A new Windows locker Trojan is circulating the web that disguise as a notification page from FBI. Its headers and introduction messages contains the following text:

The FBI
Federal Bureau of Investigation
ATTENTION!
Your PC is blocked due to at least one of the reasons specified below…

This FBI scam message claims that you have violated the copyright law for illegally using a copyrighted content. It then locks the computer and Windows, refusing your access unless you pay a fine of 100$.

It is evident that this activity is a fraud act committed by the same group who initiates Willkommem bei Windows Update. Although, FBI Windows Locker targets users worldwide, unlike their previous variant who aims for country specific victim. It attempts to rip-off money from computer users through scare tactics purporting to be from a legitimate government agencies.

One odd thing about this FBI Windows Locker is its payment process. It demands that penalty shall only be paid through MoneyPak. Since when does any Government institution instruct an offender to pay a fine through a payment system that is available from retail chain stores?

To release a blocked PC from this malware, follow the instructions on this page. It will require you to boot the computer from a USB device in order fix an infected boot sector and registry entries.

Type Ransomware
Sub-Type Windows Lock, PC Lock
OS Affected Windows

What are the Symptoms of Ransom Malware Infection?

FBI PC Lock Trojan will lock the PC, denying user’s access to Windows and all programs. It will replace the desktop with a ransom messages as show in the image below.

Screenshot of FBI Winlocker Trojan

Update: August 22, 2012
A new version of FBI PC Lock is in the wild. This time, it added a new payment scheme called Ultimate Game Card by PaybyCash.com. Here is the screenshot image.

FBI - Ultimate Gane Card

Follow these Procedures to Remove FBI PC Lock

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains FBI PC Lock remover.

Create a USB Bootable Device

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove FBI PC Lock

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing FBI PC Lock, you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

Protect your PC from FBI PC Lock or Similar Attack

Turn On Security Features of your Internet Browser

Internet Explorer - Activate SmartScreen Filter

Internet Explorer versions 8 and 9 has this feature called SmartScreen Filter. It helps detect phishing web sites and protect you from downloading malicious files online. You may have avoided FBI PC Lock virus if this has been active on your PC. To turn on SmartScreen Filter, follow these steps:

1. Please open Internet Explorer.
2. On top menu, select Tools (IE 9). For IE 8, please look for Safety menu.
3. Select SmartScreen Filter from the drop-down list and click on Turn on SmartScreen Filter.

IE SmartScreen Filter

4. Please restart Internet Explorer.

Google Chrome's Enable Phishing and Malware Protection

With Google Chrome's Phishing and Malware Detection feature, you will have lesser risks browsing the web. It will display a warning when the site you are trying to visit is suspicious. To enable Phishing and Malware Protection, please do these steps:

1. Open Google Chrome.
2. Click on the Customize and control Google Chrome (3-Bars Icon) located on top right corner of the browser.
3. Select Settings from the drop-down list.
4. Once on the settings page, click on Show advanced settings... at the bottom of the page to see the rest of the Chrome setup.
5. Locate Privacy section and mark 'Enable phishing and malware protection'.

Chrome Security Settings

6. Please restart Google Chrome. New settings keep your browser safe while surfing the web.

Mozilla Firefox - Block Attack Sites and Web Forgeries

Phishing and Malware Protection is a built-in feature on Firefox version 3 or later. It warns you when a page you are trying to visit contains phishing content or an attack site designed to drop threats on the computer. To help you keep safe while browsing the Internet using Firefox, please follow this guide:

1. Open Mozilla Firefox browser.
2. On top menu, click on Tools. Then select Options from the list.
3. Select Security and put a check mark on the following items:

  • Warn me when sites try to install add-ons
  • Block reported attack sites
  • Block reported web forgeries

Firefox Security Settings

Remove FBI PC Lock & Protect Your Computer Now!

Get Protection
30 Day Trial

12 thoughts on “FBI PC Lock Trojan

  • September 25, 2012 at 7:26 am

    I got this trojan (Ransom FBI) today – demanding a $200 “fine”. I was running Firefox and had the security setting set as recommended above.

    I shut down manually, then rebooted in safe mode (Windows XP). Then I ran Malwareytes, and it found and removed the malware.

  • September 27, 2012 at 1:33 pm

    I followed these instructions twice and my PC still has the lock.

  • September 28, 2012 at 1:21 pm

    I downloaded the 92) file but could not make the Karpesky USB recue disc maker.exe.
    Can any one send me the exe file?

  • September 30, 2012 at 6:17 am

    “Ray” There is also an entry in your menu start with the startup programs, so if you clean the computer and restart, it wil infect intself again. Start computer after cleaning in safe mode and remove program entry.

  • November 4, 2012 at 1:46 pm

    First off i hope everyone is not accessing the internet on the main administrator account for the computer. if you were smart to make a secondary admin or a standard user account then there is no need for a backup/rescue disc to repair this problem. simply ctrl+alt+delete when lock screen happens switch to admin user, you will get in like normal, disconnect internet as precaution. Use a free malware remover like advanced system care 6 or IObit malware remover, and use CCleaner which is also free, do deep clean, remove malware, fix registry errors, and clean computer then shut down and restart computer as normal. go to the non-main admin or standard user login and all will be normal again. this damn lock screen has happened twice to me and both times i did the above with complete success. Do what ever works best for you, and be careful.

  • December 26, 2012 at 4:49 pm

    Thank you for any other informative blog. The place else could I am getting that type of info written in such a perfect way? I’ve a challenge that I am just now running on, and I’ve been at the look out for such information.

  • December 31, 2012 at 1:43 pm

    Wonderful items from you, man. I have take note your stuff prior to and you’re simply extremely magnificent. I actually like what you have got right here, really like what you are saying and the way in which wherein you assert it. You make it enjoyable and you still care for to stay it smart. I can’t wait to read much more from you. This is actually a wonderful website.

  • January 15, 2013 at 4:29 pm

    I have to tell you that I was so happy when I found this!!! My friend’s laptop was locked up tighter than a drum (safe mode and the CD-ROM), I spent many hours looking for just what you had and you guys have my total appreciation and gratitude!!! Thank you sooooo much!

  • January 16, 2013 at 4:13 am

    This virus/malware is what is illegal. Whoever is doing this, needs to be stopped. This has happened on two of our computers, with no illegal use on our part. How do we stop these people?

  • January 25, 2013 at 1:51 am

    Outstanding work here. What a relief to find such expert advice that worked as described. I’ve not used Kapersky until now – lets just say I’m a big fan now! My TrendMicro told me is cleaned a couple of trojans just minutes before my laptop got taken over. I also had all the aforementioned Smartscreen & Phishing & Malware settings already enabled. Nonetheless, my workday came to a screeching halt and has consumed 3 hours to get back on my feet (I’m not complaining ;)

  • May 2, 2013 at 9:31 pm

    Unfortunately, this has not worked. My computer will not boot from the USB drive even though I followed the instructions to the letter.

  • September 18, 2013 at 8:36 pm

    get off my computer now

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Please support Im-Infected.com
By clicking any of these buttons you help our site to get better