Removing FBI Virus Ransomware off Your Computer

If you’ve ever turned on your computer only to be met with a warning asserting your computer has been “locked” by the authorities, then you’ll know what Ransomware is.

Ransomware is a name given to the type of malware that works by preventing users from accessing their computers and/or files until they pay a fee (or ransom).

This type of malware has proven to be incredibly successful, especially the “FBI” variant that asserts a victims computer has been locked by the FBI for being involved with illegal activities. (ranging from illegal pornography downloads to viewing copyrighted content)

Victims are presented with a lock screen. To gain access to the computer (i.e. remove the lock screen) the victim is told they need to pay a fine to continue.

ransomware

An example of screen locks used by FBI ransomware, including one claiming to be from the Metropolitan Police.

This variant of malware is also dubbed the “FBI Virus” or “FBI MoneyPak Virus”.

Of course the computer hasn’t been locked by the FBI at all. It’s malware scammers at play and it means the victim has somehow fallen for a malware scam which has led to their computer becoming infected. Any money paid by the victim will go straight into the hands of a scammer.

Variants of the “FBI Virus” ransomware can vary between countries. For example UK users have reported of the FBI being replaced with the Metropolitan Police or Scotland Yard.

Removing the FBI Ransomware

Step 1. The first step is to remove the lock screen asking you to pay money so you can access your computer. Depending on the variant of ransomware this procedure can vary.

First, try to boot your computer into “Safe Mode with Networking” by tapping F8 when your computer turns on and selecting Safe Mode from the boot menu. This only loads files required to run Windows. If the screen lock does not appear then proceed to the next step.

If the screen lock still appears then you need to try to do a System Restore to take your computer back to a time before the infection. Once again tap F8 on startup and select “Safe Mode with Command Prompt”. (see below) Wait until it loads and then type “explorer” to start Windows Explorer. (you may need to type it again if the first time does not work).

dos

Once Explorer loads navigate to –
Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/7: C:\windows\system32\rstrui.exe and press Enter

This brings up the System Restore facility where you need to follow the instructions on screen, selecting a restore date prior to infection.



Step 2. Now you can access Windows without seeing the lock screen you need to perform a full system scan with your up-to-date antivirus software. If you don’t have quality antivirus installed or it is outdated then you will need to download a free antivirus program from the Internet through another computer and transfer it to the infected computer via a USB flash drive.

Running a full system scan should then remove the infection.

We recommend downloading both the Hitman Pro software and the MalwareBytes software and running both on the infected computer. Both programs are easy to use and all you need to do is follow the on screen instructions.

(note: remember to save the programs from the Internet without installing on the uninfected computer. Copy each file you download and put it onto a USB stick using the uninfected computer. You can then transfer them to the infected computer and double click each file to begin the installation process. )

And that should remove most variants of the FBI Virus ransomware. If you struggle to follow these instructions or if they do not work then we recommend taking your computer to a professional for removal. All variants of ransomware can be removed without the need for a full factory reset, though some versions are harder to uninstall than others.

Protect your computer from Ransomware

It is important to know that the FBI or other authorities do not lock people out of their computers in this manner, much less demand users pay a fine to access their computers. So if this does happen to you, you know it’s a scam.

Ransomware is a prolific type of malware circulating the Internet and another reason why it is vital to have reliable, up-to-date security software installed on your computer at all times. Quality security software will prevent ransomware from installing. For our recommendations on quality security software click this link.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)