FBI virus is a screen-locking malware that tries to extort money out of victims for the alleged illegal activities
FBI virus is a type of malware that demands payment for the release of the device which can reach 500USD
Questions about FBI virus
FBI virus is a cyber-threat which belongs to ransomware category. However, it does not encrypt personal data as Locky or other malware does. Instead, it locks up the screen and displays a bogus message which explains, that the user has been violating the law in one way or another. Hackers threaten victims that the computer has been locked by the FBI or CIA, and the only way to recover the control of the machine is by paying between $100 and $500 using MoneyPak or similar service. There are several versions of this cyber threat, and the various AV engines recognize if under different names.
|Type||Ransomware / screen-locker|
|Systems affected||Windows computers, Android devices, iOS devices|
|AVs detect under these names||
|Distribution||Spam emails, malicious websites, torrent sites, etc.|
|Symptoms||Locked screen or browser, demands of paying “fine,” etc.|
|Elimination||Download and install Reimage Reimage Cleaner Intego; check other instructions below|
FBI Warning Virus was firstly noticed in 2012. Six years later, it keeps spreading around and poses a serious danger to PC users as well as Android and iOS users.
Just like its first versions, this sneaky malware gets into the target computer with the help of Trojan.LockScreen. As soon as it gets inside, Screen Locker locks the desktop and presents a screen with the “FBI Federal Bureau Investigation”, “CIA Special Agent”, and similar badges.
This aggressively-designed alert claims that the computer was blocked due to the Copyright and Related Rights Law violation or other reason that seems convincing. Below you can see a list of crimes that victims of the FBI Warning virus are typically accused of:
- Attempts to access prohibited pornographic content;
- Neglectful use of personal computer;
- Attempts to download MP3s, movies, and software illegally;
Unfortunately, if you found yourself blocked by a program which claims that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you are infected with ransomware.
Beware that it can infect Windows, iOS and Android operating systems (this version is known as Android ransomware). No matter what was declared by the FBI several years ago,, you must ignore the alert caused by FBI ransomware and do NOT even think about paying the fine.
Keep in mind that this program belongs to hackers who are seeking just to swindle your and other people's money. If infected, remove FBI virus immediately after detection! Otherwise, you can run into further problems. Since the virus actively rampages in Germany, we invite German-speaking users to check guidelines provided on Dieviren.de page.
UPDATE: Beware of the new versions of FBI virus known as FBI Green Dot Moneypak virus, FBI Virus Black Screen and FBI Department of Defense virus! They are designed to extort money from computer users, so they are asking to pay a fine while accusing the PC user of illegal activities.
Malware can also affect Android and iOS devices
If you become a victim, keep in mind that these malicious programs only seek to scare you and that they display the same text for every user who accidentally installs malware on their computers.
Close the common infiltration paths to keep malware away
This infection has been using various methods to infiltrate target PC systems. As we have already mentioned, it spreads with the help of Trojan.LockScreen which can get into the system using various techniques. Of course, spam is considered one of the main methods used by this Trojan horse for infiltrating computers.
However, it can also infect you after downloading the illegal program (illegal game, crack, etc.) or after clicking the infected popup. Beware that most of such popups claim that the victim needs to update the Adobe Flash Player or similar program. Make sure you ignore such offers for your own good. Otherwise, you will be forced to think about FBI virus removal.
To avoid FBI virus infiltration, you need to take care of your computer's security. If you don't use any security software or if you fail to update such software, you can increase the chances of getting infected with this. Of course, you must always think about safe browsing practices.
The biggest issue, which is caused by this ransomware, is that it has an ability to block the system and locks down all your programs, including anti-virus software. In order to launch it, you should try rebooting your computer to Safe Mode with Networking or try System Restore feature that could help you disable FBI virus.
According to hackers, you should pay the fine through MoneyPak or other pre-payment systems. Of course, you should never do that if you don't want to support those scammers who are collecting these fines. Instead, you should try to eliminate the virus using the instructions added at the end of this article or using special malware removal software such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes.
FBI virus was detected in 2012. Five years later it keeps posing the same danger to computer users
Malicious software using FBI theme to frighten users
FBI Moneypak ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is allegedly blamed for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100 fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.
FBI Green Dot Moneypak virus
FBI Green Dot Moneypak virus locks the whole system down and displays a fake alert with FBI, Moneypak, and McAfee logos. A misleading message, which belongs to this threat, claims that the Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.
FBI virus Black screen
FBI Virus Black Screen is hailing from the same FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen, and locks down the whole system. Additionally, it claims that you have been caught for law violations and will accuse you of visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.
FBI Online agent
FBI Online Agent is ransomware which is also using the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse the victim of committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of terrorism into the list of the crimes that are reported into this misleading warning.
FBI Cybercrime Division virus demands 300USD for file release
FBI Cybercrime Division virus
FBI Cybercrime Division virus is a dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos.
FBI PayPal virus
FBI PayPal virus is not related to the Federal Bureau of Investigation in any way. As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC.
In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, the FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.
FBI Department of Defense virus
FBI Department of Defense virus is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of the USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer.
The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!
White Screen virus
White Screen FBI virus is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly.
However, you may also receive a huge warning from the FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore the warning that belongs to the White Screen FBI virus and never pay the money required by hackers or provide any of your personal information.
FBI Computer Crime and Intellectual Property Section virus
FBI Computer Crime and Intellectual Property Section virus is a dangerous ransomware that occupies the entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons.
Just like previous versions, it claims that the computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of the USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.
FBI System Failure virus
FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine.
This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such a warning, you must ignore it and use anti-malware software to remove malicious files from the system.
Fake Pornhub App ransomware virus
Fake Pornhub App ransomware virus is a malicious software was first discovered by a researcher Michael Gillespie. The screen-locking virus disguised itself as a fake Pornhub app, and as a consequence, people looking for erotic visual content were tricked into installing malware instead of the popular adult-content app. Once installed, this version of Android ransomware quickly locks the device, preventing the user from using it.
Considering that the victim just installed an app for adults, the message displayed on the screen might appear more scary and realistic than it actually is. The message states that “Federal Bureau of Investigation, Department of Justice” scanned the device and detected suspicious files as well as attempts to enter forbidden websites. As a consequence, the user has to pay $500 fine within three days.
Clearly, it is a scam. You should remove pornhub.apk as soon as possible. The researcher who discovered the virus suggests that the victim might have to reset the device entirely and restore it from a backup in order to continue using it.
Remove FBI virus from a compromised computer
In order to remove FBI virus from your computer, you should firstly unlock it. Depending on the type of your virus (you can be infected with Crypto-malware, ScreenLocker, ransomware, etc.), you should try methods that are provided below. Almost in all cases, it is required to reboot the device into Safe Mode with Networking. Of course, the first step that you should make is trying to launch your security software. If you don't have such, we highly recommend installing Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes for FBI virus removal.
If you want to remove FBI Warning virus without entering Safe Mode, you can use System Restore function instead (as explained below).
Remove FBI virus from Android, iPhone or iPad
FBI virus has been updated – several years ago it started blocking Android devices and has already attacked LG Smart TV. It acts just like Windows version: FBI android virus locks the screen of the device and displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine!
In addition, scammers started to release versions for iPhone users, so we have also prepared a guide on how to remove the virus from iOS devices.
If your Android phone was blocked, you should follow these steps. The following directions also explain how to get rid of FBI virus on the tablet.
Instructions on how to remove FBI virus from Android
1. Reboot your Android device into Safe Mode:
- Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
- Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.
If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.
2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):
- When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
- Here, look for the previously mentioned malicious app(s) and uninstall all of them.
If this failed, enter a random, 15 digit length, code of imaginary MoneyPak express Packed voucher that is asked by FBI android virus or follow these steps:
- Go to Settings -> Security. Here, select Device administrators.
- Here, look for the previously mentioned malicious app(s) and uncheck it
- In order to finish the removal of FBI Android virus, select Deactivate and OK.
Remove FBI virus from iPhone or iPad
FBI virus on iPhone? Not a problem. If you encountered a fake police warning on iPhone, follow these instructions to clean your device:
- Go to Settings. Here, find Safari app and tap on it.
- Scroll to the bottom of Safari settings panel and tap Advanced.
- Select Website Data, then scroll to the bottom again and select Remove All Website Data.
- Tap again to confirm the removal of website data. Your iPhone or tablet should be FBI virus-free.
To remove FBI virus, follow these steps:
Remove FBI using Safe Mode with Networking
If FBI virus infected your Windows OS, you can unlock your computer with the help of methods that are given below. If they do not help you, try rebooting your PC to Safe Mode with Networking (see instructions with explanatory screenshots below).
- Users infected with the FBI virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable of launching the anti-malware program.
- Try to deny the Flash to make your ransomware stop. In order to disable the Flash, go to Macromedia support page and select Deny: See how to do it here. After doing that, run a full system scan with anti-malware program.
Manual FBI virus removal:
- Reboot your infected PC to “Safe mode with command prompt” to disable FBI virus (this should be working with all versions of this threat);
- Run Regedit;
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe;
- Search the registry for these files you have written down and delete the registry keys referencing the files;
- Reboot and run a full system scan with updated Reimage Reimage Cleaner Intego to remove remaining files.
Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- Select Safe Mode with Networking from the list
Windows 10 / Windows 8
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Step 2: Remove FBI
Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete FBI removal.
If your ransomware is blocking Safe Mode with Networking, try further method.
Remove FBI using System Restore
To disable FBI virus, you can use System Restore method as well. For that, you need to follow these steps:
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI. After doing that, click Next.
- Now click Yes to start system restore.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.
The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login.
VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.