FBI Virus – How to Removal Guide

FBI virus has spread the infection rapidly to millions of computers in these years. A great number of PC users were shock by the warning message from the FBI virus when they launched the Windows system. According to our report, a substantial amount of the victims choose to pay the fine to criminal crimes but never think about how remove the FBI virus completely. They believed that they did violate the local laws and other legal policy. Actually, the warning message is not sent by the Federal Bureau of Investigation. FBI virus is a kind of ransomware that was programmed to attack computers in USA. This virus can be distinguished from other malware by a very aggressive behavior towards an infected machine. Most of the antivirus programs still can not remove the FBI virus very easily. They failed to detect out the FBI virus when it had been installed into the Windows system. Most infected computer users will find it difficult to remove FBI Moneypak even if they realize the scam because of the seemingly irreversible system’s lock-down. Despite this, there are a few tricks that could be used to regain access and delete the vicious infection. The most effective method of removing FBI virus is to use the manual way until now. The message from FBI virus claims that the PC user has illegally visited or distributed copyrighted content such as videos, music, and software. Consequently, the cyber-criminal demands a payment within 48 to 72 hours in order to lift the ban on his/her computer.
FBI

“Your PC is blocked due to at least one of the reasons specified below.

You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.

Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

To unblock the computer, you must pay the fine through MoneyPak of $100.”

People should realize that the computer is not blocked by the local police department or other authorities. The computer is infected with malware spread by cyber-criminals that try to let Internet users pay for a activity that they didn’t do. There is no any government department worldwide would ask for a fine by only blocking the computer. People will receive a telephone call or document from the law enforcement agency and even the officials will come on a visit to their house. Furthermore, there are some of these scamers who make phone calls to unsuspecting computer users who have been affected by the FBI virus offering services that include the removal of such viruses. Most times, these are the same people who may have sent the virus to your computer and are seeking another opportunity to steal personal information, money, passwords and financial information among others that they can use to steal your identity leading to great financial losses. Therefore, do not trust the fake notification and never pay the money to the cyber-criminal. The only way to release your computer screen is to remove the FBI Virus immediately.

You should know that hackers keep changing their mind nowadays and being more tricky to scam PC users. When you receive the warning message from the so call Federal Bureau of Investigation, don’t be so perturbed and if you are not sure with the issue, you also can call the locate police station and they will explain everything for you.

Once the FBI virus has been installed on your PC, your computer and all of the applications would be locked by the FBI virus so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay anywhere from $100 to $200 in the form of a MoneyPak,Ukash or PaySafeCard code. Once the computer is infected the user is directed to a fraudulent FBI screen which is misleading as FBI does not lock screen of normal citizens.

FBI

You may want to know that why your computer was infected by the FBI virus. There are a few of reasons that you may install the FBI virus on your Windows system inadvertently.

1. Visit any suspicious website. If you always open un-trusted webpages then you would get the high risky to be infected by the Trojan. FBI virus can be installed on your PC through the Trojan. You had better make a pre-judgment before you visit the website. This can help you keep clear of the Trojan and malware. Just remember that have you ever opened any weird website when you receive the FBI warning message.

2. Click and open the attachment in strange email. The cyber-criminal will send millions of email with the attachment carrying virus to PC users. If you download and open it for your curiosity, you would get the infection very easily. You should ignore the email with attachments which is from unknown person.

3. Download and install freeware on your computer. Most of the victims got such FBI infection because they download some applications from un-trusted website. If you want to download software, you had better go to the official website. This will ensure you that the application is safe without any malware.

All above are the main three reasons for getting the FBI virus or other white screen virus. Here we introduce you a instruction from the YooSecurity Online Service. You can follow the FBI virus removal tips step by step to remove the FBI virus yourself. We have tested this method and it did work for the removing of FBI virus.

a. Restart your computer, press F8 while it is restarting. This may help you enter the safe mode.
b. You will see some options for the model of Windows. Please choose the Safe Mode.
c. Launch MSConfig
d. Disable startup items rundll32 turning on any application from Application Data;
e. Reboot your computer.

If you cannot use Safe Mode, try rebooting into safe mode with command prompt. Here how to delete FBI Monepak Virus using this approach:

a Reboot into safe mode with command prompt. FBI virus should not be launched this time.
b Run regedit. Search for Winlogon.
c There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
d Save changes, reboot to safe mode with networking.
e Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.

Okay, now please press Ctrl+Alt+Del keys to open the Task manager to stop the progress of FBI virus. This step requires faster operation as the virus name changed instantly with various names. Then terminate the progress related to the FBI virus.

You need to delete the files and registry entries of FBI virus:

C:\Documents and Settings\\Start Menu\Programs\Startup\ ctfmon.lnk
C:\Documents and Settings\\Start Menu\Programs\Startup\.lnk
C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk
C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ .lnk
C:\Users\\AppData\.exe
C:\Documents and Settings\\Local Settings\Temp\.exe
C:\Users\\AppData\Roaming\.exe
C:\Program Data\lsass.exe
C:\Program Data\.exe

Delete the FBI virus register entries created in computer system.

HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Before you edit and delete the Windows registry entries, you had better back up the Windows registry at first. To back up the registry entries, please do this:

*Click Start, and then click Run.
*In the Open box, type regedit.exe, and then click OK
*Locate and then click the key that contains the value that you want to edit
*Right-click on the key and choose Export.
*In the Save in box, select a location where you want to save the Registration Entries (.reg)
*In the File name box, type a file name, and then click Save.

Video: How to Remove FBI Virus


You can visit this webpage to view the detailed information and everything about the FBI virus http://guides.yoosecurity.com/how-remove-fbi-moneypak-virus-malware-that-blocked-pc-asks-for-payment-100-dollars/. You also can contact and have a live chat with the YooSecurity experts. Every one of them is well trained and research the virus removal methods for years. They would help you remove the FBI virus and other PC threats effectively.

References:
http://www.fbi.gov/scams-safety/e-scams
http://guides.yoosecurity.com/remove-fbi-virus-locked-computer-scam/