Cyber criminals are constantly improving and refining their virus code; recent versions of this Trojan block Windows Safe Mode functions described in our previous post.
In the article that follows we will show how to remove the FBI ransomware with the help of SurfRight HitmanPro. This instruction addresses the instances of Safe Mode being inaccessible on the infested computer.
Automatic Virus Deletion
This method will require a USB flash drive of 32MB (or more). Please make sure the USB drive contains none of your important data because it will ultimately all be erased in the process. You are supposed to make a bootable USB drive with the HitmanPro.Kickstart program. Then your infected computer will be re-booted from this bootable USB drive which will be used to delete the virus.
- Download free or paid version of CCleaner by Piriform and save it to your Desktop. Install and run the software.
- Click on the Cleaner button in the left-hand navigation menu, select Windows and Applications tabs in turn, and click Analyze option for each. Once the analysis has been completed, click Run Cleaner .
- Now go to Tools in the navigation menu and select the Startup option. Search the entries under all available tabs (Windows – Context Menu) for dubious items that might be related to Qone8 adware (Wsys Control, DProtect, Omiga-Plus, etc.) and choose Disable and Delete for each one.
- You can also use the Uninstall functionality under Tools to completely get rid of browser add-ons / toolbars that cannot be deleted manually.
- Uninstall malicious extension(s) from Control Panel:
- Download HitmanPro software to a computer that is not affected by the virus and save it to your Desktop. Before performing the download, be sure to select the version according to the bit-type of your Windows operating system (32- or 64-bit).
- After downloading the HitmanPro software, insert the USB key that you plan to use for the installation of HitmanPro.Kickstart. Once the USB drive is plugged into your computer, double-click the file HitmanPro.exe (in case you are running a 32-bit version of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). On the screen that appears, click on the icon resembling a kicking person as shown by the red arrow below.
- The new window that will open is intended to walk you through the procedure of creating the Kickstart USB drive.
Choose the USB drive you would like to use and click on the Install Kickstart button. As mentioned above, this will completely delete all of the data stored on the selected USB drive.
- Having ascertained that there are no important files on the memory stick, click Yes button on the corresponding alert. This being done, the program will start downloading and installing the needed files onto the USB Drive. When this process is completed, click the Close button.
- Remove the Kickstart USB drive and plug it into the infected machine.
- When it is inserted, turn off the infested PC and switch it back on. As the computer is beginning launch, take a good look at the boot screen to find the key that should be pressed for accessing the Boot Menu or BIOS Setup. Please note that these keys may be different on different computer models. For entering the Boot Menu, those are mainly F10, F11, F12 or Esc buttons. The ones for BIOS Setup are usually Del or F2.
Having determined the appropriate key for Boot Menu access, reboot and start hitting that key repeatedly as the PC is beginning to load. When in the Boot Menu, use its prompts to select the drive you want to boot your computer from, i.e. USB drive.
- Once it is plugged in, switch off the infected computer and then turn it back on. Within literally the first seconds since the power is on, you will need to change the primary computer boot drive. In order to do this, you need to either enter BIOS Setup or access the Boot Menu of your computer. On different computer models, the ways to do this may vary. So look for the prompt on the start-up screen regarding the right key to press on your keyboard. Typically, for accessing BIOS Setup those are Del or F2 keys; whereas for entering the Boot Menu – F10, F11, F12, or Esc keys. Below is an example of the hint regarding the specific keys to hit.
As soon as you figure out the proper key to access the Boot Menu, restart your computer and immediately begin pressing that key. When the Boot Menu appears, follow the navigation prompts in order to select the device you would like to boot your PC from. On the list, choose the USB drive that you installed HitmanPro.Kickstart onto.
- our machine should now boot from the USB drive and launch the HitmanPro.Kickstart software automatically. As it loads you will see a screen asking you to choose the USB boot options.
Please press 1 (Bypass Master Boot Record) on your keyboard and you will see that Windows begins to load as usual.
- When Windows launches, log into the system as you normally do. This will be followed by the FBI MoneyPak virus blocking your screen again, but don’t worry – about 15-20 seconds later, the HitmanPro window will appear on top of the blocked screen.
Please click Next to initiate the virus removal process.
- You should now see the HitmanPro setup screen allowing you to define preferable installation options. It’s recommended to stick to the default setup preferences as shown on the screenshot below.
Now click Next.
- HitmanPro will start to scan your system for malware. When done, it will provide a list of all the infections that the program spotted.
Please click on the Next button to have HitmanPro eliminate the detected threats. When the cleanup is completed, you will see a Removal Results screen providing details on the exterminated infections. Now click on the Next button and then on the next screen choose to reboot. HitmanPro will reboot your computer and Windows should launch normally without the FBI virus blocking it.
- Now that you have performed the steps above, the Reveton Trojan should be gone from your PC. In case your security software turned out incapable of preventing this contamination, in order to avoid further infestation with ransomware or other threats consider registering SurfRight HitmanPro licensed version.
Compared to the majority of malicious software in the wild, the ransomware wrongfully posing as the FBI initiative is way higher on the conventional scale of aggressiveness and risk to the affected computers. Not only does this virus explicitly indulge in extortion activity after locking access to the operating system – it is as well known to be capable of collecting user’s sensitive data. This is precisely why it’s critical to exterminate every single component of the infection for good. Hopefully the international cybersecurity cooperation will soon bring the propagation of this scareware to a steady decline. For now, be sure to keep your security software up to date, and in the event of infestation use the recommendations provided in this article to resolve the issue.