“Your operating system is locked due to the violation of the federal laws of the United States of America…”
This message welcomes you to fake FBI locked computer virus screen. Then, it explains you why FBI locked your computer and asks you to pay a fine. Otherwise, a criminal case will be filed against you. Months in a jail and $240,000 sum are scary as compared to hundred or two dollars asked to be paid for a fine within next hours. Some people do pay, but nothing changes. The locked computer is still locked, and FBI has nothing to do with the message sent by cyber criminals over email. Fear – it is what the fake FBI block ransomware is about. And the target of this scam is your money that wouldn’t help you to unlock the infected computer. If paying ransom cannot help to unlock your computer, then how would you get rid of the fake FBI block virus? Read on to find out how can you remove Fake FBI Block virus and unlock your computer without paying money to cyber criminals.
Fake FBI Block virus Removal Guide
- Remove Fake FBI Block virus manually
- Fake FBI Block Virus Removal Tool
- Complete Fake FBI Block virus removal
What is Fake FBI Block virus?
Fake FBI Block virus with this particular screen, sometimes called FBI Black Screen of Deat, is another sample of ransomware from FBI series wide spread over United States and European countries. It alleges a user of an infected system in some criminal activity on the Internet and asks for a fine of $100 or $200 paid either with MoneyPak or Green Dot cards.
The scam with Fake FBI Block virus is similar to other like ransomware scams such as Ukash and Reveton viruses. All of these ransomware variations come with Trojans from infected websites involved in activities that left some room for speculations about the legal matters. As an example it might be website that offers copyrighted video and music content for free or a porno site. Very often Fake FBI Block virus is spread with email. This email messages have a link that points to the Trojan located on some host.
Cyber criminals expect that there is no way to easily find out if the law was violated or not, and a locked computer cannot help to find more information. Moreover, such an allegation, supposedly coming from a powerful law enforcement agency is scary. The shock and pressure that come with Fake FBI Lock virus might make a user to believe that FBI can lock computers for such a minor law violation and ask for a fine paid with MoneyPak or like pre-paid card within the next 48 or 72 hours. Neither of these is true, and this fine is just a disguise for a ransom.
Do not pay a ransom to cyber criminals for removing Fake FBI Block virus. Do not waste your money since this payment will not help you to unlock your computer, and it is up to 20 times as expensive as the removal tool that can help you. Use the following guide instead to remove Fake FBI Block virus.
Fake FBI Block virus Removal Tool
Some users are not able to remove Fake FBI Block virus manually, and the virus design might change with a time and make guides for a manual removal outdated and ineffective. Removal tools, as compared to guides, are constantly maintained by the vendors that trace the malware development and make needed corrections in the removal procedures. Security Stronghold offers a low cost solution pack that consists of Fake FBI Block Removal Tool and True Sword antispyware scanner. The offer includes a free technical support and money back guaranty. The scan is free. You can try this removal tool and see if you need it. The list of scan results also might help to manually remove Fake FBI Block virus and other threats present on your computer.
Remove Fake FBI Block virus manually
It is possible to remove Fake FBI Block virus using System Restore on a computer that is boot in a Safe Mode with Command Prompt. Please, read how you can do that and give it a try. It is the easiest way of removal that any user can handle.
* On Windows XP type C:\windows\system32\restore\rstrui.exe and press Enter
* On Windows Vista and 7 type C:\windows\system32\rstrui.exe and press Enter
Note: Type it quickly. Otherwise Fake FBI Block virus will block typing. Alternatively, you can type explorer, and when it starts follow the path and double click the file rstrui.exe.
If you system restore is set to automatically save images of your system when it changes, then you can find a restore point close to the date before your system was infected with Fake FBI Block virus and revert malicious changes by restoring your computer to previous state.
The next way is removing Fake FBI Block virus from the Windows startup list . For this you need to disconnect your network and start your system in a “Safe Mode with Command Prompt”. At the prompt, type regedit.exe and hit Enter.
In the Registry Editor window expand the following key:
Examine the list of files set to run automatically on your computer located in the right pane and find the one with a name that might belong to a virus.
Note: Malicious program can use system file names, but these malicious files are not placed in the system folder. So you can find it out by looking at the path.
Write the path down and delete this subkey by right clicking on it and clicking Delete in the pop-up menu.
Now you need to remove the program that automatically starts Fake FBI Block virus from the Startup program list. For this you need to type msconfig at the command prompt, find ctfmon.lnk in the opened window and remove the line with a path that this file belongs to. Now you can restart your system as normal and continue with the removal.
Delete Fake FBI Block virus files:
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\[random]
Remove Fake FBI Block virus entries from system registry:
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
Note: If the manual removal process is confusing to you, then it is better to use removal tools to get rid of Fake FBI Block virus. You can use help guides to learn more on procedures that you need to perform and the system tools you need to use. Be careful while working with Registry Editor since errors in the registry might be fatal to your system. With removal tools you can uninstall Fake FBI Block virus without excessive effort.
Complete Fake FBI Block virus removal
Before you connect your network back reset proxy settings to prevent malicious redirect to the site that might reinstall Fake FBI Block virus back onto your PC.
Threats like Fake FBI Block virus might come bundled with other infections. After you remove it, update your antivirus program and run a full system scan to remove other malicious programs. You also might need to use antispyware software to see if there is any spyware left on your computer.
Find more about computer system protection against malicious programs.