All activity on this computer has been recorded. Fake FBI warning

andy | September 6, 2012

This is a fresh ransomware application that is dangerous and hunts for your money. We noticed it recently on one of our test computers and therefore hurry up to tell you the logical and clear removal instructions that are aimed to assist you in deleting this scam. The virus locks the entire screen of yours with a horrifying message that says this:

FBI
All activity on this computer has been recorded. If you use a webcam, videos and pictures were saved for identification.

You can be clearly identified by resolving your IP address and the associated hostname.
Illegally downloaded material (MP3’s, Movies or Software) has been located on your computer.
By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading or copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine or imprisonment for a penalty of up to 3 years.
Further more, possession of illegally downloaded material is punishable under section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.
Please note: This fine may only be paid within 48 hours, if you let 48 hours pass without payment, the possibility of unlocking your computer expires.
In this case a criminal case against you will be initiated automatically.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak.
After successful payment, your computer will automatically unlock. Failure to adhere to this request could involve criminal charges and possible imprisonment. To perform the payment, enter the acquired GreenDot Moneypak code in the field.

No doubt, if you do not know that this notice is a fake one you will be scared. However, time is not given to you for panic, but for actions. Ignore the faulty statements of this malware program. Do not obey the instructions of this scam. In order to get rid of it please follow these simple instructions you see below.


Unlocking procedure:

  1. Launch your PC into Safe Mode with Command Prompt.
  2. In cmd.exe window type regedit.exe and press Enter.
  3. With the help of Registry Editor remove the Update parameter from the following registry entries:
  4. - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
    - HKCUSoftwareMicrosoftWindowsCurrentVersionRun
    - HKLMSoftwareMicrosoftWindowsCurrentVersionRun

  5. In the registry key HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon set up the value of the Shell parameter equal to Explorer.exe
  6. Download, install, update and run GridinSoft Trojan Killer. Remove all threats detected and reboot your PC.

3 Comments

  1. Voice of reason says:

    With all the effort put into removing these viruses, wouldn’t it be more effective to find out who these aholes are and start attacking their livelihood? There has got to be a way to find out who these people are and where they live.

  2. James says:

    How do I get to command prompt for safe mode when my screen is locked with the “fbi” warning?

  3. Anton says:

    Hi James!

    To get to the safe mode with command prompt, press ‘F8′ key while boot. In the menu that appears choose ‘Safe Mode with Command Prompt’

    If above won’t help and your screen is locked even in the Safe Mode, try this way:
    1. Download Kaspersky Rescue Disk image from other PC, burn it on a disk or write it to a USB stick.
    2. Boot the infected PC from Kaspersky Rescue Disk and run the scan.

2 Trackbacks

Leave a comment

*