All activity on this computer has been recorded. Fake FBI warning
This is a fresh ransomware application that is dangerous and hunts for your money. We noticed it recently on one of our test computers and therefore hurry up to tell you the logical and clear removal instructions that are aimed to assist you in deleting this scam. The virus locks the entire screen of yours with a horrifying message that says this:
All activity on this computer has been recorded. If you use a webcam, videos and pictures were saved for identification.
You can be clearly identified by resolving your IP address and the associated hostname.
Illegally downloaded material (MP3’s, Movies or Software) has been located on your computer.
By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading or copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine or imprisonment for a penalty of up to 3 years.
Further more, possession of illegally downloaded material is punishable under section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.
Please note: This fine may only be paid within 48 hours, if you let 48 hours pass without payment, the possibility of unlocking your computer expires.
In this case a criminal case against you will be initiated automatically.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak.
After successful payment, your computer will automatically unlock. Failure to adhere to this request could involve criminal charges and possible imprisonment. To perform the payment, enter the acquired GreenDot Moneypak code in the field.
No doubt, if you do not know that this notice is a fake one you will be scared. However, time is not given to you for panic, but for actions. Ignore the faulty statements of this malware program. Do not obey the instructions of this scam. In order to get rid of it please follow these simple instructions you see below.
- Launch your PC into Safe Mode with Command Prompt.
- In cmd.exe window type regedit.exe and press Enter.
- With the help of Registry Editor remove the Update parameter from the following registry entries:
- In the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon set up the value of the Shell parameter equal to Explorer.exe
- Download, install, update and run GridinSoft Trojan Killer. Remove all threats detected and reboot your PC.