DotFab Blog » Malware Removal & Prevention Tips»Malicious website»How to Remove Virus (Ransomware Removal Guide)

How to Remove Virus (Ransomware Removal Guide) overtakes your web page to be intimidating? This article explains how to get rid of this virus, a newly detected FBI ransomware infection, with a step by step removal guide.

What is Virus? is a malicious websites by cybercrooks to intimidate users to pay a fake fine. This virus is another FBI virus that locks web browser to ask for a ransom. This infection is very dangerous, but different from most previous ransomware, which seek ways to lock up entire OS.

There are mainly two types of this virus. One is that the lock screen of FBI Department of Denfense virus, also referred to as Mandiant U.S.A. Cyber Security virus, USA Cyber Crime Center virus, shown in web browser to display a fake warning localizated to threaten users in name of authorities like FBI Department of Defense, Mandiant U.S.A. Cyber Security, U.S.A. Cyber Crime Center. The other is kind of the FBI-your browser has been blocked virus. The common traits of the viruses are lock screen shown in web browser, addressed with Be aware and never pay the money as it instructed to pockets of cyber criminals.

A snapshot of one of virus

gov-cyberwebpolice-com virus

The scamming text of this virus:

Name: firefox.exe
Name: c:\program files\firefox\firefox.exe
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run scanning.

System component corrupted!
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Once infected virus, there would be also many other fake warnings pop up as shown below:

Virus activity detected.
This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with

Warning: Your computer is infected
Detected spyware infection! Click this message to install the last update of security software… Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details. Firewall Alert Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.

A snapshot of other kind of virus-FBI your browser has been locked virus:



Please keep in mind that neither of these two web page has anything to do with FBI or any other legal agency. Remove this scam lock webpage upon sight.

Below is a detailed removal guide to help you get rid of this nasty infection. Before the removal, let’s go through reasons that this virus infection is dangerous as well as some tips to prevent such malware infections.


Why This Virus Dangerous? 


This virus is very tricky and dangerous with negative traits below:

1. It invades computers via exploits and trojans.

2. It installs to infect system seemingly out of nowhere to overtake web browser and display various fake warnings.

3. Once infected, it will flood your web browser with various malicious ads and lock web page automatically everytime you open your web browser. Once the browser open, you could not exit the web page via X button.

4. Its scam warning fakes to come from FBI and other local authorities and display correct info of your web browser or IP address to make it intimidating and attempt to scare users into pay the fake fine as it instructed.

5. It will hijack your web page, and mess up your system to cause a sluggish system running while of course compromise your online security and violate your privacy.

6. It can scam users across web browsers including IE, Firefox, Chrome, Safari, etc. or even OS with also Mac system included.

7. Mostly likely, you get infected with virus via malicous websites. That is to say, other malware or PUPs or malicious codes are hidden to harm your system unexpectedly.


All in all, this virus is very dangerous and tricky. Avoid being infected by this virus at all cost. Below are some tips to help you enhance your computer protection against such type of infection. Good luck and be safe online.


Tips to Prevent Virus Infections


Mostly likely, virus is distributed via malicious websites. Also it can spread via spam emails with malicious attachments  and compromised peer-to-peer shared files. Accordingly, you may take below tips into practice for precautions.

1. Always ensure your system and installed programs up to date.

2. Use caution when surfing online. Basically, you should turn on security features of your web browser (see instructions to turn on Security Features of IE, Firefox and Chrome). Also you may make full use of some tool like Anvi Ad Blocker (Download) to block most malicious websites and pop up ads which are often used to spread malware. See more details about this tool in this article Easy Ads-free Surfing with Anvi Ad Blocker.

3. Be careful when you are required to download some plugin or software, or update your web browser, adobe flash, etc. Also take proper caution when you need to click some super link.

4. Be careful when open an email from unknown people or some express company. Don’t open any unreliable attachments contained in these spam emails.

5. Clean your system on regular basis to maintain a healthy system and also clean your browser data including browser history and cookies regularly in order to protect your privacy. In this regard, some system cleaner tools like Cloud System Booster would do you a favor.

6. Anyway, the best way to protect computer system would be security tools including firewall, antivirus/antimalware like Anvi Smart Defender to provide web guard and virus removal solutions to help the system immune to most infections in the future.


Prevention is better than virus removal. Whatsoever, if you unluckily encounter this dangerous virus, you can use below removal instructions to kick it out from your computer completely and return healthy system running.



How to Get Rid of Virus (FBI Virus Removal Guide)


Choose an removal option you prefer below:

Option 1 Manual Removal

Option 2. Automatic removal using antimalware tool (recommended)



Option 1. Manually Remove Virus from Computer


Step 1. Press Ctrl+Shif+ESC combination to open Windows Task Manager. Locate the Processes tab to find any processes related to, and then click End Process to close the lock page.

end gov-cyberwebpolice-virus process .exe*32


Step 2. Remove files from computer: Click Computer and type “” in search box to search any files related to and remove them all.

remove govcyberwebpolice files from computer

%AllUsersProfile%\Application Data\.dll

%AllUsersProfile%\Application Data\.exe

%program files%\\




C:\windows\system32\drivers\mrxsmb.sys( virus)


Step 3. Open registry editor and remove entries:

Click Windows start windows key button to type “regedit” in search box and click Enter to open registry editor. Click Ctrl + F combination to enter “” to search through computer to remove any registry entries.

remove gov cyberwebpolice virus registry entires

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2013-12-25_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Step 4. Reset your web browser to default settings to remove any settings modified by the virus.

> See detailed instructions to reset browser settings as default in IE, Firefox and Chrome
Step 5. Restart your computer to see if the infection removed.


Then it is still highly recommended you to use some antivirus tool and system maintenance tool to remove any other malicious codes and junk files.


Please note, this manual removal method may be not easy for less computer-savvy users. Thus, we would always recommend you to use below automatic removal to get rid of this dangerous virus.


Option 2. Automatically Remove Virus from computer


Step 1. Restart your computer into safe mode with networking.

During the restart, repeatedly press F8 key till this brings up the Advanced Windows Options Menu as shown in below. Use arrow key to select Safe Mode with Networking and hit Enter. (If you have any trouble to do this, view more detailed instructions in this article: How to boot Windows to safe mode)




Step 2. Use your trusted antivirus or antimalware to perform a full scan


Here we use Anvi Smart Defender antimalware for demonstration purpose. Anyway, if your installed antivirus or antimalware could not guard you against this virus infection, you may install other antimalware like this Anvi Smart Defender for another try.


1. Download and install Anvi Smart Defender

Free version download:

Get Pro version:

(Pro version can provide more protection to help the computer immune to future threats.)
2. Switch to the second tab-the scan tab and click on Full Scan button.

3. Remove the malicious results scanned by Anvi Smart Defender antimalware.

delta search asd scanned result



 Step 3. Delete key browser data from your web browser


It is always a good idea to clean browser data, browser history and tracking cookies in particular, after infected with some web browser related virus, regarding privacy security online. In this regard, some tools like Cloud System Booster can efficiently do this job:
1. Download and install.

Cloud System Booster download:


2. Start the program and click Disk Cleaner button on the main screen and then on the left navigator, locate the web browser like Internet Explorer or Google Chrome that you use, and then select item of removing cookies. It is recommended to select all web browsers that you have on your PC.

clean cookies in cloud system booster


2. Click Home button to back on home page and click Quick Care button and the system maintenance begins.


Cloud System Booster 3.1-toolbar manage

Cloud System Booster 3.1 system cleaning



Recommended for a slow PC→

-Anvi Ultimate Defrag

If you want deep optimization, it is a good idea to defrag your hard disk using Anvi Ultimate Defrag:

This is a trial version of Anvi Ultimate Defrag download:

Step 4. Block and many other malicous webpages using Anvi Ad Blocker


To block malicious/phishing/compromised websites and annoying pop up ads, you also choose Anvi Ad Blocker apart from turn on security features of your web browser. With Anvi Ad Blocker, you can block this by adding the URL to its blacklist.


ad blocker


Anvi AD Blocker download:

Please note this is a trial version of Anvi Ad Blocker for 15 days free use. If you want it for longer time, you can conveniently buy it here.

>> See more on Safer Surfing online with Anvi Ad Blocker


To block the using Anvi AD Blocker, you can follow below instructions on the image:

block unwanted websites using Anvi Ad Blocker

>> See more on Safer Surfing online with Anvi Ad Blocker


Step 6. Restart your computer to check.



If any question, leave it below.