[KB3140] My computer has been infected with "FBI" malware—what should I do?


  • This is a fake message and is not from the FBI

  • A notification that appears to be from the FBI, the Department of Justice or another government agency locks your screen and asks you to pay a fine

Figure 1-1
Click the image to view larger in new window

  • This and other rogue malware is known as "FBI Moneypak," "FBI ransomware", "Lockscreen", "Antivirus Security pro" or "ICE" (Internet Cyber Crime Center) and ESET detects this threat as Win32/Reveton as well as several variants of Win32/Lockscreen


Are you a Mac user? Click here for step-by-step instructions.

If you are experiencing symptoms like those described above on a computer with ESET installed, make sure that your license is not expired and that you have a working internet connection. If so, it is likely that ESET will be able to remove the infection after updating to the latest detection engine.

New variants of this malware are released nearly every day, and can be cleaned once they are identified by the ESET virus lab. Though your computer appears locked, ESET is still updating itself in the background. Once your ESET software receives the update specific to the malware on your computer, cleaning will be carried out and your computer will return to normal operation.

To prompt the ESET startup scan, which can detect this infection and initiate cleaning, restart your computer. Wait 10 minutes and then repeat this procedure. If this is not successful, we recommend that you leave your computer running with a working Internet connection to allow ESET to receive additional updates.

You can contact ESET technical support for further support at any time if you have questions or to open a case.

Visit our ESET blog post to learn how you can avoid this malware in the future.