Severity scale  
  (100/100)

FBI virus. How to Remove? (Uninstall Guide)

removal by - -   Also known as Screen Locker | Type: Ransomware
12

After years of infecting PC users, FBI virus is still active in 2017

FBI virus is a malicious virus which belongs to "ransomware"[1] category. However, it does not encrypt people's files using AES and similar encryption systems like typical crypto-malware. All what it does is locking the browser down and displaying a ransom note telling the victim that he or she was locked due to some law violation. FBI virus was firstly noticed in 2012.[2] Four years later, it keeps spreading around and poses a serious danger to PC users.

Just like its first versions, this sneaky malware gets into the target computer with a help of Trojan.LockScreen. As soon as it gets inside, Screen Locker locks the desktop and presents a screen with the "FBI Federal Bureau Investigation", "CIA Special Agent", and similar badges. This aggressively-designed alert claims that the computer was blocked due to the Copyright and Related Rights Law violation or other reason that seems convincing. Unfortunately, if you found yourself blocked by a program which claims that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you are infected with ransomware. Beware that it can infect both, Windows OS and Android operating system. This version is known as Android ransomware. No matter what was declared by FBI several years ago,[3], you must ignore the alert caused by FBI ransomware and do NOT even think about paying the fine. Keep in mind that this program belongs to hackers who are seeking just to swindle your and other people's money. If infected, remove FBI virus immediately after detection! Otherwise, you can run into further problems. 

How can I get infected?

This infection has been using various methods to infiltrate target PC systems. As we have already mentioned, it spreads with the help of Trojan.LockScreen which can get into the system using various techniques. Of course, spam is considered one of the main methods used by this Trojan horse[4] for infiltrating computers. However, it can also infect you after downloading the illegal program (illegal game, crack, etc.) or after clicking the infected popup. Beware that the most of such popups claim that the victim needs to update the Adobe Flash Player or similar program. Make sure you ignore such offers for your own good. Otherwise, you will be forced to think about FBI virus removal.

To avoid FBI virus infiltration, you need to take care of your computer's security. If you don't use any security software or if you fail to update such software, you can increase the chances of getting infected with this.[5] Of course, you must always think about safe browsing practices.[6] The biggest issue, which is caused by this ransomware, is that it has an ability to block the system and locks down all your programs, including anti-virus software. In order to launch it, you should try rebooting your computer to Safe Mode with Networking or try System Restore feature that could help you disable FBI virus. According to hackers, you should pay the fine through MoneyPak or other pre-payment systems. Of course, you should never do that if you don't want to support those scammers who are collecting these fines.

Fbi virus versions

FBI Moneypak: This ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is accused for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100 fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.

FBI Green Dot Moneypak Virus: This ransomware locks the whole system down and displays a fake alert with FBI, Moneypak and McAfee logos. A miselading message, which belongs to this threat, claims that Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.

FBI Virus Black Screen: This ransomware from the FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen and system's lock down. It will similarly claim that you have been caught for law violations and will accuse you for visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.

FBI Online Agent: This ransomware also uses the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse victim for committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of the terrorism into the list of the crimes that are reported into this misleading warning.

FBI Cybercrime Division virus: That's the dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos.

FBI PayPal virus: This ransomware is not related in any way to Federal Bureau of Investigation . As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC. In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.

FBI Department of Defense virus: This is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer. The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!

White Screen FBI virus: This is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly. However, you may also receive a huge warning from FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore warning that belongs to White Screen FBI virus and never pay any money or provide any personal information.

FBI Computer Crime and Intellectual Property Section virus: This is a dangerous ransomware that occupies entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons. Just like previous versions, it claims that computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.

FBI System Failure virus: FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine. This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such warning, you must ignore it and use anti-malware software to remove malicious files from the system.

How can I remove FBI virus?

In order to remove FBI virus from your computer, you should firstly unlock it. Depending on the type of your virus (you can be infected with Crypto-malware, ScreenLocker, ransomware, etc.), you should try methods that are provided below. Of course, the first step that you should make is trying to launch your security software. If you don't have such, we highly recommend using Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware for FBI virus removal. To disable this malware, you can use one of these tricks:

  1. Take another computer to download Reimage or PlumbytesWebroot SecureAnywhere AntiVirus;
  2. Update the program and transfer it to the USB drive or a simple CD;
  3. In the meanwhile, reboot your infected computer to Safe Mode with Command Prompt;
  4. Stick the USB drive into it and launch your anti-virus;
  5. Run a full system scan and complete FBI virus removal.

UPDATE: Beware of the new versions of FBI virus known as FBI Green Dot Moneypak virus, FBI Virus Black Screen and FBI Online Agent! They are designed to get more money from the target computer users, so they are asking $200 in a form of fine. The ransom should be payed through MoneyPak prepayment system. To remove these versions completely, run a full system scan with updated anti-virus/anti-malware program. In order to unlock your PC, use the steps given above and follow additional information:

* Users infected with FBI virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable of launching anti-malware program.

* Try to deny the Flash to make your ransomware stop. In order to disable the Flash, go to Macromedia support page and select "Deny": http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual FBI virus removal:

  1. Reboot you infected PC to "Safe mode with command prompt" to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining files.

The video guide given below shows how to remove FBI virus. However, there might be some differences in its removal because of different systems and versions of the parasite. Use the auto-removal process to remove the infection easily.

UPDATE2: FBI virus has been updated - several years ago it started blocking Android devices and has already attacked LG Smart TV.[7] It acts just like Windows version: FBI android virus locks the screen of the device and displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by FBI android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.

FBI virus video guide



It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall FBI virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall FBI virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2017-03-29 01:41)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2017-03-29 01:41)
Hitman Pro
Webroot SecureAnywhere AntiVirus

References

FBI virus screenshot

FBI virus manual removal

Kill processes:
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe
jork_0_typ_col.exe
vsdsrv32.exe
Protector-[rnd].exe
Inspector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%\FBI Moneypak Virus
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%AppData%\vsdsrv32.exe
%AppData%\result.db
%AppData%\jork_0_typ_col.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[random].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe

Method 1. Remove FBI using Safe Mode with Networking

If FBI virus infected your Windows OS, you can unlock your computer with the help of methods that are given above. If they do not help you, try rebooting your PC to Safe Mode with Networking.

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove FBI

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete FBI removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove FBI using System Restore

To disable FBI virus, you can use System Restore method as well. For that, you need to follow these steps:

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that FBI removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Linas Kiguolis
Linas Kiguolis - Expert in fighting against malware, viruses and spyware

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Geolocation of FBI virus

Map reveals the prevalence of FBI virus. Countries and regions that have been affected the most are: United States, Indonesia, India, Canada and Mexico.

Removal guides in other languages


Information updated:

Comments on FBI virus

1
0
Adrian
FBI Whitescreen... Completely locked out while my daughter was on facebook. Already corrupted startup and I cant go into safemode. Is my laptop trash now?
0
0
Look
If this happens turnoff your phone and turn it back on. As soon as it opens unlock it go to your administrator drive or your storage whatever you want to call it immediately. There delete the apk. That has a suspicious name as said above.
0
0
denise
Hi I have a samsung galaxy s6 and an FBI virus scam is on my screen demanding 500$ or they will notify my contacts. I have contacted the FBI and they assured me that this is a scam. However, I am unable to get this off my screen. I am only able to turn off my phone. When it reboots it asks for a code. I dont have that unlock code. And I pray that ... thaT is all that is needed to remove this darn thing. PLEASE HELP ME
0
0
william newton Lee
why would my neibors want to hack my book reader or my posts on line? in douglas arizona
0
0
ce
If i reset my tablet and do a new account will it go away. Plz reply
0
0
ce
This happend to my android tablet but it didnt log me off what does this mean...plz help im so scared
0
0
rowdg
how to unlock rca tabletwth fbi virus on it
0
0
cc
How can I get it out of a Kindle
0
0
aaliyah
thank you the unstalling worked
2
1
syed
Please can anyone help me.. My HTC616 is affected with FBI virus and ask me to pay $500. I have restarted my time with and without memorycard. Please give solution or drop me an email at syed097@yahoo.co.in
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)