If you’ve ever turned on your computer only to be met with a warning asserting your computer has been “locked” by the authorities, then you’ll know what Ransomware is.
Ransomware is a name given to the type of malware that works by preventing users from accessing their computers and/or files until they pay a fee (or ransom).
This type of malware has proven to be incredibly successful, especially the “FBI” variant that asserts a victims computer has been locked by the FBI for being involved with illegal activities. (ranging from illegal pornography downloads to viewing copyrighted content)
Victims are presented with a lock screen. To gain access to the computer (i.e. remove the lock screen) the victim is told they need to pay a fine to continue.
This variant of malware is also dubbed the “FBI Virus” or “FBI MoneyPak Virus”.
Of course the computer hasn’t been locked by the FBI at all. It’s malware scammers at play and it means the victim has somehow fallen for a malware scam which has led to their computer becoming infected. Any money paid by the victim will go straight into the hands of a scammer.
Variants of the “FBI Virus” ransomware can vary between countries. For example UK users have reported of the FBI being replaced with the Metropolitan Police or Scotland Yard.
Step 1. The first step is to remove the lock screen asking you to pay money so you can access your computer. Depending on the variant of ransomware this procedure can vary.
First, try to boot your computer into “Safe Mode with Networking” by tapping F8 when your computer turns on and selecting Safe Mode from the boot menu. This only loads files required to run Windows. If the screen lock does not appear then proceed to the next step.
If the screen lock still appears then you need to try to do a System Restore to take your computer back to a time before the infection. Once again tap F8 on startup and select “Safe Mode with Command Prompt”. (see below) Wait until it loads and then type “explorer” to start Windows Explorer. (you may need to type it again if the first time does not work).
Once Explorer loads navigate to –
Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/7: C:\windows\system32\rstrui.exe and press Enter
This brings up the System Restore facility where you need to follow the instructions on screen, selecting a restore date prior to infection.
Step 2. Now you can access Windows without seeing the lock screen you need to perform a full system scan with your up-to-date antivirus software. If you don’t have quality antivirus installed or it is outdated then you will need to download a free antivirus program from the Internet through another computer and transfer it to the infected computer via a USB flash drive.
Running a full system scan should then remove the infection.
We recommend downloading both the Hitman Pro software and the MalwareBytes software and running both on the infected computer. Both programs are easy to use and all you need to do is follow the on screen instructions.
(note: remember to save the programs from the Internet without installing on the uninfected computer. Copy each file you download and put it onto a USB stick using the uninfected computer. You can then transfer them to the infected computer and double click each file to begin the installation process. )
And that should remove most variants of the FBI Virus ransomware. If you struggle to follow these instructions or if they do not work then we recommend taking your computer to a professional for removal. All variants of ransomware can be removed without the need for a full factory reset, though some versions are harder to uninstall than others.
It is important to know that the FBI or other authorities do not lock people out of their computers in this manner, much less demand users pay a fine to access their computers. So if this does happen to you, you know it’s a scam.
Ransomware is a prolific type of malware circulating the Internet and another reason why it is vital to have reliable, up-to-date security software installed on your computer at all times. Quality security software will prevent ransomware from installing. For our recommendations on quality security software click this link.