‘FBI Your PC is Blocked’ Ransomware

ScreenshotAlthough Winlockers, such as the many variants of the so-called Ukash Virus, have been very common in the European Union, ESG security researchers have received reports of a similar Winlocker making the rounds in the United States. The 'FBI Your PC is blocked' Ransomware displays a fake message from the FBI. The header of the messages reads:

The FBI
Federal Bureau of Investigation
ATTENTION!
Your PC is blocked due to at least one of the reasons specified below…


The 'FBI Your PC is blocked' Ransomware message goes on to say the infected computer system was involved in distributing illegally copied copyrighted content. Like most fake police notifications, the 'FBI Your PC is blocked' Ransomware will then prevent the PC user from obtaining access to the infected computer unless the victim pays a $100 USD fine through MoneyPak, a legitimate money transfer service.

The 'FBI Your PC is blocked' Ransomware message contains the FBI's official shield and threatening language. It is very similar to dozens of other Winlockers that also imitate law enforcement agencies. However, unlike the many variants of the Ukash Virus, the 'FBI Your PC is blocked' Ransomware does not have the ability to change depending on the victim's IP. Computer users in many different countries will receive the same basic 'FBI Your PC is blocked' Ransomware message. Of course, it is entirely unreasonable to think that an institution like the FBI would threaten its citizens by extorting their money and forcing them to pay through a retail money transfer service. This does not mean that this scam is not effective against inexperienced computer users, however.

Dealing with the 'FBI Your PC is blocked' Ransomware Infection


Like with most Winlocker infections, ESG security researchers advise bypassing the 'FBI Your PC is blocked' Ransomware message and then using a reliable anti-malware application to remove this threat from the infected computer. Some ways to prevent the 'FBI Your PC is blocked' Ransomware message from locking your access to the infected computer include starting up Windows in Safe Mode, starting up Windows from an external memory drive or booting from a network-shared drive. The 'FBI Your PC is blocked' Ransomware infection is not particularly difficult to remove, and most security programs will handle 'FBI Your PC is blocked' Ransomware with ease. The main difficulty, in the first place, lies in reaching those programs, since the 'FBI Your PC is blocked' Ransomware infection disables access to the Windows Task Manager, Desktop, System Restore and other Windows components that may enable you to gain control to your security application.

Infected with ‘FBI Your PC is Blocked’ Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect ‘FBI Your PC is Blocked’ Ransomware

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

‘FBI Your PC is Blocked’ Ransomware creates the following file(s):
# File Name
1 %Documents and Settings%\All Users\Application Data\[random]\[random].exe
2 %Documents and Settings%\All Users\Application Data\[random]\[random].mof

Registry Details

‘FBI Your PC is Blocked’ Ransomware creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

One Comment

  • Stephen Sullwold says:

    I got a shock two days ago when I got a message supposedly from the FBI stating that I had child pornography and rape depictions on my computer. It wanted me to send money as a way to avoid possible conviction and jail. Seeing your site makes me think it is a scam, but I am worried. The internet is full of dubious sex matter that will appear with other adult content, and this particular threat is particularly frightening. What confidential recourse do I have to this kind of threat? Has the FBI been notified of this? If so, what are they doing about it? I was able to shut down my computer and eventually restart it and gain access to the net, so it couldn’t have been all that good a blocking program. Should I see a lawyer?

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 6 + 15 ?