FBI - Your Operating System is Locked

"FBI - Your operating system is locked" - how to remove this ransomware from your PC?

"FBI - Your operating system is locked" is a ransomware infection which locks computer user's screen and asks to pay a non existent fine of 200$ for visiting pornographic websites etc. It's a scam which is created and distributed by Cyber criminals, in reality FBI doesn't collect fines for any law infringements using such screen lockers. If you see such message on your computer this means that your PC is infected with a ransomware security threat. You shouldn't pay any fines that you are asked by this message, if you do you will send your money to Cyber criminals and your operating system will remain locked. Notice that Cyber criminals are using Green Dot MoneyPack for money transactions, this method of money transfer makes it very hard to trace them. Ransomware infections has become a very profitable business for Cyber criminals so more and more screen lockers are being created and released.

To make such scam messages appear more legitimate people who are responsible for creating them are using names of authorities, in this particular screen locker is exploiting the name of FBI. Furthermore such ransomware infections are able to detect the IP address of the computer that it infects, this allows Cyber criminals to present unsuspecting PC users with a localised version of the deceptive message. For example if a computer user who lives in France would have got infected with this screen locker the mesage would appear as it comes from "Police Nationale" and the message would be translated to French language.

"FBI - Your operating system is locked" ransomware is being spread using Trojans and malicious websites. Most commonly such infection is a result of reckless Internet browsing habits and poor security. To prevent such screen lockers from entering your PC you should keep your operating system and all of your installed programs up-to-date. Computer users should also use legitimate antivirus and antispyware programs with real time scanning features to block such infections from infiltrating their computers. If you PC is already infected with "FBI - Your operating system is locked" ransomware you should use the provided removal guide and eliminate it from your computer. 

Fake message shown in "FBI - Your operating system is locked" scam:

FBI Federal Bureau of Investigation
Attention!!!
Your operating system is locked due to violation of the laws of USA. Following violations were detected: This computer was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam - messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of 200$
You could Pay though "Green Dot - MoneyPack": To do this, you should enter the 16 digits code in the payment and "ENTER" (if you have several codes, enter them one after the other and press "ENTER"

"FBI - Your operating system is locked" screen locker removal:

Step 1

During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Log in to the account that is infected with "FBI - Your operating system is locked" scam. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.

remover for "FBI - Your operating system is locked" scam

After completing these steps your computer should be clean, reboot your computer in normal mode.

Alternative "FBI - Your operating system is locked" scam removal guide:

If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.

1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.

3. In the command prompt type regedit and press Enter. This will open the registry editor window.

4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of "FBI - Your operating system is locked" scam.

remover for "FBI - Your operating system is locked" scam

If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing "FBI - Your operating system is locked" scam from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.

Other tools known to remove "FBI - Your operating system is locked" scam:

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.

Manual "FBI - Your operating system is locked" scam removal:

If you were unable to remove "FBI - Your operating system is locked" scam using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these "FBI - Your operating system is locked" processes:

random.exe

Delete these "FBI - Your operating system is locked" files:

%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk