FANDOM


Description: Edit

The "FBI Virus" is a ransomware that locks down a user's profile. There are different ways to remove it, but try these steps.

To Resolve: Edit

1. Try and get on another user account if you are locked out of yours. Try the local administrator account if you have one.

2. If that doesn't work, try your account in safe mode.

3. Once inside of a user profile, Run - %userprofile%\appdata\local\temp - remove rool0_pk.exe - remove V.class - the virus can have names other than "rool0_pk.exe" but it should look like it doesn't belong and should have a create date/time the same as a .class file... if you sort by file mod/create time you'll find it.

4. Run - %appdata%\microsoft\windows\start menu\programs\startup - remove ctfmon (ctfmon.lnk) this is what's calling the virus on startup - also check HKLM\Software\Microsoft\Windows\CurrentVersion\Run and make sure there's nothing obvious there.

5. If those still haven't removed it, start running all the virus scans you have inside another profile.

6. Re-image your computer if infection still persists.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.