Fbi Virus. 11 versions listed. Removal guide included

FBI virus Removal Guide

What is FBI virus?

FBI virus is a screen-locking malware that tries to extort money out of victims for the alleged illegal activities

Versions of FBI virusesFBI virus is a type of malware that demands payment for the release of the device which can reach 500USD

FBI virus is a cyber-threat which belongs to ransomware[1] category. However, it does not encrypt personal data as Locky or other malware does. Instead, it locks up the screen and displays a bogus message which explains, that the user has been violating the law in one way or another. Hackers threaten victims that the computer has been locked by the FBI or CIA, and the only way to recover the control of the machine is by paying between $100 and $500 using MoneyPak or similar service. There are several versions of this cyber threat, and the various AV engines recognize if under different names.

Name FBI virus
Type Ransomware / screen-locker
Systems affected Windows computers, Android devices, iOS devices
AVs detect under these names
  • Trojan/Win32.Reveton (Microsoft Windows)
  • Win32:LockScreen (Avast!)
  • Trojan:W32/Revton (F-Secure)
  • Trojan-Ransom.Win32.Urausy (Kaspersky)
  • Trojan.Winlock (Panda)
Demanded payment $100-$500
Distribution Spam emails, malicious websites, torrent sites, etc.
Symptoms Locked screen or browser, demands of paying “fine,” etc.
Elimination Download and install FortectIntego; check other instructions below

FBI Warning Virus was firstly noticed in 2012.[2] Six years later, it keeps spreading around and poses a serious danger to PC users as well as Android and iOS users.

Just like its first versions, this sneaky malware gets into the target computer with the help of Trojan.LockScreen. As soon as it gets inside, Screen Locker locks the desktop and presents a screen with the “FBI Federal Bureau Investigation”, “CIA Special Agent”, and similar badges.

This aggressively-designed alert claims that the computer was blocked due to the Copyright and Related Rights Law violation or other reason that seems convincing. Below you can see a list of crimes that victims of the FBI Warning virus are typically accused of:

  • Attempts to access prohibited pornographic content;
  • Neglectful use of personal computer;
  • Attempts to download MP3s, movies, and software illegally;
  • Bulk-spamming.

Unfortunately, if you found yourself blocked by a program which claims that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you are infected with ransomware.

Beware that it can infect Windows, iOS and Android operating systems (this version is known as Android ransomware). No matter what was declared by the FBI several years ago,[3], you must ignore the alert caused by FBI ransomware and do NOT even think about paying the fine.

Keep in mind that this program belongs to hackers who are seeking just to swindle your and other people's money. If infected, remove FBI virus immediately after detection! Otherwise, you can run into further problems. Since the virus actively rampages in Germany, we invite German-speaking users to check guidelines provided on Dieviren.de[4] page.

UPDATE: Beware of the new versions of FBI virus known as FBI Green Dot Moneypak virus, FBI Virus Black Screen and FBI Department of Defense virus! They are designed to extort money from computer users, so they are asking to pay a fine while accusing the PC user of illegal activities.

FBI virus on phonesMalware can also affect Android and iOS devices

If you become a victim, keep in mind that these malicious programs only seek to scare you and that they display the same text for every user who accidentally installs malware on their computers.

Close the common infiltration paths to keep malware away

This infection has been using various methods to infiltrate target PC systems. As we have already mentioned, it spreads with the help of Trojan.LockScreen which can get into the system using various techniques. Of course, spam is considered one of the main methods used by this Trojan horse[5] for infiltrating computers.

However, it can also infect you after downloading the illegal program (illegal game, crack, etc.) or after clicking the infected popup. Beware that most of such popups claim that the victim needs to update the Adobe Flash Player or similar program. Make sure you ignore such offers for your own good. Otherwise, you will be forced to think about FBI virus removal.

To avoid FBI virus infiltration, you need to take care of your computer's security. If you don't use any security software or if you fail to update such software, you can increase the chances of getting infected with this.[6] Of course, you must always think about safe browsing practices.[7]

The biggest issue, which is caused by this ransomware, is that it has an ability to block the system and locks down all your programs, including anti-virus software. In order to launch it, you should try rebooting your computer to Safe Mode with Networking or try System Restore feature that could help you disable FBI virus.

According to hackers, you should pay the fine through MoneyPak or other pre-payment systems. Of course, you should never do that if you don't want to support those scammers who are collecting these fines. Instead, you should try to eliminate the virus using the instructions added at the end of this article or using special malware removal software such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

FBI virus (screenlocker)FBI virus was detected in 2012. Five years later it keeps posing the same danger to computer users

Malicious software using FBI theme to frighten users

FBI Moneypak

FBI Moneypak ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is allegedly blamed for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100 fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.

FBI Green Dot Moneypak virus

FBI Green Dot Moneypak virus locks the whole system down and displays a fake alert with FBI, Moneypak, and McAfee logos. A misleading message, which belongs to this threat, claims that the Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.

FBI virus Black screen

FBI Virus Black Screen is hailing from the same FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen, and locks down the whole system. Additionally, it claims that you have been caught for law violations and will accuse you of visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.

FBI Online agent

FBI Online Agent is ransomware which is also using the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse the victim of committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of terrorism into the list of the crimes that are reported into this misleading warning.

FBI Cybercrime Division virusFBI Cybercrime Division virus demands 300USD for file release

FBI Cybercrime Division virus

FBI Cybercrime Division virus is a dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos.

FBI PayPal virus

FBI PayPal virus is not related to the Federal Bureau of Investigation in any way. As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC.

In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, the FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.

FBI Department of Defense virus

FBI Department of Defense virus is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of the USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer.

The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!

FBI department of Defense virusThis version asks to pay up using MoneyGram service

White Screen virus

White Screen FBI virus is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly.

However, you may also receive a huge warning from the FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore the warning that belongs to the White Screen FBI virus and never pay the money required by hackers or provide any of your personal information.

FBI Computer Crime and Intellectual Property Section virus

FBI Computer Crime and Intellectual Property Section virus is a dangerous ransomware that occupies the entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons.

Just like previous versions, it claims that the computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of the USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.

FBI System Failure virus

FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine.

This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such a warning, you must ignore it and use anti-malware software to remove malicious files from the system.

Fake Pornhub App ransomware virus

Fake Pornhub App ransomware virus is a malicious software was first discovered by a researcher Michael Gillespie. The screen-locking virus disguised itself as a fake Pornhub app, and as a consequence, people looking for erotic visual content were tricked into installing malware instead of the popular adult-content app. Once installed, this version of Android ransomware quickly locks the device, preventing the user from using it.

Considering that the victim just installed an app for adults, the message displayed on the screen might appear more scary and realistic than it actually is. The message states that “Federal Bureau of Investigation, Department of Justice” scanned the device and detected suspicious files as well as attempts to enter forbidden websites. As a consequence, the user has to pay $500 fine within three days.

Clearly, it is a scam. You should remove pornhub.apk as soon as possible. The researcher who discovered the virus suggests that the victim might have to reset the device entirely and restore it from a backup in order to continue using it.

Remove FBI virus from a compromised computer

In order to remove FBI virus from your computer, you should firstly unlock it. Depending on the type of your virus (you can be infected with Crypto-malware, ScreenLocker, ransomware, etc.), you should try methods that are provided below. Almost in all cases, it is required to reboot the device into Safe Mode with Networking. Of course, the first step that you should make is trying to launch your security software. If you don't have such, we highly recommend installing FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes for FBI virus removal.

If you want to remove FBI Warning virus without entering Safe Mode, you can use System Restore function instead (as explained below).

Remove FBI virus from Android, iPhone or iPad

FBI virus has been updated – several years ago it started blocking Android devices and has already attacked LG Smart TV.[8] It acts just like Windows version: FBI android virus locks the screen of the device and displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine!

In addition, scammers started to release versions for iPhone users, so we have also prepared a guide on how to remove the virus from iOS devices.

If your Android phone was blocked, you should follow these steps. The following directions also explain how to get rid of FBI virus on the tablet.

Instructions on how to remove FBI virus from Android

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for the previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak express Packed voucher that is asked by FBI android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for the previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.

Remove FBI virus from iPhone or iPad

FBI virus on iPhone? Not a problem. If you encountered a fake police warning on iPhone, follow these instructions to clean your device:

  1. Go to Settings. Here, find Safari app and tap on it.
  2. Scroll to the bottom of Safari settings panel and tap Advanced.
  3. Select Website Data, then scroll to the bottom again and select Remove All Website Data.
  4. Tap again to confirm the removal of website data. Your iPhone or tablet should be FBI virus-free.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of FBI virus. Follow these steps

Manual removal using Safe Mode

If FBI virus infected your Windows OS, you can unlock your computer with the help of methods that are given below. If they do not help you, try rebooting your PC to Safe Mode with Networking (see instructions with explanatory screenshots below).

  • Users infected with the FBI virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable of launching the anti-malware program.
  • Try to deny the Flash to make your ransomware stop. In order to disable the Flash, go to Macromedia support page and select Deny: See how to do it here. After doing that, run a full system scan with anti-malware program.

Manual FBI virus removal:

  1. Reboot your infected PC to “Safe mode with command prompt” to disable FBI virus (this should be working with all versions of this threat);
  2. Run Regedit;
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe;
  4. Search the registry for these files you have written down and delete the registry keys referencing the files;
  5. Reboot and run a full system scan with updated FortectIntego to remove remaining files.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove FBI using System Restore

To disable FBI virus, you can use System Restore method as well. For that, you need to follow these steps:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that FBI removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

Removal guides in other languages