FacebookTwitterLinkedIn

FBI Cybercrime Division Virus - Your computer has been blocked

Also Known As: FBI Cybercrime Division Ransomware
Damage level: Severe

What is FBI Cybercrime Division?

The FBI Cybercrime Division message blocks computer users' screens, stating that the block was applied for alleged illegal download of music and video files. This is a scam - a ransomware infection developed by cyber criminals. In fact, neither the FBI nor the International Cyber Security Protection Alliance has any connection with this message.

No international authorities use screen-blocking messages such as this to collect fines for any law violations. The FBI Cybercrime Division ransomware demands payment of a $300 fine in order to unlock the user's PC, but note that paying this fine is equivalent to sending your money to Cyber criminals - with no guarantee that the computer will be unlocked.

FBI Cybercrime Division Virus - Your computer has been blocked

This particular screen locker originates from a family called Urausy and predominantly targets PC users from the USA. There are, however, many other variants of this ransomware targeting other countries. For example, computer users from Australia (with PCs infected with this ransomware), observe this message as if delivered from the Australian Federal Police.

To add authenticity, cyber criminals exploit the names and graphics of local authorities. Ransomware localization such as this is possible through the rogue software determining the IP address of the computer targeted for infiltration. If you observe a message from the FBI Cybercrime Division blocking your computer screen, your PC is infected with ransomware.

Update April 29, 2013: A new ransomware virus was discovered, exploiting the name of the FBI Cybercrime Division and ICSPA ("Your computer has been locked and all your data were encrypted"):

FBI Cybercrime Division and ICSPA ransomware virus

Update July 17, 2013: Cyber criminals have released a new variant of the FBI Cybercrime Division ransomware virus - Mandiant U.S.A Cyber Security "Your computer has been blocked up for safety reasons" Virus

FBI Cybercrime Division virus is distributed using drive-by downloads and Trojans. Note that there is a delay between the actual infection and the time at which the computer screen is blocked (approximately 5 minutes), thus making it difficult to determine the cause of the infection.

To protect PCs from ransomware infections such as this, users should keep their operating system and installed software up-to-date. Furthermore, always use legitimate antivirus and anti-spyware software. If your computer is already infiltrated with FBI Cybercrime Division ransomware, use the removal guide below to eliminate this scam from your PC.

A fake message displayed by the FBI Cybercrime Division virus "Your computer has been blocked" ransomware:

ATTENTION! Your computer has been blocked due at least one of the reasons specified below. You have been violating Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America. Article 2, Section I, Clause 2 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been...
Article 2, Section 1, Clause 8 of the Criminal Code provides for a fine of up to 5200,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 2, Section 1, Clause 1 of the Criminal Code provides for a fine of up to 5200,000 and/or deprivation of liberty for 4 to 9 years.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 2, Section 1, Clause 2 of the Criminal Code provides for a fine of up to 5500,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned Article 2, Section 1, Clause 1 of the Criminal Code of United States of America.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of United States of America of February 05, 2013, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours! To unblock the computer you must pay the fine through MoneyPak of $300. When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State's account.
Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

FBI Cybercrime Division virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with FBI Cybercrime Division virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

Cannot boot in Safe Mode with Networking? (FBI Cybercrime Division virus blocks Safe Mode with Networking)

If you have more than one user account on your operating system, please log-in to a clean account and download recommended malware removal software, install it, and run a full system scan.

Remove all security infections detected. If, however, you have only one user account, please follow this guide (the guide describes how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove the FBI "Your computer has been locked" ransomware).

If FBI Cybercrime Division (PC blocked) MoneyPak scam also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly-created user account ('removevirus'). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of FBI Cybercrime Division virus.

Other methods used to eliminate this ransomware virus from your PC:

Remove FBI Cybercrime Division ransomware virus using a Rescue Disk.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
FBI Cybercrime Division Ransomware QR code
Scan this QR code to have an easy access removal guide of FBI Cybercrime Division Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.