Someone’s in trouble!

I’ve not seen this one before.


  • Sam

    seems to be scareware , i often saw that one on german computers but not with fbi logo .. they use the local police variant, usually they offer some links where you instantly can pay the fee to unlock your computer ..seems it swapped to the states now ;-)

  • Craig ‘Infurnus’ Andrews

    lol “Saharing music”, with all the funding the FBI have and they can’t even use a spell check :P

  • Robbie Done

    I have seen the Polish and UK version of this scareware, is a right pain in the butt!

  • Corsack

    This clearly is scareware. The message itself – “you gonna go to prison for up to 3 years and we’ll confiscate your PC” but you can avoid it all by paying $100… no need to say more

  • Adam Wade Ackerman

    So far the only real resolve i have found is a wipe and reload. cleaning stops the hijacking, but you still end up realy odd stuff happening. there is a couple of threads on spiceworks about it.

    • Gawmonster

      If you’ve still got really odd stuff happening, then you’re not cleaning it. It’s not a difficult one to clean.

  • Keegan

    yeah scam ware, work at staples and I see at least one of these a week come in. Started about a month ago.

  • Matt Martinez

    I just removed this from a user’s computer an hour ago. It’s not very effective, just boot into Safe Mode and run MalwareBytes (or any similar scan) and it gets everything.

    • Matt Martinez

      Make sure to disable any instances of it starting either with MSCONFIG or REGEDIT first in Safe Mode, and then reboot again into Safe Mode and scan.

      • Twitch

        I removed it Regedit, nasty piece of Ransomware that..

  • DaZZa

    It’s malware – trying to scam the stupid. If you fall for it, you deserve to be ripped off. if you’re too stupid to JFGI and find the answer on removing it, you deserve worse.

    • dweber77

      I bet a lot of the stupid where I work fell for it and have gladly forked over money.

  • En_annan_Martin

    smitfraudfix can actually fix a lot of things not smitfraud. Some ten to twelve years ago my id10t brother ran some program on our parents computer a friend of his sent over icq. Girls.exe, I think it was.
    Anyway, that file itself was a netbus client, setting itself to autorun at startup. My brothers asshole friend wanted to play a one time prank on my brother. But it wasn’t alone…
    Later, when I sat down to play my games and surf a little, I noticed the computer behaving strangely. A shitload of new icons in the taskbar, the antivirus and firewall disabled and everything running slow as a sloth in mud.
    I ask my brother what he had done while on the computer, scince it wasn’t like that when I left it a few hours earlier. He hadn’t done aaanything, and I shouldn’t blame him when I broke stuff. … Well, there was this program Peter sent me, but it didn’t do anything., A few strange things happened for a while, but it stopped, so it couldn’t have been that…
    Time to kill unknown processes and deleting everything ever sent by Peter. Scan with ad-aware and spybot found hundreds of hits, where earlier the same day there were none.
    Reboot. Ok, now I was able to enable the firewall and antivirus.Scan again and set antivirus to do a boot time scan, which gave a handful of infected files, but still there was one thing I couldn’t get rid of, so after trying to find answers on various forums I realized there was only one fix, formatting and reinstalling everything.
    Well, scince I was going to reinstall everything I might as well run all quick fixes I could find, scince hey, I’m reinstalling this sucker in a few hours, when I have burned all the family photos and some other stuff to cds.
    The first thing I tried was smitfraudfix, and I don’t know why, and I don’t care how, but the bastard (not smitfraud, btw) was gone.
    A few extra scans to be sure, back up everything important and reinstall to get eveything fixed.

    tl;dr: brother infects pc with everything. Unidentified, unfixable pos fixed by very specific fix.

  • Guest

    That is Reverton ransom. Doesn’t work without an internet connection, so you can easily remove it by just starting up normal disconnected to the web.