FBI virus is a sneaky malware, which can get into its target computer undetected with a help of Trojan.LockScreen. As soon as it gets inside, this scamware presents itself as 'The FBI Federal Bureau Investigation' and shows an aggressively-designed alert. This alert claims that computer is blocked regarding to the Copyright and Related Rights Law violation and other seriously-looking reasons. Unfortunately, if you found yourself blocked by a program, which tells that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you must ignore such alert. That's because it means that your PC is infected. Remember, this program is distributed by scammers only for swindling your and other people's money, so you must remove FBI virus immediately after detection! Beware that security experts expect this group of ransomware to grow and improve in the future..
HOW CAN FBI VIRUS INFECT MY COMPUTER?
This infection gets inside the system through security vulnerabilities that appear as soon as people forget to take care of their computers' security. If you don't use security software or don't update it, you can also run into this virus one day. Of course, you must always think about safe browsing and avoid suspicious downloads that are actively offered on the Internet right now. The biggest issue, which is caused by this ransomware, is that it has ability to block the system, 'lock' it down and disable all programs that are kept on it. In order to 'unlock' it, FBI virus offers to pay the fine through MoneyPak or other prepayment systems. Of course, as you must have already understood, you must never pay this $100 fine if you don't want to support those scammers who are collecting these fines.
FBI VIRUS VERSIONS:
FBI Moneypak: This ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is accused for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100 fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.
FBI Green Dot Moneypak Virus: This ransomware locks the whole system down and displays a fake alert with FBI, Moneypak and McAfee logos. A miselading message, which belongs to this threat, claims that Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.
FBI Virus Black Screen: This ransomware from the FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen and system's lock down. It will similarly claim that you have been caught for law violations and will accuse you for visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.
FBI Online Agent: This ransomware also uses the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse victim for committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of the terrorism into the list of the crimes that are reported into this misleading warning.
FBI Cybercrime Division virus: That's the dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos.
FBI PayPal virus: This ransomware is not related in any way to Federal Bureau of Investigation . As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC. In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.
FBI Department of Defense virus: This is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer. The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!
White Screen FBI virus: This is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly. However, you may also receive a huge warning from FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore warning that belongs to White Screen FBI virus and never pay any money or provide any personal information.
FBI Computer Crime and Intellectual Property Section virus: This is a dangerous ransomware that occupies entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons. Just like previous versions, it claims that computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.
FBI System Failure virus: FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine. This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such warning, you must ignore it and use anti-malware software to remove malicious files from the system.
HOW CAN I REMOVE FBI VIRUS?
In order to remove FBI virus, you should firstly unlock your computer. For that, we recommend using another PC that has an Internet connection and following the steps listed bellow:
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with virus once more and run a full system scan.
UPDATE: Be aware about the new versions of FBI virus, that are called FBI Green Dot Moneypak virus, FBI Virus Black Screen and FBI Online Agent. They have been clearly designed to get more money from its victims, so they show a warning asking $200, not $100, to be payed through MoneyPak prepayment system. To remove these versions completely, run a full system scan with updated anti-virus/anti-malware program. In order to unlock your PC, use the steps given above and follow additional information:
* Users infected with FBI group of viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual FBI virus removal:
- Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage to remove remaining files.
This video guide shows how to remove FBI virus. However, there might be some differences in its removal because of diffrent systems and versions of the parasite. Use the auto-removal process to remove the infection easily.
UPDATE2: FBI virus has just been updated - now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:
1. Reboot your Android device into Safe Mode:
- Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
- Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.
If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.
2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):
- When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
- Here, look for previously mentioned malicious app(s) and uninstall all of them.
If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by FBI android virus or follow these steps:
- Go to Settings -> Security. Here, select Device administrators.
- Here, look for previously mentioned malicious app(s) and uncheck it
- In order to finish the removal of FBI Android virus, select Deactivate and OK.
FBI virus video guide
FBI virus manual removal
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
%Program Files%\FBI Moneypak Virus
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
Geolocation of FBI virus
Removal guides in other languages
Comments on FBI virus
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.