FBI Department of Defense virus is another ransomware that uses a name of FBI trying to earn some money. The program uses Trojan viruses to get into random systems without users’ consent. Once inside, the program completely blocks your computer so you would not be able to run any of your programs. It even disables your security tools and does not allow running Task Manager. Basically, the program displays once message in the middle of the screen saying that you have violated the law of the United States of America. Have a look at the message below:
Mandiant U.S.A. Cyber Security
FBI. Department of Defense
U.S.A. Cyber Crime Center
Your computer has been blocked for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
The message of FBI Department of Defense virus states that you have been using or distributing pornographic or copyrighted content and for this reason you must pay a fine of 300 US dollars. According to the message if you pay it, your computer will be unblocked in 24 hours. However, that is not true and paying will not guarantee that you will be able to use your computer normally again.
FBI Department of Defense virus uses the name of FBI just to make users scared. It is not related to any law institutions. It’s a scam that cyber criminals developed in order to quickly collect some money. It’s not the first ransomware that uses such unfair method. As you understand, FBI Department of Defense virus mainly attacks users located in the US. However, there are plenty of other similar programs based on the same methods, infecting computers all over the world.
The problem about these ransomware is that they are not that easy to remove. If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for FBI Department of Defense virus but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify FBI Department of Defense virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for FBI Department of Defense virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of FBI Department of Defense virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. FBI Department of Defense virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of FBI Department of Defense virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Automatic Malware removal tools