Recently a close family member (let’s call him Steve) did not have use of his computer for several days. The computer was locked up, being held for ransom. The computer was infected with FBI ransom virus.
WHAT IS THIS VIRUS?
The FBI virus is the latest version of ransomware viruses. Ransomware are viruses that infect and lock up your computer until you pay the person or group that’s responsible for the virus. Your computer is held hostage. The virus is also called the FBI MoneyPak virus because the scammers give you instructions on how to buy a MoneyPak card to make it easy for you to pay them.
WHAT DOES IT DO?
The virus flashes a message on your screen alerting you that the FBI Has locked your computer because you have been illegally using or distributing copyrighted material. The message may also say that you have been viewing or distributing pornographic material. The virus also took control of Steve’s webcam and started taking pictures of his office where the laptop was located. It is kind of creepy knowing that a total stranger knows what the inside of your house looks like.
HOW DO YOU GET IT?
The majority of infections seem to come from websites that have been compromised and infected with this virus. It could be an infected link at a site or even a picture that you click on.
HOW DO YOU REMOVE IT?
Steve repeatedly rebooted his computer. The same FBI locked out screen came up. He no longer had control of his own computer, a stranger did.
Here is what I did to give Steve the use of his computer back and get rid of the virus:
Disconnected the network cable and turned off wireless access. You don’t want the virus trying to communicate while you are trying to remove it.
Booted the computer into safe mode.
In the Search box I typed rstrui.exe. This brought up the Restore System Files and Settings screen.
I then simply picked a date BEFORE the computer was infected with the malware.
The computer began to restore itself. It is like going back in time before something bad (a virus) happened.
I rebooted the computer after it restored itself.
I logged in as normal.
I then ran the most updated version of malwarebytes.