CITES Security | University of Illinois

Removing the FBI Virus

A new malware scam pretends to be from the FBI, locking your computer until you "pay a fine." Do NOT pay anything. Instead use these steps to remove the virus.

A virus is installing itself on some Windows computers at the University of Illinois. Security researchers refer to it as the FBI Virus.

Infected computers display a pop-up message alleging to be from the FBI. The message states that you are receiving a notice from the FBI because you either violated copyright law, viewed or distributed pornography, or your computer was used to illegally access digital resources. All of these offenses allegedly carry a fine that you must pay in order to regain control of your computer.

In reality, this is a scam.

YOU SHOULD NOT PAY ANY MONEY IF PROMPTED. 

If you have received one of these pop-up messages, you should follow our removal instructions to get rid of the virus.

Screenshots

A number of variations of this virus are appearing in the wild, so the phrasing of the message, the look of the pop up window, and the supposed fines may vary slightly. However, here are two potential screenshots of the virus in action:

Screenshot 1 of FBI Virus

 

Screenshot 2 of FBI Virus

 

Removal Instructions

If you would like to try and remove the FBI Virus yourself, just follow the instructions below. If you are part of the University of Illinois community, and you need help with these instructions, or if you are still unable to remove the FBI Virus after following these steps, please do not hesitate to contact The CITES Help Desk (by email at consult@illinois.edu or by phone at 217-244-7000).

1) Boot into Safe Mode With Networking.

2) Log in to the infected account.

3) Download CCleaner directly from: http://www.piriform.com/CCLEANER

4) Download Malwarebytes directly from: http://www.malwarebytes.org

5) Install CCleaner. Once it is installed, open CCleaner and click Run Cleaner with default settings.

6) Install Malwarebytes. Once it is installed, open Malwarebytes and check for updates to get the latest antivirus definitions. This will make sure that Malwarebytes is checking for the most recent versions of the FBI virus. After the updates have been installed, perform a full scan of your computer with Malwarebytes.

7) Restart your computer. The FBI virus should be gone.

8) After you have removed the FBI virus, make sure that you have active and up to date antivirus software to prevent further infections. If you need antivirus software for your computer, you can download a copy for free from the WebStore.

9) Lastly, the FBI virus and other viruses often spread through out of date versions of common software and applications. Therefore, it is a good idea to get and install updates for the following: Adobe Flash, Java, Microsoft Updates, and whatever web browsers you may use.

Tagged with: