What is fine@fbi.gov and how it can be deleted?

fine@fbi.gov is email that you may receive. If you see in your system fine@fbi.gov it means that you have caught FBI virus into your system. We have already written about FBI virus. What should you know about the virus? When FBI penetrates inside your system it automatically blocks it and provides you with one message on the screen. The message says that you have to pay if you want to unblock your machine. And the reason is that you have been noticed visiting some adults sites or sites and links with illegal content.

FBI

FBI

Do not pay your money for this malicious fraud! You need to eliminate it manually and we can help you with that.

Removal milestones:

1. Launch your PC in the safe mode with command prompt.
2. Do the next commands:

  • reg delete hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f
  • reg delete hklm\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f


3. Run the registry editor regedit.exe
4. In the registry editor:

  • remove the parameter NoDesktop from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

  • remove the parameter DisableTaskMgr from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

  • Set the parameter 0 for HideIcons in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

  • Set explorer.exe for Shell in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  • remove the parameter Shell from HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  • find the parameter with the random name in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and copy its name to the clipboard - and search in HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components


  • If the parameter is found remove the full entry

  • remove the file, indicated in the parameter with the random name. To do this, enter the following combination del /f /q “parameter value” in the command line.

  • remove the parameter with the random name in the registry entries
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run



5. Now restart your PC. Enter the following combination shutdown -r -t 0 in the command line.

We recommend you to scan your system with GridinSoft Trojan Killer after the virus is deleted and check whether your system is clean o not.

FREE remover

Tested removal solution for 64/32-bit Windows 7/Vista/XP/2000 Kaspersky Lab Trusted Files help keep you safe from...

2012
09/14
CATEGORY
Ransomware
TAGS


Write comment

  1. No comments yet.

  1. No trackbacks yet.

deletemalware.net Webutation
Google