How Could I Remove FBI “Your computer has been locked!” Virus - FBI MoneyPak Ransomware Removal Help

A FBI screen came up to lock your computer and said you need to pay a fine to unlock it? If you see such a FBI warning on your screen, your PC has been infected with FBI MoneyPak Ransomware, do not trust what it says or even pay the “fine” via MoneyPak, it is a big scam from hacker, what you need to do is to remove the FBI virus as quickly as possible. If your PC is locked by FBI MoneyPak virus, follow this guide to get rid of it and unlock your PC now.

What is “Your computer has been locked!” Virus

“Your computer has been locked!” Virus is a notorious ransomware which made to locks computer and forces the victims to pay ransom money. This FBI virus can be activated by Trojan hiding on your PC, or be installed when you access to junk email, spam email and free download software. Due to its rich distribution routes, there were thousands of PC users all over the world were infected by “Your computer has been locked!” Virus.
 
Once “Your computer has been locked!” Virus invade your PC, it disables your system functions and blocks up your screen when you boot up PC, then you will just see a screen with title and logo of FBI, claiming that you computer have been locked because you have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content”, and viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc.)”, thus you have to pay a fine ($100 / $200 / $300 / $400) via MoneyPAK to unlock your PC and prevent yourself from being accused.


 “Your computer has been locked!” Virus has scammed lots of people with such trap, since most of the victims had experience of browsing porn websites, so it is easy to make them believe that they were accused for watching or distributing forbidden contents. If you see the FBI “Your computer has been locked!” Virus on your screen, just dismiss the warning from it, do not become the next victim who contributes money to the evil hacker. More severely, the hackers will steal your credit card details when you were paying the money via MoneyPak, that means you will possible lose all the funds on your bank! Please read the easy guide here to get rid of “Your computer has been locked!” Virus and avoid further damage and loss.


  Attention: If you have no enough skills and experience on handling a virus manually, please never try to complete the manual removal steps by yourself, or you will risk to disable your PC by removing crucial system files. Get Online PC Expert to help you:

Fake FBI Webcam Monitoring

Once infected by FBI MoneyPak Virus, you will also see a fake “recording ” webcam on your screen, which attempts to make you believe that your activities are under monitoring. All of these content look like real, so most people were scammed into paying the fake fine. Don’t be fooled, the FBI is not monitoring your activities.

Fake Warning from FBI Virus

Your computer has been locked!
Your computer has been locked due to suspicion of illegal content downloading and distribution.
Mentioned illegal content (414Mb of video files) was automatically classified as child pornographic materials. Such actions, in whole or in part, violate following U.S. Federal Laws:
18 U.S.C. 2251 - Sexual Exploitation of Children (Production of child pornography)
18 U.S.C. 2252 - Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution and receipt of child pornography)
18 U.S.C. 2252A - certain activities relating to material constituting or containing child pornography.
Any individual who violates, or attempts to violate, or conspires to violate mentioned laws shall be sentenced to a mandatory term of imprisonment from 4 to 30 years and shall be fined up to $250.000.
Technical details:
Involved IP address: <ip address>
Involved host name: <computer's host name>
Source or intermediary sites:
All suspicious files from your computer were transmitted to a special server and shall be used as evidences. Don't try to corrupt any data or unblock your account in an unauthorized way.
Your can be classified as occasional/unmotivated, according to title 17 (U.S. Code) 512. Thus is may be closed without prosecution. Your computer will be unblocked automatically.
In order to resolve situation in an above-mentioned way you should pay a fine of $300.

Different Versions of FBI MoneyPak Virus

Cyber Command of California Virus, Cyber Command of New York Virus, USA Cyber Crime Investigations Virus, CyberLocker Virus, The ICE Cyber Crime Center Virus, United Kingdom Police Virus, Homeland Security Virus, caribarena virus, FBI Cybercrime Division Virus, FBI Moneypak Virus, Child Porn Virus, Interpol Department Of Cybercrime virus, fine@fbi.gov, DirtyDefrag.exe, Your browser has been locked, West Mercia Police Virus, Canadian Association of Chiefs of Police Virus, NSA Internet Surveillance Program Virus, Department of Justice virus, Royal Canadian Mounted Police Virus, Computer Crime and Intellectual Property Section, United States Courts Virus, Mandiant U.S.A Cyber Security virus, ICE Cyber Crime Center, Homeland Security Virus, metropolitan police Virus, Cheshire Police Authority Ukash

Is it possible to remove “Your computer has been locked!” Virus by antivirus software?

No. “Your computer has been locked!” Virus will firstly disable your firewall and antivirus once you launched PC, thus no matter how strong your antivirus is, it cannot help you at that time. You may think that your antivirus will work in Safe Mode, but unfortunately, this “Your computer has been locked!” ransomware will even disable your safe mode immediately once you boot your PC into that mode. So far, manual removal is the only method that helps you get rid of “Your computer has been locked!” Virus and unlock your PC, take action to remove the Moneypak virus now with the steps below.

Unlock your PC from “Your computer has been locked!” Virus step by step

Step1: Bootup the infected PC in Safe Mode with Networking with these steps:
a. Reboot your infected PC
 b. keep pressing F8 key before Windows start-up screen shows
 c. use the arrow keys to select “Safe Mode with Networking” and press Enter.

(If your Safe Mode with Networking has been disabled by FBI virus as well, please contact Online PC Expert to get further solutions.) 



Step2: Stop “Your computer has been locked!” Virus processes in the Windows Task Manager by Pressing Ctrl+Alt+Del keys together

random.exe

Step3: Show all hidden files:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens click on the Appearance and Personalization link.

Under the Folder Options category, click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files, folders, or drives.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files (Recommended).

Press the Apply button and then the OK button.

Step4: Erase “Your computer has been locked!” Virus associated files

%System%\regsvr.exe
%System%\svchost .exe
%System%\setting.ini
%System%\setup.ini
%AllUsersProfile%\Application Data\~
 %AllUsersProfile%\Application Data\~r
 %AllUsersProfile%\Application Data\.dll
 %AllUsersProfile%\Application Data\.exe
%AppData%[trojan name]toolbarstat.log
%AppData%[trojan name]toolbarstats.dat
%AppData%[trojan name]toolbaruninstallIE.dat

Step5: Terminate these Registry Entries created by “Your computer has been locked!” Virus.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "random "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings “CertificateRevocation”=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: [avsdsvc] %CommonAppData%\ifdstore\security_defender.exe /min
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Security Pro Virus\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” –u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Inspector

Video Guide about How to Remove Registry Entries of Ransomware

Important Notes for PC Users without Enough Virus Removal Skills and Experience

You are not recommended to complete the xx manual removal process if you are not a computer expert, since you would risk to delete wrong files that will cause severe system malfunction. Therefore, you have to assure that you are equipped with expert-level knowledge and skills on PC before you do anything on the infected system. If you are not experienced enough on manually removing a virus, please get Professional PC Support to help you.