FBI - Your Computer has been locked! Virus

Find the which file running for the this malware and delete the file manually form the computer and restart the computer.  It's mostly store in "system drive\user" (C:\user) or system drive\windows (C:\windows) folder.

In 'normal' mode, rather than Safe mode, run RogueKiller, let it do its prescan, then click its Scan button in the upper-right corner of RK's dialog box... after it's killed off the rogue processes, minimize it (do not exit out of it) and run a full scan with Malwarebytes. When that's done and you've removed the malware MBAM marked, tell it you'll restart later, then go back in RogueKiller and let it remove anything it found unless you know for sure it's NOT malware. THEN reboot and see if your problem is gone.

First of all, it is always better to run Malwarebytes in the "normal" Windows mode whenever possible.  If you scan in Safe Mode, there are far too many things like malicious processes that could be dormant and missed during an antivirus/malware scan.

Take a few minutes to read this excellent Experts Exchange article written by Younghv, one of the EE community's very best malware removal specialists.  It essentially involves scanning with RogueKiller, followed immediately by a Malwarebytes scan... all within the "normal" Windows mode.  If you follow his recommendations, you will probably be able to eliminate the "scare-ware" and return that machine back to normal...

Stop the Bleeding: First Aid for Malware

Sorry about that, Darr.  I would normally double-check and refresh the page first, but since there weren't any comments within the previous two hours I figured that I could take my time!

you can not run anything in normal mode. This is cause the malware that i sent a picture of before blocks you from doing anything else. Can not do Ctrl Alt Delete nothing.

There for i can not run the programs you speak of only in safe mode. But after i reboot to regular mode i have same problem.

i just have repaired a pc with this virus
the only thing you need to do is download the windows offline defender
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline/

follow the guide to make the cd - boot form it, and when it starts running; stop it, and select FULL scan - let it run
it takes more than an hour, and the reboot takes also long - but everything was fine then !

I had a similar problem with a computer at a family member's house and all I did to remove it was boot using F8 and chose Last Known Good Configuration.  After the next reboot, the demands were gone and full access was restored.  Very lucky fix, but it might just work depending on how much you have / have not done to your computer already.

I'm thinking just booting to Safe mode and dropping RogueKiller.exe in the
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
folder, then rebooting to normal should make RK run at startup.

------------ edit
nope - that won't work... you can copy it there, but it doesn't run, even using a shortcut set to Run as administrator.

From Safe mode, click the 'start' orb, type in msconfig, right-click the one that appears at the top and choose Run as administrator.

Click the Selective start option, then go to the Services tab.
Check the box next to Hide Microsoft Services, then click Disable All.
On the Startup tab, see if you can find it there. I have no idea what it's called. But it's probably something you don't recognize. If it's not fairly obvious what it is, uncheck it.

OK out, agree to a reboot if it asks, if it doesn't, reboot anyway, and see if you can run RogueKiller and MBAM from normal mode.

Looks like good stuff, younghv. Fortunately I haven't seen this one in person. Yet.  :-)

If I ever meet Grinler, I'm going to slip him a few bucks. A customer had this last week and his instructions worked to the letter.

We had another EE member with this last week and I'll post the link if I can find it.

as i said windows offline defender solved it for me - without any troubles, and it's a good cd to have around

Thanks Nobus for your comment and suggestion i gave it a try and all and yeah seems like it be a nice cd to have around however when it trys to download the update it fails and i can see it going and downloading then installing then downloading then installing then it fails :(

And it wont let me run it into it updates it self :(

But that did sure seem like a good idiea its just not working for me :(

Thekiddotus,

If that good suggestion from Nobus didn't quite work, I would strongly recommend following the advice that Younghv posted (http:#a38291577).  While people like Nobus and Darr247 are some of the very best contributors to the Experts Exchange community, you will find that Younghv and Rpggamergirl are easily the most successful EE professionals when it comes to malware removal.  On top of that, I can also vouch for the quality of the tutorials that Grinler provides on the BleepingComputer web page.  He guidance has saved many of us on countless occasions!

>>> when it trys to download the update it fails   <<  did you download the cd on a good working PC?  that's what i would do - then run it on the infected one

@Thekiddotus -
Please consider the fact that Microsoft "Answers" forum recommends using the same instructions I posted for you in my earlier comment: http:#a38291577

Resolving this infection is not as simple as using a "Boot CD" (any Boot CD) - regardless of what some people want to claim.

Windows Defender Offline is a great tool to have in your collection, but it is not the answer in this situation.

"you will find that Younghv and Rpggamergirl are easily the most successful EE professionals when it comes to malware removal"

Couldn't agree more.  I wouldn't personally listen to anyone else's advice.  I have younghv on speeddial if ever I need him to help tackle a virus infection.

First off, I'm sorry alanhardisty.  I thought I read through it, but I must have skimmed over the fact I was repeating with sushil84 stated.  Thekiddotus, did you find any strange files in your startup of msconfig?  If so, have you removed them manually?  I do not see any response to sushil84's comment.

One thing I don't see posted above is the suggestion to run TDSSKiller.  This will find a lot of rootkits that commonly come with these types of infections.  You can run that in safe mode, the main thing to look for is an MBR infection.  I'm not sure if RogueKiller, which Darr247 recommended.

@pc_solutions50501 -

There is absolutely no reason to manually configure anything to repair this infection.

Please read the link to the article by "Grinler" that I posted above. He is probably the best writer in malware fighting business and is a many time recipient of the MS MVP award for consumer security.

When the asker posts a question about a specific malware variant, we should only post targeted advice that addresses the known problem. Generic advice has no place in a question like this.

younghv - i wonder why you said "Windows Defender Offline is a great tool to have in your collection, but it is not the answer in this situation. "

i can assure you it cleaned it easily for me

nobus - and I can assure you that it did NOT clean it for the various computer repair shops that have contracted me to do the repairs - for this variant.

Before I accept a contract, I make sure that "Windows Defender Offline" is one of the tools they have tried, since I don't want to waste my time (or their money) on basic repairs.

Without putting too fine a point on it, anyone who thinks they know more about malware repair than Lawrence Abrams (Grinler), does not have both feet planted in reality.

ok - i accept your word for it - but it seems strange it helped me
maybe another variant ?
anyway - tx for the feedback

This seem to get rid of it coming on normal mode

Thanks Younghv That did seem to fix the problem it sure was big file and take for EVER but yeah seems to work now i boot normal mode and no more FBI Thanks

Nicely done, Younghv!  Whenever a problematic malware situation appears, I don't know what the EE community would do without you and Rpggamergirl!  Thanks (again) for the great advice.

Thekiddotus - Really glad you were able to solve this.

@Run5k - thank you. I often feel like the driver of the vehicle these anti-malware geniuses put together. All I have to do is tromp on the gas and steer (and have some fun).