Its been a while since I have posted a virus removal guide (lack of viruses lately), but this time I have got a humdinger! It is known as the FBI Virus and comes in several variations, but all with the same intentions – in order to remove the virus you need to use MoneyPak to pay the required amount – in this case $300! Now I have my doubts if paying the money would actually remove the problem – I tried doing research to see if this was the case but could not find anything. Below is a screenshot of the offending virus, basically the virus will close everything down on the computer and show the following screen. You will not be able to do anything (emphasis on anything – not even Ctrl + Alt + Del will work)! If your computer has a webcam it will even show that in the little screen to the right.
From what I can gather this virus only affects the user account it was installed on, so if your computer has more than one user account, the other users will not be affected. If you have a second user account, you can use this account to remove the virus and do not have to bother with the safe mode instructions below and you can just skip to the following instruction 3. This by the way is how I was able to remove the virus, by logging on to the other user account I was able to remove the virus.
1. Shut the computer down, you will have to use the power button or alternatively the reset button. If your computer is configured to shutdown when your press the power down, then you can just press the button and wait for the computer to shutdown properly, if not then you will have to press and hold the power button until it kills your computer.
2. Follow the directions in this previous post to boot to Safe Mode: http://www.computer-skills.info/2012/01/how-to-boot-windows-into-safe-mode.html. Make sure you use the option of Safe Mode with Networking! You will need internet to update virus definitions and possible to download MBAM if you do not have it already.
3. For the actual removal I recommend using Malwarebytes Anti-Malware: http://www.malwarebytes.org/. The free version works just fine and when you are down you can uninstall MBAM. You can download and install this from Safe Mode if necessary.
4. Update MBAM! This very important so that if finds all of the FBI Virus.
5. Run a Full System Scan! In my experience a quick scan does not seem to work with the FBI Virus. This may take some time!
6. Once MBAM is done running, let it remove all the infections found and reboot the computer normally and ensure that the FBI Virus is gone.