FBI Scam is a set of trojans that pretends to be originating from Federal Bureau of Investigation and locks PC to extort money. Although most of them look the same and do the same thing, their implementation differs. One can distinguish FBI scams in 2 ways : by picking removal way that works or by inspecting the files dropped on another, non-infected PC.
Most of FBI scams can be removed using alternate OS scanners as long as your hard disk is not encrypted. In cases of encrypted hard disks, many solutions might not work at all as the most of them requires safe mode or safe mode with networking.
Here are couple ways that one could try when booting from Alternate OS scanners is not an option.
System Restore to previous date
System restore to previous date is fine option to remove some of PC parasites and works for some of FBI scams as well.. It will work from safe mode, safe mode with command prompt or safe mode with networking. Once you access that mode, run rstrui program. It can be accessed from control panel as well.
After system restore has finished restoring and PC boots normally, I recommend scanning with anti-malware programs to identify parasites without visible symptoms that might been lurking in the last restore point. This reduces chances for reinfection with FBI scam significantly. I recommend scanning with 2 tools, Hitman Pro and Spyhunter. Both of them include cloud scanners.
Removing FBI Scam using msconfig
In many cases, safe mode and safe mode with networking will work normally even if FBI Scam blocks the normal mode. This is by far simplest and fastest way to remove such ransomware.
- Reboot, press F8. Choose safe mode
- Run msconfig, disable all startup entries you are uncertain about
- Reboot normally
- Run FULL system scan with several tools (we haven’t removed anything before this step). I would go with Spyhunteror Mawarebytes in this case, as we need to identify inactive malware (Spyware doctor won’t work that well).
This should get rid of FBI Scam for good.
Removing FBI Scam when only safe mode with command prompt works
This is my least favorite version of FBI Scam as the makers worked really hard to make the removal as complicated as possible. Basically, If system restore works, go with it. If not, you will have to launch regedit and Fix Winlogon Shell variable to reference explorer.exe instead of malicious executable from %appdata% folder. This way is covered here : Gimemo removal .
There are couple of other, parasite-specific ways to remove this scam. For example, in some cases other user accounts aren’t blocked, or you can download and launch anti-malware executable if you are fast enough. However, it is far easier to protect oneself from FBI scam infection than to have fix PC