Cyber criminals are constantly improving and refining their virus code; recent versions of this Trojan block Windows Safe Mode functions described in our previous post.
In the article that follows we will show how to remove the FBI ransomware with the help of SurfRight HitmanPro. This instruction addresses the instances of Safe Mode being inaccessible on the infested computer.
This method will require a USB flash drive of 32MB (or more). Please make sure the USB drive contains none of your important data because it will ultimately all be erased in the process. You are supposed to make a bootable USB drive with the HitmanPro.Kickstart program. Then your infected computer will be re-booted from this bootable USB drive which will be used to delete the virus.
Step 1. Download HitmanPro and save it to a non-infected computer. Be sure to download the version that has the same bit-type of the Windows version you are going to use for creating the Kickstart USB drive.
Support: Windows XP, Vista, 2003, 2008, Windows 7, Windows 8.
Step 2. After downloading the HitmanPro software, insert the USB key that you plan to use for the installation of HitmanPro.Kickstart. Once the USB drive is plugged into your computer, double-click the file HitmanPro.exe (in case you are running a 32-bit version of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). On the screen that appears, click on the icon resembling a kicking person as shown by the red arrow below.
Step 3. The new window that will open is intended to walk you through the procedure of creating the Kickstart USB drive.
Choose the USB drive you would like to use and click on the Install Kickstart button. As mentioned above, this will completely delete all of the data stored on the selected USB drive.
Step 4. Having ascertained that there are no important files on the memory stick, click Yes button on the corresponding alert. This being done, the program will start downloading and installing the needed files onto the USB Drive. When this process is completed, click the Close button.
Step 5. Remove the Kickstart USB drive and plug it into the infected machine.
Step 6. Once it is plugged in, switch off the infected computer and then turn it back on. Within literally the first seconds since the power is on, you will need to change the primary computer boot drive. In order to do this, you need to either enter BIOS Setup or access the Boot Menu of your computer. On different computer models, the ways to do this may vary. So look for the prompt on the start-up screen regarding the right key to press on your keyboard. Typically, for accessing BIOS Setup those are Del or F2 keys; whereas for entering the Boot Menu – F10, F11, F12, or Esc keys. Below is an example of the hint regarding the specific keys to hit.
As soon as you figure out the proper key to access the Boot Menu, restart your computer and immediately begin pressing that key. When the Boot Menu appears, follow the navigation prompts in order to select the device you would like to boot your PC from. On the list, choose the USB drive that you installed HitmanPro.Kickstart onto.
Step 7. Your machine should now boot from the USB drive and launch the HitmanPro.Kickstart software automatically. As it loads you will see a screen asking you to choose the USB boot options.
Please press 1 (Bypass Master Boot Record) on your keyboard and you will see that Windows begins to load as usual.
Step 8. When Windows launches, log into the system as you normally do. This will be followed by the FBI MoneyPak virus blocking your screen again, but don’t worry – about 15-20 seconds later, the HitmanPro window will appear on top of the blocked screen.
Please click Next to initiate the virus removal process.
Step 9. You should now see the HitmanPro setup screen allowing you to define preferable installation options. It’s recommended to stick to the default setup preferences as shown on the screenshot below.
Now click Next.
Step 10. HitmanPro will start to scan your system for malware. When done, it will provide a list of all the infections that the program spotted.
Please click on the Next button to have HitmanPro eliminate the detected threats. When the cleanup is completed, you will see a Removal Results screen providing details on the exterminated infections. Now click on the Next button and then on the next screen choose to reboot. HitmanPro will reboot your computer and Windows should launch normally without the FBI virus blocking it.
Step 11. Now that you have performed the steps above, the Reveton Trojan should be gone from your PC. In case your security software turned out incapable of preventing this contamination, in order to avoid further infestation with ransomware or other threats consider registering SurfRight HitmanPro licensed version.
Compared to the majority of malicious software in the wild, the ransomware wrongfully posing as the FBI initiative is way higher on the conventional scale of aggressiveness and risk to the affected computers. Not only does this virus explicitly indulge in extortion activity after locking access to the operating system – it is as well known to be capable of collecting user’s sensitive data. This is precisely why it’s critical to exterminate every single component of the infection for good. Hopefully the international cybersecurity cooperation will soon bring the propagation of this scareware to a steady decline. For now, be sure to keep your security software up to date, and in the event of infestation use the recommendations provided in this article to resolve the issue.