FBI virus is a sneaky malware, which mostly gets inside its target computer undetected with a help of Trojan.LockScreen. As soon as it gets inside, this scam presents about itself for the victim as 'The FBI Federal Bureau Investigation' and shows an aggressively-designed alert that claims that computer is blocked because of the Copyright and Related Rights Law violation or other reason. However, if you find yourself blocked by a program, which tells that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware to other computers, you must ignore such alert first of all and remove FBI virus immediately! This program is distributed by scammers to swindle the money. Be aware that security experts expect this group of ransomware to grow and improve..
HOW CAN I GET INFECTED WITH FBI VIRUS?
This infection gets inside the system through security vulnerabilities found when user visits infected websites or downloads infected files. These security holes appear as soon as you forget to take care of your computer's security and don't use security software or don't update it. Of course, you must always think about safe browsing and avoid suspicious downloads that are actively offered on the Internet right now. The biggest issue, which is caused by this ransomware, is that similarly to its earlier versions, it completely blocks its victim's computer, 'locks' it and disables all the programs found there. In order to 'unlock' the system, FBI virus shows its warning and requires to pay the fine through MoneyPak. However, you must have already understood that you must never pay this $100 fine if you don't want to help for the scammers who are collecting these fines.
FBI VIRUS VERSIONS:
FBI Moneypak: This ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is accused for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100 fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.
FBI Green Dot Moneypak Virus: This ransomware locks the whole system down and displays a fake alert with FBI, Moneypak and McAfee logos. A miselading message, which belongs to this threat, claims that Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.
FBI Virus Black Screen: This ransomware from the FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen and system's lock down. It will similarly claim that you have been caught for law violations and will accuse you for visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.
FBI Online Agent: This ransomware also uses the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse victim for committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of the terrorism into the list of the crimes that are reported into this misleading warning.
FBI Cybercrime Division virus: That's the dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos.
FBI PayPal virus: This ransomware is not related in any way to Federal Bureau of Investigation . As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC. In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.
FBI Department of Defense virus: This is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer. The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!
White Screen FBI virus: This is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly. However, you may also receive a huge warning from FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore warning that belongs to White Screen FBI virus and never pay any money or provide any personal information.
FBI Computer Crime and Intellectual Property Section virus: This is a dangerous ransomware that occupies entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons. Just like previous versions, it claims that computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.
FBI System Failure virus: FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine. This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such warning, you must ignore it and use anti-malware software to remove malicious files from the system.
HOW CAN I REMOVE FBI VIRUS?
In order to remove this virus, you should unlock your computer first of all. For that, we recommend using another PC that has an Internet connection and the steps listed bellow:
1. Take another machine and use it to download SpyHunter or other reputable anti-malware program. You can also try downloading STOPzilla or Malwarebytes Anti Malware.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with virus once more and run a full system scan.
UPDATE: Be aware about the new versions of FBI virus, that are called FBI Green Dot Moneypak virus, FBI Virus Black Screen and FBI Online Agent. They have been clearly designed to get more money from its victims, so they show a warning asking $200, not $100, to be payed through MoneyPak prepayment system. To remove these versions completely, run a full system scan with updated anti-virus/anti-malware program. In order to unlock your PC, use the steps given above and follow additional information:
* Users infected with FBI group of viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual FBI virus removal:
- Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated SpyHunter to remove remaining files.
This video guide shows how to remove FBI virus. However, there might be some differences in its removal because of diffrent systems and versions of the parasite. Use the auto-removal process to remove the infection easily.
FBI virus manual removal:
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
%Program Files%\FBI Moneypak Virus
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
Modern viruses are really hard to remove. They have random file names, random registry entries, they can immitale legal products and files.
Removal instructions sometimes can't Help to remove infection manually. Please take a look at our discussion where users like you share they experience in fighting the parasite: