What is FBI Android virus and how to get rid of it?

What is FBI Android virus and how to get rid of it?If you have ever been infected with FBI virus, you will definitely know how serious this infections is. For those who have never heard about it we must say that FBI virus is a dangerous cyber threat that was released several years ago. It was labeled as ransomware because it seeks to trick people into paying the ransom. If FBI virus infiltrates the system, it locks it down and then starts showing a huge warning message saying that the Federal Bureau of Investigation or other governmental authority noticed illegal activity. It may accuse its victim for the use of copyrighted content, distribution of pornographic material and similar crimes. In addition, victim is informed that the only way to unblock the affected computer and avoid the jail is to pay the fine of several hundreds of dollars. Of course, you should never agree with this because you can never be sure that your payment will help you to unlock your computer.

Unfortunately but hackers don’t sleep and keep updating their viruses each day. FBI virus is not an exception. According to several dozen of reports, this ransomware threat has recently been designed for Android OS. This means that now it is capable of infecting these devices and locking them down. It is known that FBI Android virus is just a newer version of Koler malware, that was discovered less than a year ago. Just like other versions of this threat, it is spread thru fake alerts offering people to update their Adobe Flash Player, Java or similar programs. Such ads are mostly displayed on illegal websites but they may also show up when visiting legitimate sites that were hacked by the owners of Android ransomware. Of course, it is also possible to get infected with this threat via infected email attachments, so stay away from suspicious mails actively offering you to download their attachment. As soon as this ransomware gets inside the system, it locks the device and causes such alert:

ATTENTION! Your phone has been blocked up for safety reasons listed below.

All the actions performed on this phone are fixed.

All your files are encrypted.


You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United Stated of America criminal law.

Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading pof pirated music, video warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.


The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is 300$. You can settle the fine with MoneyPak xpress Packed vouchers.

As soon as the money arrives to Treasury account, you phone will be unblocked and all information will be decrypted in course of 24 hours.

Of course, this alert is a scam that should never be trusted. Governmental authorities, such as FBI, Police Central e-crime Unit, An Garda Síochana, Royal Canadian Mounted Police, Australian Federal Police and many others, do NOT lock PCs and other devices in order punishing their owners. Please, do NOT pay the fine because you will do the only thing – you will support the creators of FBI Android virus.

Beware that when infected with this threat you may also lose the ability to reach your important files. The good news is that this threat can hardly encrypt your files, what means that they can be recovered by eliminating this virus from the system. However, getting into Settings and trying to unlock the system may be a hard task, especially if you are not an experienced user. For that you can use these steps:


1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by FBI android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.
About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

Read in other languages