Skip to content
Monitor live humans, bots, and datacenters Botcrawl Edge Try Edge Free
Malware

How to Remove FBI Virus (Removal Guide)

The “FBI virus” is one of the most well known ransomware scams ever distributed in the United States. It first appeared in 2012 as a full-screen lock screen that falsely claimed to be issued by the Federal Bureau of Investigation and demanded payment through MoneyPak vouchers. Botcrawl was among the first publications to document this threat and publicly identify it as the “FBI virus” or “FBI MoneyPak virus.” As the campaign spread, it became one of the most widely searched ransomware infections in the country. While the original malware variants are no longer widespread, FBI-themed scams and lock screens continue to resurface in modern forms, including browser lockers, online extortion schemes, and mobile ransomware.

FBI Virus

Although the original FBI MoneyPak ransomware relied on prepaid vouchers and basic screen-locking techniques, the core social engineering strategy behind it has remained largely unchanged. Modern versions of the FBI virus no longer need to fully lock a device to intimidate victims. Instead, they exploit fear through browser-based lock screens, fake law enforcement warnings, phishing emails, malicious advertisements, and scam websites designed to pressure users into paying fabricated fines, surrendering personal information, or installing additional malware. These newer schemes often appear more polished, use updated branding, and target both desktop and mobile users, allowing the threat to persist long after the original campaign faded.

FBI Moneypak virus

This article traces the FBI virus from its earliest ransomware campaigns to the modern scams modeled after it. It explains how the original FBI MoneyPak malware operated, how its tactics evolved over time, and how to remove FBI-themed malware and lock screens using modern security tools. It also examines how early law enforcement impersonation schemes influenced today’s ransomware and extortion tactics, along with practical steps to protect devices from current file-encrypting attacks and fake authority warnings.

What is the FBI Virus?

The FBI virus was a type of ransomware that locked a user out of their computer and displayed a fake warning claiming to be from the Federal Bureau of Investigation. The message accused victims of viewing illegal content or violating federal law and demanded a fee to unlock the device. Payments were commonly requested through prepaid voucher systems such as MoneyPak, Ukash, Paysafecard, or Reloadit.

The FBI virus was one of the earliest widespread ransomware families in the United States. Instead of encrypting files like modern ransomware, it restricted access to the entire desktop and prevented the user from accessing Windows until a fake fine was paid. The goal was simple intimidation. Many victims complied out of fear, especially when the message displayed their location, IP address, or webcam feed.

Although the original FBI virus has faded, scammers still use FBI branding to scare users through browser pop ups, online extortion messages, and fraudulent phone calls. These threats use modern tactics but rely on the same psychological pressure as the original ransomware.

How the FBI Virus Spread

The original FBI virus spread through many of the same infection techniques used by malware today. These included:

  • Exploit kits that delivered ransomware when a victim visited an infected website
  • Malicious email attachments disguised as invoices or notices
  • Drive by downloads from compromised sites and ads
  • Fake software updates that installed ransomware instead of legitimate updates
  • Bundled installers combined with pirated software or fake media players

Exploit kits were particularly effective at the time because many users were still on outdated versions of Java, Flash Player, and Internet Explorer. A single visit to a compromised site could trigger an automatic ransomware installation.

Symptoms of the FBI Virus

Most victims of the FBI virus experienced obvious symptoms such as a full screen lockout. However, related scams can behave differently today. Common symptoms include:

  • A full screen window displaying an FBI message
  • Loss of access to the desktop
  • Keyboard shortcuts disabled
  • Webcam activates without permission
  • New browser tabs forcing an FBI warning
  • Pop ups claiming your device is under investigation
  • Unexpected redirects to law enforcement themed pages

If you encounter any of these symptoms, your device may be compromised by a lock screen Trojan, browser hijacker, or scam website script.

Modern Variants and Related Threats

Although the original ransomware family is obsolete, modern threats continue to use FBI branding. These include:

  • FBI browser lockers that freeze a browser tab with a fake FBI warning
  • FBI phone scams where scammers call victims pretending to be agents
  • FBI email scams that threaten legal action unless payment is made
  • Mobile ransomware on Android that locks the screen with FBI logos
  • Fake security alerts that redirect users to tech support scams

These threats do not function like the original ransomware, but they use the same pressure tactics and are often combined with phishing, payment fraud, and identity theft.

Remove the FBI Virus with Malwarebytes (Recommended)

The most effective way to remove an FBI virus infection is to scan your device with a trusted anti malware tool. We recommend using Malwarebytes because it specializes in removing ransomware, adware, browser hijackers, and potentially unwanted programs. Manual removal may not detect hidden files or startup entries, so using an automated scanner is the safest option.

Follow these steps to remove the FBI virus using Malwarebytes:

mbsetup

  1. Download Malwarebytes and save the installer to your Downloads folder. Double click it to begin installation.

install malwarebytes

  1. Follow the on screen instructions to install Malwarebytes on your Windows device.

choose your protection type

  1. Select whether you are installing Malwarebytes for personal or business use and click Next.

malwarebytes browser guard

  1. You may be offered Malwarebytes Browser Guard. You can add it or skip this step.

malwarebytes get started

  1. Once installation is complete, open Malwarebytes and click Get Started.

malwarebytes all in one protection

  1. If using the free version, you will receive a trial of Malwarebytes Premium. After the trial ends, the program continues working as an on demand scanner.

malwarebytes scan

  1. From the dashboard, click Scan. Malwarebytes will check memory, startup items, registry entries, and files for ransomware and related threats.

scanning for threats

  1. Wait for the scan to complete. This may take several minutes.

threats detected

  1. When the scan finishes, review the detected threats and click Quarantine to remove them. You may be prompted to restart your computer.

malwarebytes trusted advisor

  1. After rebooting, Malwarebytes may run additional checks to confirm your system is clean.

Manual Removal for Windows

If you still have access to your desktop or are dealing with a browser based FBI scam, these manual steps can help you remove unwanted components. Manual removal should be followed by a Malwarebytes scan to ensure no hidden remnants remain.

Step 1. Uninstall suspicious programs

  1. Right click Start and select Installed apps or Apps and Features.
  2. Sort by install date to locate recent additions.
  3. Uninstall programs you do not recognize or installed around the time the lock screen appeared.

Step 2. Remove browser notifications from fake FBI sites

  • Chrome: chrome://settings/content/notifications
  • Edge: Settings > Cookies and site permissions > Notifications
  • Firefox: Settings > Privacy and Security > Permissions

Step 3. Remove unwanted browser extensions

  • Chrome: chrome://extensions
  • Edge: Settings > Extensions
  • Firefox: about:addons

Step 4. Restore your default search engine

Restore Google, DuckDuckGo, or your preferred provider.

Step 5. Reset browser settings if symptoms continue

  • Chrome: chrome://settings/reset
  • Edge: Settings > Reset settings
  • Firefox: Help > More Troubleshooting Information > Refresh Firefox

Step 6. Clear cookies and site data

Remove cached FBI scam pages and redirects by clearing cookies and browsing data.

Step 7. Delete temporary files

Remove temporary files that may contain scripts or installers.

Advanced Checks for Persistent Issues

If you still see warnings or redirects, perform these advanced checks:

Check browser shortcuts

Right click your browser shortcut and ensure the Target field only contains the browser executable path.

Check Windows hosts file

Inspect C:\Windows\System32\drivers\etc\hosts for unwanted entries.

Check proxy and DNS settings

Ensure no unexpected proxies or DNS servers are configured.

Check Chrome policies

Visit chrome://policy to see if malware has enforced settings.

Review Task Scheduler

Look for tasks that launch unknown executables.

For more malware removal guides and cybersecurity alerts, visit our latest updates in the malware category.

Sean Doyle

Sean is a tech author and security researcher with more than 20 years of experience in cybersecurity, privacy, malware analysis, analytics, and online marketing. He focuses on clear reporting, deep technical investigation, and practical guidance that helps readers stay safe in a fast-moving digital landscape. His work continues to appear in respected publications, including articles written for Private Internet Access. Through Botcrawl and his ongoing cybersecurity coverage, Sean provides trusted insights on data breaches, malware threats, and online safety for individuals and businesses worldwide.

540 Comments

  1. Thanks for this guide. I’m glad I’m not alone in having “child porn” on my computer. My heart almost stopped when I first saw this on my laptop. Luckily I figured the Sytem Restore option out on my own. I’m also fastidious in backing up my data.

    I’ve since found a program that images my entire hard drive so now when i have a problem like this blasted malware I have another weapon in my arsenal to fix it.

  2. The weird thing is that mine did not say FBI mine said united states cyber security and immediately i knew it was a virus because it had the wrong ip address. I did the safe mode restart and knew about it because this has happened before to other computers in our house. Once performed i went back on youtube and continued watching my videos!

  3. Husband got this on his computer this morning … when he finally let me sit in his chair I restarted in safe mode and did a system restore. That allowed me to get back on his login where I have downloaded malwarebytes and am currently scanning with the free version. Thank you all for your comments and help. He is happy again.

  4. Got the FBI virus just this morning. The virus also disabled my ability to restore my PC to an earlier date. In Safe Mode with Networking, I was able to update my MalwareByte software to the latest version. When running MalwareBytes, you have to run a FULL SCAN. Quick Scan will not find or get rid of the virus.

    So, spend the time to run a full scan, restart, and you should be up and running again.

  5. This was a big help. Thank you for the info w/o trying to get me to buy something or download a useless program. That is a definate plus and welcome relief. Thank you again it was a very pleasant experience.

  6. […]  http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/ […]

  7. Thank you so much, the webcam was on my computer this am and i knew something didn’t make sense, like why couldn’t i have just used my credit card? so luckily i had my son’s laptop and googled this to find out it was a scam. I followed your instructions and my virus is gone. I cannot thank you enough for your help… coming from a person who is computer illiterate. You made it very easy.

  8. Thanks so much, I woke up this morning and my computer webcam was on and I knew something was wrong! I tried to click away from the ransom page and it had me lock out of the rest of the computer. I knew that it was a virus or something but I was running late for work, so it had to wait until I got back. After following the instruction here I was back in business in just a few minutes. Great page and easy to follow instructions.

  9. Why isn’t the REAL FBI doing anything about this? I see it on my customer’s computers weekly. Oh, they’re too busy going after 12-year-olds downloading bootleg copies of Ironman because of pressure from the media companies. Darn. Good ole’ America. Follow the money!

  10. […] FBI message? There are multiple guides online for removing this virus. Here is one of them. How To Remove The FBI Moneypak Ransomware Virus – Fake FBI Malware Removal | To find more guides search something along the lines of "FBI Moneypak virus removal" AVG […]

  11. I caught the Virus and was amazed at how authentic it looked. By the way…if you are foolish enough to send money to the “fake FBI”, don’t count on them removing the virus for you.
    BUT…I removed it quite easily by using the FREE version of Malwarebytes Anti Malware. One quick swipe and bye bye Virus. I’m sad to say that Microsoft Security Essentials (which I like) failed me this time.

  12. First off thanks a bunch I was gonna pay 200$ and just make it worse. When I saw this I wanted to jump off a high cliff. Now, What if when you do the manual removal and try to find the ctfmon file it’s in;C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, but there isn’t an .lnk at the end of ctfmon and when I tried to delete it it just popped up again. I went through The rest of step 2. and for now the virus seems to have gone away. But the ctfmon worries me. Does it mean that the virus is laying dormant until it has a chance to pop up again?

  13. […] has worked for me so far (this link details these instructions as well as other options in case this fails): put the computer into safe […]

  14. My cousin got this from an email. He was stupid enough to click on a link, nothing else on it. Heheh, so later this window popped up. We were both like “Wtf?” then we read it and we were freaking out. We were on my dad’s computer and he wasn’t home. We were FREAKIN OUT!!!! I decided to do some research. I felt like an elephant got off my shoulders after I learned it was just a virus. But then the feeling came back when I saw what it could do. I was like, “We have to get rid of this. Now!” I kept researching in safe mode. I came to this page and saw that facebook post where the person used system restore. I was telling myself I was so stupid… Hahaha, after trying to delete all those system files I forgot about system restore! Well I ran system restore. That day was not my lucky day… There was 1 restore point. And guess what… IT WAS EARLIER THAT DAY!!!!! And It was a windows update finished after rebooting. The reboot is because my cousin tried to get me off by shutting the computer down. Oh my god, it was just at the right time, too. It was about an hour before he read the email. For once, him trying to prove me wrong saved our lives as we know them. NO HAXORS 4 US!!!! YESHHHHHHH!!!!!

  15. Thank you so much for your help man, this virus had got me nervous thinkin i was having to pay 200$. I would had never known about malwarebytes but thanks to you my computer is safe!

  16. Thanks Sean Doyle, youre the man! I ended up using the safe mode system restore and it took me back quickly to better times. Follwed up with your suggested Malwarebytes and the scan indicated ‘0’ files, so if you can restore without losing too much previous downloaded info, I recommend.

  17. this website literally saved my @ss. thank you so much! i got this on my laptop, thought it was a fake popup then realized i couldnt “x” out of it. i got worried then shut down my computer and it was still there. i played around with safe mode for a while then found this website on a different computer. within 10 minutes i had restored my laptop and it runs fine now. cant thank u enough

  18. […] it took my very computer savvy husband …. PC back to normal.  Here’s a link to the directions in case anybody’s curious.  And in that time, I had an epiphany.   The […]

  19. I got this nasty virus yesterday at 12:35pm. took me till now, 2:04am Early Saturday morning 14 hours later to finally have my machine back up and running. Thanks for all the great info and encouragement. I wish I could return the favor so all I can do is spread your link around to other people in need. Thanks for saving my butt!

  20. Thanks the Mister got it, he was gonna pay til he ask me……….. FYI>>>>>>>>>>>>> The FBI will not nor has ever ask you to pay money for fines that you have been on an illegal website . Anyone who thinks this is crazy, these folks will knock your door down before telling you something like that, if its illegal you will know when the FBI is involved. We done the restore thanks, and once again the woman has solved the problem at my house lol

  21. Got it this morning at home, many thanks for the analysis and removal instructions and all the commenters’ inputs – lots of good suggestions. Question: has anyone checked to see if the (real) FBI cares about their name being used this way? I suppose the charge would be something like “fraud committed under color of law”? …they do have resources, probably good enough, if they were to choose to get serious about going after this.

  22. This very helpful site and info saved my netbook from being tossed from a thirty-story window! Thank you so much! I used the “Safe Mode” start option and deleted the pirate from the Start Menu in All Programs. I had to start using my usual username, whereas the first attempt I made was with the Admin account. Thanks again!

  23. Well it happened to me, Got scared and sent a money pak fo $200.00.
    Had a good friend that solved the situation but still lost the doe.
    Good lession

  24. Thanks to this good man who wrote all this information about of this bad gus,who extorsioning to the people whose we use the computer,just for good things,no for durty activities like them,this stupid people make me have a hard time they bloked my laptop and know I dont know if will work again laike before,I am following up the instruction that this friend is giving to remove this dirty virus I hope that maybe I get it.
    I want to tell you again my friend thanks for makeme fill free of preocupation please leave this information accecible for more people like me who need orientation about of this donkey guys!! God Bless you!!

  25. Brilliant thank you, I did safe mode and installed free avg and did a scan which removed some stuff and then downloaded free malwarebytes which removed other stuff but i didnt pay attention to any names it removed. Anyway it seemed to work so thanks a lot!

  26. Thank God for these directions. What Sam’s comment says does work. It’s in the removal directions in this article so you don’t have to read the comment below though.

  27. This morning i experienced the same ransomware from the metropolitian police e-crime unit. After following the above suggestion it worked. So please that there a fix to this. Thank you

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.