Desktop was blocked by a notification from FBI Cybercrime Division and International Cyber Security Protection Alliance? It claims that you have done something illegal? And you are asked to pay a fine of 200 euros through Ukash or Paysafecard payment system? Don’t be worried. You are not having trouble with the FBI Cybercrime Division and International Cyber Security Protection Alliance. It is a ransomware program, so you need to remove it as soon as possible. This post will guide you to get rid of this virus.
What is FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus?
The FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus is a ransomware program that mainly attacks Austrian computer users. Once this virus gets on your computer, it will display a fake notification that pretends to be from the FBI Cybercrime Division and the International Cyber Security Protection Alliance. Basically, the message in the bogus notification accuses you on download and spread copyrighted content and asks you to pay a non-existing fine of 200 euros in the forms of Ukash or Paysafecard to unlock your computer.
The message displayed in the fake notification:
WARNUNG! Ihr Computer Wurde Gesperrt Und Alle Daten Verschlüsselt Wurden!
Grund: Verletzung des Gesetzes.
Mögliche Verstöße Wärter Im Folgenden Beschrieben:
> Titel 17-Urheberrechte
Kapitel 10, Unterkapitel B – Steuerelemente kopieren
Besondere Verfahren Für Vorladungen Für Computer-Software Zum Entsperren Ihres Computer Müssen Sie Eine unter Beschuss nehmen Innerhalb von 24 Stunden Und Geben Den tragen Ein Formular Zu Zahlen.
Um Ihren Computer Und Entschlüsseln Sie Alle Ihre Daten Freizuschalten, Musst du Zahlen Fein: 200.00 EUR
The screenshot of the fake notification of the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus:
The FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus will, at the same time, lock you out of your computer and all programs. Under such circumstance, you will always get the lock screen fake notification whenever you try to log on into your computer operating system or Safe Mode with Networking.
You should know that the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus message is a scam and you should never pay the money as it request, because even you pay the money, the virus will not be removed. And you should know that governmental department never report about your wrongdoing in this way, not to mention use pre-paid card payment system to collect the fine.
It may get on your computer with the help of Trojans when you visit malicious websites or compromised websites or install free software that have bundled this virus.
How to remove the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus?
Some variants of ransomware exploit Java or Flash vulnerabilities to load the malicious code. The symptoms of the infection may be suspended by denying flash. Then you can navigate through the infected system. If step is not necessary for the removal, then skip to the next step.
To deny/disable flash:
Visit http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html → select the Deny radio option
If your computer can boot into safe mode, then follow Option 1. But if your computer is blocked from everything, including the safe mode running, then go through Option 2.
Option 1 Restore the operating system through Safe Mode with Command Prompt
1. Turn off your computer and then back on.
2. During the start, tap F8 key repeatedly till you are brought to the Windows Advanced Options Menu.
3. Use the arrow keys to highlight Safe Mode with Command Prompt and then press Enter.
4. Once the Command Prompt window comes out, quickly type “explorer” and hit Enter.
If you fail to do so in a few seconds, the ransomware will not allow you to type any more. You should restart the computer to the safe mode and repeat the process.
5. Find out the file rstrui.exe and press Enter.
The location of the file:
Windows XP: C:\windows\system32\restore\rstrui.exe
Windows 7/Vista: C:\windows\system 32\rstrui.exe
6. Follow all the steps to restore your computer system to an earlier time and date (restore point) before the infection.
7. Run a computer scan with Anvi Smart Defender and remove the infected files
Direct download link: http://www.dotfab.com/download_asd.html
Download and install Anvi Smart Defender → run Anvi Smart Defender → switch to Scan tab → run a Full Scan
Now your computer should have got rid of the infection of the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus, but you will notice that some software configured after the restore point has gone.
Option 2 Use Anvi Rescue Disk to Remove FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus
You can follow the instructions in the following video to get rid of the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus by using Anvi Rescue Disk.
Or, you can follow the following step by step instruction.
Step 1 Use a clean computer to download the Anvi Rescue Disk iso image file Rescue.iso and the USB disk production tool BootUsb.exe from Anvisoft official site.
Direct download link: http://www.anvisoft.com/software/rsd/
Please kindly note that Rescue.iso is a large file download; please be patient while it downloads.
Step 2 Record Anvi Rescue Disk iso image to USB drive.
You can also record the iso image to a CD/DVD. We will introduce the steps to record iso image to a CD/DVD in following guide.
1. Connect USB to the computer. You’d better backup your important data and format your USB drive before use it to record the iso image.
2. Locate your download folder and double click on BootUsb.exe to start it. And then click “Choose File” button to browse into your download folder and select Rescue.iso file as your source file.
3. Select the path of USB drive, such as Drive H:
4. Click “Start Burning” to start the burn of USB Rescue Disk boot drive.
5. Close BootUsb.exe tool when you get following message.
Now, you have bootable Anvi Rescue Disk to repair your infected computer.
Alternative Option-Record the iso Image to a CD/DVD
Any CD/DVD record software is fine for burn iso image. If you don’t have any, you can download and install Nero Burning ROM and ImgBurn. Here we will use Nero Burning ROM for demonstration purpose.
1. Open and start Nero Burning ROM and select Burn Image from the drop-down menu of the Recorder.
2. Locate your download folder and select Rescue.iso file as your source file and then click Open button.
3. Click Burn button to start record the iso image.
After a few minutes, you will have a bootable Anvi Rescue Disk to repair your computer.
Step 3 Restart your computer and configure your computer to boot from USB drive/CD/DVD that recorded Anvi Rescue Disk. Basically, you can use F8 to load USB boot menu.
For different motherboard, you may need to use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.
The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:
Step 4 After you enter Anvisoft Rescue Disk menu, please selected your preferred language and press Enter to continue.
Step 5 Now you are in the mini Operating system, please double click Rescue tool to start Anvi Rescue disk.
Step 6 Make sure that your computer is connected to network connection before you run a scan on your computer. You can go to Network Troubleshooting Tips for Ransomware Removal using Anvi Rescue Disk for tutorial.
Step 7 Please run a full scan by clicking the “Scan Computer” button in the middle of the program to detect and kill the PC lockup virus.
Step 8 Clicking “Fix Now” to Remove the detected threat by Anvi Rescue Disk.
Step 9 Switch to Repair tab. Scan and fix the registry error with the “Repair” module of Anvi Rescue Disk.
Important Notice: You must repair the registry error after kill the virus. You are probably disabled to boot your Windows without fixing registry damaged by the virus.
Step 10 Download and install Anvi Smart Defender to full scan your computer and remove all the infections detected.
Some ransomware variants are incredibly persistent, so you are highly recommended to download the antimalware promgram Anvi Smart Defender to remove all the detected threats as prompted.
After download, please restart your computer to normal Windows mode and then go to the folder: C:\Users\[username]\Downloads.
Double click asdsetup.exe file to install Anvi Smart Defender, then perform a Full Scan.
Or you can download it from this direct download link: http://www.dotfab.com/download_asd.html when you boot your computer to normal Windows mode.
Now your computer should be free from the infection of the FBI “Ihr Computer wurde gesperrt und alle Daten verschlüsselt wurden!” virus.
Malware prevention tips
The malware usually explores the vulnerabilities of your computer system to infect your computer. You should upgrade your system timely and patch the system vulnerabilities when prompted.
Apart from that you can keep the antimalware program Anvi Smart Defender as an additional protection to your computer. The Guard function puts your computer under a real-time protection, but you need to buy its pro version to get Full Guard. It will keep you away from malware and malicious websites.
Click Anvi Smart Defender to buy its pro version.