What to do If “FBI” virus turns on the camera, and takes your picture?

The FBI Virus is another form of sneaky malware which use the name of FBI scam targeted computer user into believing that they are fined by the official FBI organization.

Using your webcam…

Using your webcam, the FBI Virus Black Screen will show a video of the view from your camera along with its threatening message, making it seem as if the FBI is actually monitoring your activities through your computer’s webcam. Instead of falling for the threat, remove the virus completely from your computer. It then states that due to this illegal content your computer has been locked until you pay a fine of $100 or more in the form of a MoneyPak voucher payment, failure to pay which you could face legal action from the FBI.

If you have a webcam and your picture has been taken….

If you do not have a webcam connected to your video screen, the webcam screen on the page will appear blank yet will state that you are being recorded. Be aware the FBI virus is capable of recording you through your webcam. If possible, unplug your webcam from your computer.


The FBI virus might have had the opportunity to take a snapshot of you using your webcam, but if your computer is blocked – it is FAKE and only used to scare you.

Keep this in mind…

Do not panic.

Do not pay any ransom money.

Get the virus removed. There are steps to remove such malwares. The virus removal procedure may change depending upon the type and impact of virus on your computer system.

Removing the FBI virus:

  1. Restart your computer, press F8 while restarting. This may help you enter the safe mode.

  2. You will see some options for the model of Windows. Please choose the Safe Mode.

  3. Launch MSConfig

  4. Disable startup items rundll32 turning on any application from Application Data

  5. Reboot your computer.

If you cannot use Safe Mode, try rebooting into safe mode with command prompt by following the below steps:

  1. Reboot into safe mode with command prompt.

  2. Run regedit. Search for Winlogon.

  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else in one of the user folders, replace it with explorer.exe.

  4. Save changes, reboot to Safe Mode with Networking.

  5. Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally. Press Ctrl+Alt+Del keys to open the Task manager to stop the processes of the FBI virus. This step requires faster operation as the virus name changes constantly.

You need to delete the files and registry entries of FBI virus:

C:\Documents and Settings\Start Menu\Programs\Startup\ ctfmon.lnk C:\Documents and Settings\Start Menu\Programs\Startup.lnk C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ .lnk C:\Users\AppData.exe C:\Documents and Settings\Local Settings\Temp.exe C:\Users\AppData\Roaming.exe C:\Program Data\lsass.exe C:\Program Data.exe

Delete the FBI virus register entries created in the computer system:

HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1? HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Before you edit and delete the Windows registry entries, remember to back up the Windows registry. 

For more information on FBI Virus Removal Please visit : isupport365