Posted by: Lightspeeds PC Repair
Yes, Windows Defender will removal the FBI or Department Of Justice virus lock-down on your computer. With or without Safe Mode use. Windows Defender that is a standard program by Microsoft on it’s operating system is basically a useless program I usually have disabled. BUT it’s offline / boot cd version does a great job removing the “FBI” or Department Of Justice” virus. There are a few other boot cd’s that will remove it also, Windows Defender Offline’s the ease of use, and setup is one of the easiest ones I have come across.
Not only removes the FBI or Department of Justice Moneypak ransomware, but all ransomware type malware, virus infections.
“Windows Defender Offline” has a boot cd version AND a USB thumb drive boot up version. Install setup file for 32 bit or 64 bit operating system. “Windows Defender Offline” is a boot cd. Start your computer and boot from this CD (or usb thumb drive). This Windows Defender Offline boot cd or thumb drive, scans your computer before the operating system loads, and removes any infections including this FBI lockdown virus. Note: Boot order in bio’s might need to be change to boot from the Windows Defender Offline boot CD or a USB device. Not all computers can boot from a usb thumb drive, especially some older computers. So the boot cd version is what you need to setup, and run.
From another computer, friends computer…..
Download: Windows Defender Offline
Download the correct version for your operating system, being 32 bit or 64 bit. 64 but will not run on a 32 bit operating syste, and visa versa.
Save the file, note location… (probably being Downloads folder)
Use the computer that you just downloaded Windows Defender Offline, because you DO need an pc with internet connection at this point to setup either your Windows Defender Offline boot cd or on a boot thumb drive. During setup it downloads the latest virus malware defintions, and installs to your boot cd or boot thumb drive.
The Windows Defender Offline install file you just downloaded, saved to your pc will do all the setup work and everything for you. You just need a blank cd, or a thumb drive that has nothing on it because it will be formatted, erased during Windows Defender Offline install/setup.
This guide is for using the Boot CD version of Windows Defender Offline.
Put a blank cd in your cd drive, and run the “mssstool64.exe” (or the 32 bit file)
You’ll see a screen similar to below, choose “On a blank cd…”
Below is what you should see next. Setup is downloading the latest virus malware defintions, sync the files into the install, burn the burn cd, and validate the install went ok.
When the install – burn completes, you should see this below……….. CD, if you just completed installed the boot cd version.
Take the Windows Defender Offline boot cd or thumb drive version back to the infected computer, and boot off this CD. Insert the boot cd you created (or boot thumb drive). Follow the prompts and let it run, scan and removed the infections. When scan completes, it will show you a report. Remove the cd or thumb drive and reboot the computer. FBI virus should be gone at this point and you’ll have access to your desktop once again.
Windows Defender Offline – FAQ’s link near top of page explains how to change your boot order to boot from cd or thumb drive. Remember not all pc’s can boot from a thumb drive or external usb device, most older computers cannot.
IMPORTANT: now that you functionality to your computer again, update your security tools virus, malware spyware scanners and contiune to follow up with additional scans to see if anything remains.
Since the FBI virus has infected your computer, chances are there is more pieces of malware etc, still on your computer, so get rid of them.
Follow Up Scans With:
Ccleaner – a disk cleaner, tracks eraser etc.
Malwarebytes Anti Malware – Best of the best right here.
Spybot – Search & Destroy – Oh yes, still an old favorite of mine.
Eset Nod32 On Line Scan
There are many variants to this “FBI Virus” infecting computers, some disable safe mode, some do not. When the virus has not locked out safe mode, some variants I have found in either the startup menu/startup folder, or msconfig startups, or users/profile name/AppData folders. This type virus changes constantly. I receive many pc’s here for this “FBI virus” repair, and each FBI infection has been different in a few ways. But Windows Defender Offline the last 2 months or so has cleaned every pc out of this particular virus. I use re-writable cd’s (erasable) so I can download, re-burn, and update the disk. On newer pc’s, I use the boot usb thumb drive version of Windows Defender Offline.
Skype users, the last 5 computers with the “FBI Virus” and removed, 4 trojans were detected from within the Skype program files. All 5 computers had Skype on there computer starting up WITH there computer. This type virus/malware usually drops something into a startup location. User/Appdata folders is where it has usually been detected, or manually removed. Virus changes so fast. Now finding within Skype. Being that most users have Skype starting with system…..
iDrive – FREE 5GB On Line Storage / Off Site Automatic Backup Account!
How to Use Windows Defender Offline – in greater detail.
HitmanPro with KickStart – bootable usb flash drive scan for FBI virus removal.
How to run HitManPro KickStart
Kaspersky WindowsUnlocker to fight ransom malware