teranell 18:05 07 Dec 2012

Young kid I know suddenly got full screen red pop-up claiming it's FBI, this computer is suspected of unlawful activity, will need $250. USD to unfreeze this computer.

He has laptop w/ Windows 7, his Norton anti-virus had run out, so he went a day or two w/out any protection - this is result.

Any advise on how he can deal with this without taking to shop or great expense? He can't even reformat, but can turn on and off.

Many thanks, Nell

  Secret-Squirrel 19:03 07 Dec 2012

I've tackled a few of these infections before and they've always been easy to resolve - hopefully it'll be the same in your case:

Tell the young kid that he or she first needs to start the laptop in Windows 7's Safe Mode. Hopefully the laptop will bootup fine and that pesky FBI message won't appear. If so, the next step is to run System Restore and choose a date on the calendar when the laptop was running fine.

When the System Restore completes the laptop will restart normally. If everything looks fine then the last thing to do is to run an anti-malware scan to mop-up any (inactive) malware files that might remain. The free version of Malwarebytes Anti-Malware is suitable for this job and is highly effective.

Lastly, get the kid to renew his Norton subscription or install another anti-virus program ASAP.

  Secret-Squirrel 19:26 07 Dec 2012

"...."and choose a date on the calendar.."

Sorry about that - Windows 7 doesn't doesn't use a calendar in System Restore. Instead, choose an available date from the list. If no suitable ones are shown, tick the box at the bottom to "Show more restore points" - see here for an example.

If System Restore can't be found via the Microsoft method I linked to above then it can be found via Start -> All Programs -> Accessories -> System Tools -> System Restore.

  Fruit Bat /\0/\ 19:36 07 Dec 2012

Full instructions and links to Malwarebytes etc. from here

  Secret-Squirrel 19:44 07 Dec 2012

Fruit Bat, at this stage I don't see the need to need to post such a complicated set of instructions. Getting a young user to manually edit the Registry like the instructions in your link could lead to disaster.

I reckon we ought to wait and see if my suggestion helps first as it's probably by far the quickest, easiest and safest method.

  Fruit Bat /\0/\ 20:15 07 Dec 2012

The easy instructions were there first with the links

It does say : Manual FBI Moneypak removal (special skills needed!):

  Secret-Squirrel 20:36 07 Dec 2012

"The easy instructions were there first with the links"

Sorry FB but I think it's badly written, incomplete, and confusing. Are you referring to steps 1 through to 4 at the top? If so then what do you make of step #3:

"In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it"

OK, so what do you do then?

And then the final step #4:

"Reboot computer infected with FBI ransomware once more and run a full system scan."

How can one run a full system scan when the infection has completely locked the computer?

I certainly wouldn't call any of that "easy" ;)

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator Charles Williams on how to create magazines and book covers

iMac Pro review

Les meilleures prises CPL (2018)