Rescue Disk 18 (krd.iso) from official web page.

2 Download the Rufus tool as provided by Kasperky.

Follow the procedures to create a bootable USB drive for Kaspersky Rescue Disk using the Rufus tool.

Boot The Computer From The USB Kaspersky Rescue Disk 10

3 Since United States Courts uses a rootkit Trojan that controls Windows boot functions, we need to reboot the computer and select the newly created Kaspersky USB Rescue Disk as first boot option. On most computers, it will allow you to enter the boot menu and select which device or drives you wanted to start the PC. Refer to your computer manual.

4 If you successfully enters the boot menu, choose the USB flash drive. This will boot the system on Kaspersky Rescue Disk. Press any key to enter the menu.

5 If it prompts for desired language, use arrow keys to select and then press Enter on your keyboard.

6 It will display End User License Agreement. You need to accept this term to be able to use Kaspersky Rescue Disk 10. Press 1 to accept.

7 The tool will prompt for various start-up methods. We highly encourage you to choose Kaspersky Rescue Disk Graphic Mode.

Remove United States Courts Using Windows Unlocker

8 Once the tool is running, you need to run WindowsUnlocker in order to delete registry that belongs to United States Courts. On start menu located at bottom left corner of your screen, select the K icon or select WindowsUnlocker if it is present on the Menu.

9 Select Terminal from the list. A command prompt will open.

Run Terminal on Rescue Disc

10 Type windowsunlocker and press Enter on your keyboard.

Command for Windows Unlocker

11 From the selection, choose 1 - Unlock Windows to remove United States Courts. Use up/down arrow on keyboard to select and press Enter.

Windows Unlocker

12 This utility will start removing any components that blocking you from accessing the computer. It will display a log file containing actions performed on the infected computer like deleted infected file and removed registry entries.

13 After removing components of United States Courts. You need to scan the system using the same tool. On start menu, select Kaspersky Rescue Disk.

Kaspersky Rescue Disk Scanner

14 Be sure to update the program by going to My Update Center tab. Click on Start update.

15 After the update, go to Object Scan tab and thoroughly scan the computer to locate other files that belong to United States Courts.

16 Restart the computer normally when done.

Additional anti-virus and anti-rootkit scans (Optional)

Ensure that no more files of United States Courts are left inside the computer

1 Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

2 Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.

3 Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.

4 On NPE main window, click on Advanced. We will attempt to remove United States Courts components without restarting the computer.

Advance Scan

5 On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

6 NPE will proceed with the scan. It will search for trojans, viruses, and malware malware like United States Courts. This may take some time, depending on the number of files currently stored on the computer.

7 When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.

Remove the Rootkit Trojan that installs United States Courts

For automatic removal of rootkit Trojan using a free tool, you can refer to this guide. Download the tool and carefully follow the instruction.

1 Click on the button below to download the file FixZeroAccess.exe from official web site. A new window or tab will open containing the download link.

ZeroAccess Fix Tool

2 Close all running programs and remove any disc drives and USB devices on the computer.

3 Temporarily Disable System Restore if you are running on Windows XP). [how to]

4 Browse for the location of the file FixZeroAccess.exe.

5 Double-click on the file to run it. If User Account Control prompts for a security warning and ask if you want to run the file, please choose Run.

6 It will open a Zero Access Fix Tool End User License Agreement (EULA). You must accept this license agreement in order to proceed with rootkit removal. Please click I Accept.

7 It will display a message and prepares the computer to restart. Please click on Proceed.


8 When it shows a message about 'Restarting System' please click on OK button.

9 After restarting the computer, the tool will display information about the identified threats. Please continue running the tool by following the prompts.

10 When it reaches the final step, the tool will show the scan result containing deleted components of United States Courts and other identified virus.

Alternative Removal Procedure for United States Courts

Use Windows System Restore to return Windows to previous state

During an infection, United States Courts drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.


Open System Restore on Windows 8 and Windows 10

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.


If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.


Is United States Courts Dangerous?

Yes, United States Courts can badly affect your computer and slow down its performance and usability.

Can I Remove United States Courts from my Computer?

Yes, United States Courts can be removed by downloading our recommended antivirus software and scanner.

How Easy is it to Remove United States Courts Virus?

Nearly all paid antivirus scanners and removal tools should help remove the United States Courts virus from your computer.

Once I remove United States Courts do I still need antivirus?

Yes, new viruses such as United States Courts are created everyday and the only way to stay 100% protected is to use antivirus on your device.


About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing precisesecurity.com. Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.

Leave a Comment

Your email address will not be published. Required fields are marked *