teranell 18:05 07 Dec 12

Young kid I know suddenly got full screen red pop-up claiming it's FBI, this computer is suspected of unlawful activity, will need $250. USD to unfreeze this computer.

He has laptop w/ Windows 7, his Norton anti-virus had run out, so he went a day or two w/out any protection - this is result.

Any advise on how he can deal with this without taking to shop or great expense? He can't even reformat, but can turn on and off.

Many thanks, Nell

  Secret-Squirrel 19:03 07 Dec 12

I've tackled a few of these infections before and they've always been easy to resolve - hopefully it'll be the same in your case:

Tell the young kid that he or she first needs to start the laptop in Windows 7's Safe Mode. Hopefully the laptop will bootup fine and that pesky FBI message won't appear. If so, the next step is to run System Restore and choose a date on the calendar when the laptop was running fine.

When the System Restore completes the laptop will restart normally. If everything looks fine then the last thing to do is to run an anti-malware scan to mop-up any (inactive) malware files that might remain. The free version of Malwarebytes Anti-Malware is suitable for this job and is highly effective.

Lastly, get the kid to renew his Norton subscription or install another anti-virus program ASAP.

  Secret-Squirrel 19:26 07 Dec 12

"...."and choose a date on the calendar.."

Sorry about that - Windows 7 doesn't doesn't use a calendar in System Restore. Instead, choose an available date from the list. If no suitable ones are shown, tick the box at the bottom to "Show more restore points" - see here for an example.

If System Restore can't be found via the Microsoft method I linked to above then it can be found via Start -> All Programs -> Accessories -> System Tools -> System Restore.

  Fruit Bat /\0/\ 19:36 07 Dec 12

Full instructions and links to Malwarebytes etc. from here

  Secret-Squirrel 19:44 07 Dec 12

Fruit Bat, at this stage I don't see the need to need to post such a complicated set of instructions. Getting a young user to manually edit the Registry like the instructions in your link could lead to disaster.

I reckon we ought to wait and see if my suggestion helps first as it's probably by far the quickest, easiest and safest method.

  Fruit Bat /\0/\ 20:15 07 Dec 12

The easy instructions were there first with the links

It does say : Manual FBI Moneypak removal (special skills needed!):

  Secret-Squirrel 20:36 07 Dec 12

"The easy instructions were there first with the links"

Sorry FB but I think it's badly written, incomplete, and confusing. Are you referring to steps 1 through to 4 at the top? If so then what do you make of step #3:

"In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it"

OK, so what do you do then?

And then the final step #4:

"Reboot computer infected with FBI ransomware once more and run a full system scan."

How can one run a full system scan when the infection has completely locked the computer?

I certainly wouldn't call any of that "easy" ;)

This thread is now locked and can not be replied to.

Samsung Galaxy S8 review

1995-2015: How technology has changed the world in 20 years

This 2D animation about monsters is illustrated in a Van Gogh painterly style

How to get WWDC 2017 tickets