FBI ransomware - How to remove?
FBI Ransomware is an aggressive scam that has been spreading on the Internet under the title of The FBI Federal Bureau Investigation. It’s an alert claiming that your PC is blocked due to several reasons. For example, violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, viewing or distributing prohibited Pornographic content and similar things. It also claim that your computer is infected by malware, which is a result of violating the law on neglectful use of personal computer. The ransomware will use generic sentences without providing exact reason for blocking your PC, though it would try to scare you with prison sentence.
Basically, you will have your system completely locked so you will not be able to perform any tasks there. At this stage it’s quite easy for the computer hackers to gain some money from you as you are not able to do anything. What FBI ransomware does is stating that you must pay the fine through MoneyPak of $100 or $200 (depending from version) in order to unblock your computer. It also says that when you pay the fine, your PC will get unblocked in 1 to 48 hours after the money is put into the State’s account. Easy as that computer hackers are collecting from $100 to $200 from each victim. The money is collected using MoneyPak or PaySafe pre-paid cards. Thus it is obvious that FBI Ransomware is a scam. You have to know that this malware is created just to scare you and to rip you off. The only way to stop this annoying alert is to remove the parasite, and it is still possible despite your PC being locked.
It is worth mentioning, that FBI ransomware is targeted for users from United States and Canada, while there is another version, called Ukash Virus, most common in Europe.
Note: If you can access another user from the infected PC, download Spyhunter on that account, launch it (if you need, run it as infected administrative user). Perform a full scan. This is by far the easiest way to remove FBI Ransomware without any data loss. Another trick is to pull out the network cable while PC is booting and pull it in couple minutes after the startup to download anti-malware programs. If you can’t access another account, follow the guide bellow or call +1-888-334-2444 (USA / CA ) for assistance.
Versions of FBI ransomware
FBI Moneypak Virus – The most common versions of FBI Ransomware that require payment through Moneypak Payment system.
FBI Department of Defense Virus – basically the same virus as the FBI Ransomware, the only difference is that it comes in a different design and mentions department of Defense. It is spread not so widely as FBI virus, but will perform the same malicious actions on your OS.
FBI Cybercrime Division virus – Another skin of FBI Virus that refers to Cybercrime Division.
FBI AntiPiracy Warning – This is a symptom of some of the FBI Ransomwares – a fake message that states that you have broken some laws and due to illegal activities performed online you need to pay a ransom. You can’t do anything on your computer before you pay for them or delete this virus.
FBI Online Agent Virus – yet another version of FBI ransomware that comes in slightly different looks. It blocks the whole system and displays message that in order to unlock it you need to pay $200 ransom.
Green Dot MoneyPak Virus – A minor FBI virus version that has distinct design. It is limited to one version of trojans thus it is easier to identify correctly.
Paysafecard virus – Paysafecard is a pre-paid card system similar to moneypak. It is used by many versions of FBI Viruses in USA, but paysafecard viruses are less common than Moneypak ones.
United States Cyber security – Yet another ransomware that is relevant to FBI virus. Targeted specifically to the users from United States and Canada.
Main ways to get rid of FBI virus
There are multiple versions of FBI ransomware, all with similar design. Some can be recognized from misspellings : Federal Bureau Investigation virus (lack of “of”), FBI Online Agent, etc. Others can not be distinguished that easily as use same text and layout. There are more than 10 different families of trojans behind this scam.
For practical purposes the difference is in the way FBI Ransomware launches and which system functions it disables. This is enough to find the most suitable way to get rid of them.
- Type 1: Versions, that do not launch in safe mode and safe mode with networking.
- Type 2. Versions that do not launch in safe mode with command prompt, but launches or show blank screen in other modes. Typically, launch at once after you log in without larger delay.
- Type 3. Versions, that disable all safe modes.
If you can’t access another user account to run anti-malware programs, use this guide to remove first type of FBI ransomware:
- Reboot and press F8 while PC is booting
- Choose safe mode with networking
- Launch MSConfig
- Disable startup items rundll32 launching something from Application Data. Optionally, disable everything you do not recognize.
- Reboot. FBI ransomware should not load.
- Download http://www.2-viruses.com/downloads/spyhunter-i.exe and scan your PC.
For the second type of FBI Ransomware, this guide will work :
- Reboot PC in safe mode with command prompt. This should allow overcome all versions of FBI Ransomware
- Run Regedit
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for these files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
If everything fails, you have 3rd type of FBI scam. Then there are following options:
- Attach your PCs hard drive to another PC and do a full system scan with anti-malware programs.
- Use alternate OS scanner like Norton Power Eraser or similar