Be Aware! FBI Fake Scam Virus
Facebook Twitter More...

0

Be Aware! FBI Fake Scam Virus Is Spreading all over the Country

FBI virus is firstly reported by YooSecurity as fake lock screen virus and malware. FBI and IC3 have confirmed virus is a typical malware which spreads across the internet very fast. YooSecurity firstly reported this YooSecurity post on June 14, 2012, and it has been various variants by targeting different states in the US, Canada and Austria. This malware usually infects unprotected computer easily without users notice and disguise itself as ‘The FBI Federal Bureau Investigation’, and then creates fake alert informing the computer user that they violated the Copyright – related law, so their computer has been locked by the fake FBI Your computer has been locked notice. To unlock the computer, fine must be paid (usually 100 – 200 bucks), otherwise you may see jail time if the fine is not paid in time. This message can be very scary for the people who see it the first time, actually, this is nothing but a standard hoax created by hacker. I’m telling you that, if you ever receive strange message or alert in your computer saying that you violated some kind of law and ask for your money, there is no need to give a damn about it, the only thing you need to do is to remove FBI YooSecurity locked my computer scam ransomware immediately to avoid further trouble. If you have no idea how to do so, please refer to the below information and instruction.

Screenshots of FBI virus

FBI VIRUS1

FBI VIRUS3

FBI VIRUS4

Possible FBI virus alerts & messages

“Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you authomatically within the next 72 hours! (Sometimes it shows you within 2 hours or 48 hours).”

“You have been violating Copyright and related rights Law (Video, Music,Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, clause 8, also known as the Copyright of the Criminal Code of United States of America. If it is PCEU Virus then this is thus infringing Article 128 of the criminal code of Great Britain.”

“Illegal access to computer data has been initiated from your PC,or you have been. Article 210 (it is 208 for PCEU Virus) of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.”

How does it infect my computer

You may wonder how does FBI virus get inside my computer? Actually FBI virus has four different version which including: ‘FBI Green Dot Moneypak Virus, FBI Moneypak, FBI Virus Black Screen, FBI Online Agent.’, all of them share the same feature which is taking advantages of security vulnerabilities of personal computers and getting inside the system without users notice through infected websites or files you downloaded. If there is no security program installed in your computer, or you don’t update the threat definition in time, security holes and vulnerabilities would appear that allows threats like FBI virus to get inside the computer freely. To avoid such thing from happening, you need to be careful about the website that you are trying to visit, do not open unknown Email or download freeware from untrusted source, of course, run your antivirus/antimalware program regularly and keep it updated.

Removal Instructions

Again, DO NOT PAY ANY MONEY IF PROMPTED if unluckily your computer got infected by FBI virus, simply follow the below instruction which will help you to remove FBI virus from your computer.
Step 1: Click Windows Start button and select restart.
Step 2: press F8 before you see the Windows logo, select to enter Safe Mode through Windows advanced boot options.
Step 3: Log in to your computer as usual.
Step 4: Press Windows button + R key at the same time, type in regedit in the run box, and then click OK to open registry editor.
Step 5: Press Ctrl + F key to open the search box, search the entry named WinLogon. Replace all the blank file with explorer.exe
Step 6: Back to the registry editor and navigate the branch tree, deleted the below infected entries:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe

Step 7: Open My Computer and delete the following infected file.

%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[random].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe

Please note that, in order to perform these manual steps, special skills are required, if you are not confident to manage this problem or failed to remove FBI virus, you can resort to online security services like YooSecurity or YooCare and ask for professional helps.

References
http://guides.yoosecurity.com/how-remove-fbi-moneypak-virus-malware-that-blocked-pc-asks-for-payment-100-dollars/
http://www.ic3.gov/default.aspx
http://www.fbi.gov/news/stories/2012/august/new-internet-scam

Leave a Reply

Your email address will not be published. Required fields are marked *