A couple of nights ago a friend of mine called me to help him with a new computer virus. It was something that he hasn’t seen before. The screen was blocked and covered with a message supposedly from the FBI, telling him he engaged in illegal activity and he has to pay a fine in order to unlock his computer. This was of course a fraudulent claim. As we all know, FBI wouldn’t just send you a bill if you were in trouble. If you really did something illegal, they would come knocking on your door after covertly gathering all evidence.
So, to make it clear: this message is a virus and it has nothing to do with FBI! If you get the same message, do not click on any of the links and do not pay anything! You can try to remove it yourself using the options I’m about to present.
Luckily I’ve seen this virus before, so I tried all the tricks to unlock the PC and remove the threat. This is a tricky virus, because it blocks your PC as soon as Windows loads. In many cases, you have no time to activate antivirus or spyware software to scan the hard drive. I attempted to access the task manager, system restore and tried to reboot in safe mode, but to my surprise, all of this failed.
To make a long story short, the best way to fix this is to try a combination of things:
- Turn off the PC,
- Unplug the power cord to completely reset the computer, then plug it back in,
- Start the PC in Safe Mode with Networking (because this will give you access to the Internet, in case you need to update your antivirus software),
- Activate System Restore and revert the system to an earlier date, when everything worked just fine,
If you’re successful with any or all of these methods to gain control over your PC, you need to run a malware and antivirus software to remove the Trojan Horse (Trojan.Ransomlock.R,). I recommend a combination of Malwarebytes and an antivirus solution from Bitdefender Antivirus. I have used the free version of Malwarebytes for many years and I love it! It’s so good and quick that you usually just need to run a Quick Scan. It finds most viruses and spyware/malware in less than 5 minutes. I tried many free antivirus programs, but I recently upgraded to Bitdefender Free Antivirus, and I found it to be much more effective than other programs I tried.
I was able to ‘save’ my friend’s computer with a little bit of luck: After a few attempts, I was able to enter Safe Mode with Networking and I used System Restore to ‘go back in time’, before the virus was activated. Then I scanned the hard drive with the malware and antivirus software to remove any traces of the virus.
If you don’t want to rely on luck and would like to read detailed instructions on how to remove the virus using various methods described in this article, then please visit the Botcrawl website. It even includes a manual removal method for advanced users. All you need to know for this method is that the files to be removed are located in Appdata\Local\Temp folder and that their names are rool0_pk.exe, [random].mof and V.class.
At the end, just one more advice: be careful what websites you view and never click on suspicious links! Stay safe!