Besides the users who ask for help with ransomware removal, you may also see the requests like “FBI locked my computer, what can I do and how to get my files back?”. FBI Lock is not a real computer blockage by the Federal Bureau of Investigation, but a computer virus that shows you fake FBI messages. In this post, you will see the description of this malware, as well as the method of its removal.
What is FBI Lock?
FBI Locker is an example of typical winlocker – virus that shows you a scary banner about the PC blocking for extremist materials checking or keeping the child pornography, and asking for the ransom in Bitcoin. Such a manner is quite similar to ransomware, but the peculiarity is that winlockers are remembered by virus analysts as predecessors of ransomware. After the ransomware appearance in 2014, this type of malware became very rare because of much less profitability and a lot of ways to deal with it without any complicated manipulations1.
However, at the edge of 2021, winlockers appeared in sight, again. They have got some specific features that make them close to classic ransomware, but there are also a lot of moments that distinguish them from the last one type of virus. While ransomware encrypts all your files it can reach, FBI Locker damages only several files on your computer. There are no readme.txt files – you will be informed about the files encryption by the banner which covers your desktop, so you cannot interact with something instead of this banner. Lower, you can see the example of this banner.
Symptoms of FBI Lock virus presence
There is a single and a very bright symptom of FBI Locker presence on your PC. The desktop becomes inactive and gets covered with a banner, so you are not able to make any actions besides interaction with this message. This banner is not able to be skipped with standard methods (Alt+Tab or Ctrl+Alt+Delete combinations), because it implements several important changes after being launched. First, the explorer.exe process is stopped to prevent any tries to open a file/program while the banner is shown. Then, winlogon.exe is suspended to avoid the mentioned combinations usage. Simultaneously, several registry entries are edited, so every time a user tries to log into the system, this banner will appear, again.
How was my computer infected with this virus?
The majority of FBI Lock cases belong to the usage of software from untrustworthy sources. Under the term of untrustworthy software I mean the free tools that are produced by unknown users and serve for Windows optimization, tweaks for better games performance, or even hacktools/keygens. All these programs have usually no certification and are detected by the antivirus software as a riskware. Other way of distribution is bundling with cracked programs.
The ways for obtaining these programs may be different. Some of them may be downloaded from the official website. However, the dubious utilities or cracked programs are likely distributed through computer forums or P2P networks, like eMule or PirateBay. No one can guarantee that the program downloaded from such sources contains no viruses. That’s why it is very easy to add something like FBI Lock to the package.
How to remove FBI Lock from my computer?
As it was mentioned, FBI Lock implements numerous changes to your system parameters, including the registry. Hence, manual removing is likely impossible, because the risk of missing something is very high. Besides the changes in system settings, this virus often disables the Microsoft Defender2, so it is impossible to clean the system with a pre-installed tool. The best solution is to utilize the program that doesn’t has such vulnerabilities.
My choice for this case is GridinSoft Anti-Malware. This tool is a proven and easy-to-use anti-malware software that will surely wipe the FBI Lock out, together with all possible viruses you have on your PC. But the fact that your PC is locked and you cannot use anti-malware software as usual requires several additional steps.
First, you need to get rid of the scarry banner. The standard advice like “reboot the Windows into the Safe mode” cannot be used, because the virus blocks all possible ways of reaching this setting. Fortunately, the FBI Lock has the single unlock key, so it is very easy to remove it.
- Enter this key in the field at the right bottom corner:
- Now, when the malware activity is stopped, download and install the GridinSoft Anti-Malware. After the installation, you will be offered to perform the standard scan. Apply this action.
- Standard scan lasts up to six minutes, and checks the system files together with the files of the programs you have installed on your computer.
- When the scan is complete, press “Apply” to wipe out the FBI Lock and other viruses that are present on your PC.
- About the history of ransomware and winlock viruses
- Microsoft Defender detailed review