Pinterest Stumbleupon Whatsapp
Ads by Google

One of the most intimidating malware threats, FBI Ransomware, has hit Android – pretending to be the FBI while leaving users who install seemingly innocuous apps feeling pressured into paying $300 to release their data.

Fortunately, the malware is straightforward to remove, and if your phone is correctly secured you shouldn’t even be able to install it.

A Reminder About Ransomware

Ransomware has been in the news repeatedly over the past few years. This is the insidious malware that will lock your data or device (smartphone or PC) and displays a screen-wide message that demands money from you to release it, which it does by sending you an unlock code.

If you’re lucky.

muo-android-fbiransomware-ransomware

Two particularly well-known examples of ransomware are CryptoLocker CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More (which encrypts your data but has since been defeated CryptoLocker Is Dead: Here's How You Can Get Your Files Back! CryptoLocker Is Dead: Here's How You Can Get Your Files Back! Read More ) and those that accuse you of viewing child pornography, locking your system and forcing you to pay an on the spot €100 fine to restore control. There are several variants of this, among them “Anti Child Porn Spam Protection”.

Ads by Google

Ransomware is evil, intimidating, and illegal. It doesn’t care who you are, nor how much money you have in your wallet. Think of it like the school bully, or an organized gang demanding money or else they smash up your property.

Avoid Android Ransomware In The First Place

If you are indiscriminate or careless about the apps you install on your Android phone or tablet, you might just find that some ransomware has appeared.

muo-android-fbiransomware-unknown-sources

The protections put in place by Google in the Play Store mean that malware should be blocked (thanks to the Bouncer service). Even if something got through the approval process, the rating system and app report tool would see to it that it didn’t stay online.

It is from unknown sources that ransomware can end up on your Android device, whether from online downloads or from otherwise helpful third party app stores that provide an alternative to Google Play Google Play Alternatives For Downloading Android Apps Without Fuss Google Play Alternatives For Downloading Android Apps Without Fuss Many people think that the Google Play Store is the only option Android users have for downloading apps, but there are actually quite a few quality alternatives out there. Read More . We’ve covered the risks of this previously, but as long as you have Settings > Security > Device Administration > Unknown sources disabled, such malware cannot install. Keeping the Verify Apps option checked also helps as it checks every installed app automatically.

FBI Ransomware: It Has A Disguise

You won’t realise that you have installed the FBI Ransomware malware until it is too late; it isn’t listed as “FBI Ransomware” in any online app stores!

Instead it disguises itself as another app. This isn’t uncommon for Android malware, although in many cases there is an apparently functional app completing the illusion.

FBI Ransomware can easily be defeated by your refusal to install apps claiming to be Adobe Flash Player. We’ve previously covered how to install Flash Player, which was removed from the old Android Market when support for the media streaming service was dropped, and while the method we showed you remains safe How to Install Flash On Your Android Jelly Bean Tablet or Phone How to Install Flash On Your Android Jelly Bean Tablet or Phone For the past few years, Adobe Flash has proved quite controversial. Ever since Apple opted to block support for it on iOS – thereby forcing anyone who wanted to use the iPhone or iPad to... Read More , this isn’t something you should bother with now.

Things have moved on considerably since then. Flash Player is not needed as browsers are HTML5 ready, removing the need for a video plugin, and anyone installing a Flash Player app from a third party app store is potentially installing the FBI Ransomware malware.

So what can you do to deal with it?

Remove FBI Ransomware With Android Safe Mode

muo-android-fbiransomware-safemode

Found the FBI Ransomware message taunting you on your Android device? There is a solution, one that really needs to become widely known so that victims can delete the malware without resorting to paying for their data to be unlocked.

(Payment for this scam is via a GreenDot MoneyPak card, which must be purchased and pre-loaded with funds, and the code entered. The lack of access to MoneyPak cards internationally is reason enough to get the malware off your device should you have been hoodwinked into coughing up.)

On some older devices such as the Samsung Galaxy S2, FBI Ransomware doesn’t load quickly enough, meaning that you can disable it before it has loaded, as per this explanation.

Booting Android into Safe Mode differs from version to version and across devices. You might, for instance, hold the power button, then long-press Power Off to display the safe mode dialogue. Similarly, you might long-press Reboot to get the same result. You should be able to find the solution for your device with a quick web search.

With Safe Mode booted (you’ll spot the “Safe Mode” legend in the bottom left of your display) only system apps will be running. Any third party apps you have downloaded and installed are disabled, much as with booting into Safe Mode in Windows.

Removing FBI Ransomware from your Android device requires you to first remove administrative privilege from the app in its Flash Player guise. Open Security > Device Administrator and select Flash Player, then Deactivate.

You can then remove the ransomware by opening Settings > Apps, selecting Flash Player and tapping Uninstall.

Have You Been Infected?

It should be clear that removing FBI Ransomware from your Android device is straightforward and achievable. You won’t need an antivirus app to remove it (although you could install an Android antivirus app The 3 Best Antivirus Apps To Protect Your Android Security The 3 Best Antivirus Apps To Protect Your Android Security As we’ve reported frequently at MakeUseOf, Android is no longer safe from malware. The number of threats is on the rise. This shouldn’t be surprise to anyone. Smartphones and tablets can carry all sorts of... Read More , though you may not need it New Study Suggests Most Android Anti-Virus Apps Aren't Effective [Updates] New Study Suggests Most Android Anti-Virus Apps Aren't Effective [Updates] Read More ), and you’ll save yourself a cool $300 should you be unfortunate enough to end up with it on your device.

Additionally, you should be extremely careful when using third party app stores, and don’t leave Unknown Sources disabled. Once you’re done installing a trusted app that isn’t from Google Play, remember to re-enable that setting!

Have you been hit by ransomware on your Android device? Any malware screwed up your device? Let us know in the comments.

Image Credit: Ransomware via Shutterstock

  1. Dmitri DeLeon
    December 1, 2016 at 6:37 pm

    My phone is infected with some fbi ransomware thats tryin to milk me for 500 bucks, please help

    • Christian Cawley
      December 2, 2016 at 10:19 am

      Have you tried booting into safe mode? This is usually done by holding both volume buttons as your phone reboots, but may differ for your phone model.

  2. Dmitri DeLeon
    December 1, 2016 at 6:33 pm

    My phone is locked with some ransomware thats trying to milk me for 500 bucks, and accusing me of something i didnt do, please help.

  3. Alex Harris
    November 9, 2016 at 6:59 am

    My phone was infected with ransomware and it won't even shut off or move off the screen... Help me unlock it please????

  4. sylvia gillus
    October 29, 2016 at 2:39 pm

    I have an adroid tried to get FBI virus off I shut the phone off but.once back on I go.to.settings and.try to reset phone.to.factory data the FBI virus messeng comes up before I can reset it what do I.do?

  5. Arloo francisca
    October 27, 2016 at 4:17 am

    One of my sim slot have been blocked by FBI and I have kept my phone on safe mode how will I unblock SIM slot and be sure it is safe.

  6. Arloo francisca
    October 27, 2016 at 4:06 am

    One of my SIM slot have been blocked by FBI and I have kept my phone on safe mode how will I know it is safe and how will I unblock SIM slot

  7. William Lawson
    October 27, 2016 at 12:59 am

    Yeah when I was trying to find a collectable original XBOX for my cousin I clicked into a unknown website then the malware locked down my Samsung s4 but it was an easy fix remove the battery then put it back in.

  8. FNAF5467
    October 21, 2016 at 2:02 pm

    I have a android tablet that has a FBI malware I can't delete it or factory restart my tablet in time HELP!

    • William Lawson
      October 27, 2016 at 1:01 am

      What you should do is let the tablets battery die or if you can remove the battery and put it back in then restart the device it could take 2 or 3 times.

  9. Pamela M.Williams
    August 8, 2016 at 10:40 am

    I have FBI Ransomeware on Hisense Android tablet. All I can do is turn on, change brightness,rotation lock, airplane mode & adjust volume. It won't allow me into settings or wifi or bluetooth, or Location. It won't do anything when I push the Home, Return or Multi screen buttons. It is asking for $200 in Itune cards 2 payments or 4 payment only giving me 3 chances to pay and I have 66:01:10 sec left to pay or it will be transferred over to the court
    I've plugged it into my laptop and it is not even recognised...how can I remove this?

    • Kevin Schmidt
      August 26, 2016 at 7:37 pm

      Need to do a hard reset! On my tablet hold volume button down and hit and hold the power button till Android laying on back is on screen then use volume buttons to select the option then hit power to restart like you just bought it! I just had it happen yesterday..good luck! Google how to factory reset your tablet for detailed instructions

  10. bgulledge
    May 10, 2016 at 8:51 pm

    Bill's 11 April 2016 comment -- I have the same issue. Have FBI ransom ware but don't see adobe flash in Note 3 apps manager. Under Security - device administrators I see only three -- Lookout, Android Device Manager, and S Voice. No Adobe Flash listed. Can someone please tell me where to go from here? Will a restore factory reset kill this thing? Also, how do I get TouchWiz back - all I have now is TouchWiz Easy Home? Please reply to bgulledge@att.net

  11. Carrie
    May 8, 2016 at 8:41 am

    My boyfriend pushed the wrong button it and end up on a website he didn't want to be on now it says FBI you have to pay $500 to Walmart to get it cleared up and we have all your contact information to call them now it won't go away his phone won't turn off please help I can't get into his phone at all

  12. Alv
    April 25, 2016 at 5:31 pm

    My samsung galaxy tab 4 has been infected and i'm being ordered to pay 500 dollars

    • joe
      July 29, 2016 at 12:07 am

      One needs to push it to factory settings.

      With Windows it was possible to use the safe mode but these days it is up to impossible.

  13. Bill
    April 11, 2016 at 1:59 pm

    Have FBI ransomware but don't see adobe flash in my Note 3 applications manager. How do I find which "app" is infected?

  14. Joe
    April 10, 2016 at 4:19 am

    It will let me get all the way up to "deactivate flashplayer" but when i click it, it doesnt deactivate but takes me to my lock screen. Any suggestions?

  15. thadoug
    March 27, 2016 at 3:33 pm

    Hey, not all ransomeware are removable in safe mode.

  16. Mary
    January 20, 2016 at 2:11 am

    Put in safe mode. Remove system update 1.0 under apps. WORKED. Thank you Pierre!

  17. Khore nadda
    January 13, 2016 at 8:36 am

    Infected ematic tablet EGQ 307 with ransomware moneypak, The device has no volume button, I can't get it to boot in safe mode, Or a hard reset. Eventhough it has a reset option you access using a paper clip . I'm still connected to my wifi through my home network. Tablet was a Christmas present less than 3 weeks ago. Contacted ematic and they're only option the offered was to ship it back to them, and they would remove the virus. If I paid shipping both ways and pay them x amount of dollars for they're services. That dollar amount adds up to more than the the original cost of the device. If anyone has any suggestions, besides using it as a coaster ?

  18. Pierre
    November 28, 2015 at 2:02 pm

    Just got the virus (nov 28th), app was named 'Security Updates', listed as of version 1.0, with an android logo next to it. I uninstalled the app (in safe mode), rebooted, and problem is fixed.

  19. jam
    November 20, 2015 at 7:57 pm

    there is no Flashplayer in my Apps list.

  20. Lukifur
    November 20, 2015 at 2:05 am

    Hello, I just now recovered from this virus by factory restarting my phone. Thank you for making this, as this helped me realize that this was false.

  21. DJ
    November 17, 2015 at 3:56 am

    I dont see any answers just complaints

  22. Mario
    November 16, 2015 at 1:50 am

    Hey there just got hit with the FBI thing, I have an older Samsung tab 2 7.0, but I can't find the reboot safe mode, when I reboot or go to settings screen blocks everything any suggestions?

  23. Dave
    November 15, 2015 at 3:44 pm

    Hi, Dave in the UK. Got hit with what looks like a UK variant of the FBI ransomware today. Booted into safe mode and looked for any unusual apps - never realised there were so many 'normal' ones on the phone. Couldn't find anything. Rebooted normally and managed to catch sight of a running app with what seems to be just a . (period) as the name before the ransomware overlay popped up.

    Booted back into safe mode and the phone's running normally, except for downloaded apps that are not available of course! Looks like the only thing I can do is try and backup my data, do a factory reset and (hopefully) reload the data.

    Be grateful for any comments, advice or suggestions.

  24. gem.girl64
    August 7, 2015 at 1:42 pm

    How will I know if the ransomware is gone? I couldn't find flash player to remove, even with your steps. Do I need to change my passwords?

    • gem.girl64
      August 7, 2015 at 1:43 pm

      Sorry for the double post. .. my original question wasn't showing up until I posted again.

  25. gem.girl64
    August 7, 2015 at 4:44 am

    I was able to go into safe mode, delete apps, though I have no idea where it came from because there was nothing new installed. But I deleted some anyways. I did not see a place from your instructions for FLASH-> DEACTIVATE. Flash was nowhere to be seen. Can I assume I'm ok then? My phone was already set to Verify Apps. How do I know this ransomware is gone? Do I need to change my passwords? Thanks. I almost had a heart attack. Was researching a book and this crap popped up. Yikes

  26. jerry luttrell
    August 2, 2015 at 7:20 pm

    Hey this is jerry in Las vegas, I just got hit with that fbi thing. I have a Samsung galaxy avant. I think I may have voided my warranty on my phone because I rooted unlocked debugged and inoculated, and wiped my phone just to get rid of that cap then I had to put back an os that was close but not quite the same as mine. I would still be interested in hearing how to remove it without having to murder my phone

  27. Wayne Allen
    July 30, 2015 at 10:30 pm

    Got hit with this today on my g2. No way to boot into ssfe mode so I did hard factory reset. Phone is working again but all my photos appear to be encrypted because they won't load when I click them.

    If anyone knows how to decrypt them please reply here. Thanks mate !!

  28. Alex Skinner
    June 1, 2015 at 9:07 pm

    Had a customer come in today with the FBI version of the app. Booted to safe mode and uninstalled "Browser Update". Doesn't seem to be happening anymore.

    • Anthony Alapisco
      June 8, 2015 at 3:49 pm

      I need help with that. It won't let me Uninstaller browser update.

  29. India
    May 15, 2015 at 11:43 am

    it just takes me back to the website that got my phone blocked

    • Christian Cawley
      May 15, 2015 at 6:45 pm

      You're doing something wrong...

  30. Aidan
    May 13, 2015 at 7:57 am

    I downloaded an app called PornPlayer and I didn't know it was ransomware until it was too late. And I looked at the instructions you guys posted but when I go to Security--> Device Administrators the only administrator I see is Android Device Manager not flash player What to I do?!?

    • Michael
      May 13, 2015 at 10:03 am

      Same here.

    • devonc58
      May 31, 2015 at 3:15 pm

      I have the same problem....anyone have a solution yet??

      • Erion Holliday
        July 4, 2015 at 12:18 am

        you have to take your phone out of safe mode and do it

    • William Lawson
      October 27, 2016 at 1:19 am

      Well your first mistake was downloading it without doing research the second was clicking on the videos that have child pornography which in most states is a felony.

  31. prestin
    May 9, 2015 at 5:47 am

    Im actually scared that legal action will be takes, will it?

    • Christian Cawley
      May 11, 2015 at 7:15 pm

      Against whom?

  32. prestin
    May 9, 2015 at 5:47 am

    Im actually scared that legal action will be takes, will it?

  33. harris
    May 6, 2015 at 10:08 pm

    Just had this problem on my Note 3, file wasn't in device administrator but in the application manager. Booted into safe mode, went to application manager and uninstalled the app, all files still in tact!

  34. nbnb
    May 5, 2015 at 3:41 am

    what if u throw away your device do u still have to pay?

  35. JL Foster
    May 4, 2015 at 3:12 am

    My android phone (Galaxy S3) was infected with the FBI virus and Avast Mobile Security (updated) was active on my phone at the time. How did this happen?

  36. David
    April 29, 2015 at 5:04 pm

    Thank you so much. Saved my my phone brother thank u thank u thank u!!!!

  37. michael
    April 27, 2015 at 12:00 pm

    Just happened told me Last night... the virus through 'eXXXtra player' got installed on my phone n the message popped up asking me to pay $500 to regain access...failure to which I'd be prosecuted n my family members notified...I nearly...almost did pay...problem is the virus could actually access my camera n took pictures of me using the phone n they corrupted my data on the phone that rendered it unusable. They accessed my contact info and send out emails to some of my contacts with a link to t get same virus....my personal info including bank info n social security was compromised...had to call the police n file a report.

  38. p steer
    April 26, 2015 at 10:35 am

    My samsung s4 is infected with fbi malware and I cannot do anything with it what can I do to 6nlock it

    • Christian Cawley
      April 26, 2015 at 10:44 am

      Are you able to enter Android's safe mode?

  39. churroPower
    March 31, 2015 at 12:23 am

    what happens if i restated my phone do they have my information

    • Christian Cawley
      April 2, 2015 at 9:52 am

      They should have no information other than a phone number, usually gleaned from phoebooks. It is very rare that such a scammer will know your name.

  40. richard
    March 18, 2015 at 11:54 pm

    Yes i have been hit and I am asked to pay $500 before next two days

  41. Dr. Jeff
    March 1, 2015 at 9:54 am

    Just yesterday I was going through all of the different files and settings on my son's Samsung S5 that we got him for Christmas. Because I have an iPhone, I was just curious about the inner-workings (settings, files, storage) of the Samsung. I came across an .apk (Android application PacKage) file sandwiched between several pdf files that immediately caught my attention as most likely malicious.

    Here is a description of the icon:
    The square icon displays Porn Droid, with "Porn" on top with a black background and "Droid" on bottom with a yellow background.

    Here are the details of the file itself:
    Name: pornvideo.apk
    Size: 1.02MB (1,072,884 bytes)
    Last modified time: 12/29/2014 1:23 PM
    Path: /storage/emulated/0/Download/pornvideo.apk

    Now curious, I checked my wife's and other son's Samsung S5's for the same (or any similar) file in the same location. Neither of the other S5's had that file.
    So....now my job is to research the most effective way to eliminate that file, and find out where it came from.
    And as a little side note, I do have full access to my son's accounts to see their activity, if I would ever need to. The infected phone account had nothing suspicious downloaded, and side-loading is disabled.
    Oh how I love a challenge.

    • Christian Cawley
      March 2, 2015 at 8:18 am

      Would be great if you could keep us updated, Dr Jeff!

  42. Ryan
    February 28, 2015 at 6:56 pm

    http://malwaretips.com/blogs/android-police-virus-removal/

    Here is the most useful link that helped me defeat this Trojan. Be warned if your looking at "adult" photos through the internet for free and try to back out of one of the sites. The adult content sites slap this Trojan without your consent, it will belittle you into paying them. They play on your guilt for visiting. I thought I would lose my wife and kids and that was truely the most devastating thing that has ever happened to me.

    I just bought this phone and in a week found this trojan all because I got to currious. I beleave google play is 99.00% safe from this thing I was the one that needed an update.

    I did the safe mode as you all said, don't bother to trace the file down if you are like me and it all looks important. Set your phone to factory specs. Same with the PC save the important files photos and memories and wipe the computer back to factory specs.

    Christian thank you for writing this post I felt so alone when this happened to me.

  43. amuel K
    February 28, 2015 at 10:37 am

    Hello, i got rid of the malwarevirus from the porn playerapp. I've had the same problem that also in the safe mode on my galaxy tab 2, the virus came back. I could not remove it and in the security i could not uncheck the box without the screen to pop up. Now i have uncheck the box, clicked ok and fast shut the tablet off and restart. If you do that and succeed to restart before the screen fbi etc. Popsup your done. The problem is solved and you can delete the app in safe mode.

    • Christian Cawley
      March 2, 2015 at 8:18 am

      Did the app come from Google Play?

  44. Hervette Travis
    February 25, 2015 at 11:39 pm

    Searching the web my ASUS got infected by the FBI maleware and its locked and I have tried the options given and none of them work Please can I get some help !

    • Christian Cawley
      February 26, 2015 at 5:03 pm

      Have you tried the hard reset, back to factory settings?

  45. Timothy Hughes
    February 7, 2015 at 2:33 pm

    Ok I have an HTC Vivid and when I go to security, there is no device administrator selection. Could my phone have a different layout or something? Anyway what do I need to do?

  46. Sabine
    February 4, 2015 at 2:47 pm

    Just got this virus this morning. I haven't downloaded anything, just got a popup message that there was a Google Play update available for download, tried distractedely to get around it but there was no obvious cancel button so clicked OK to download and then install (yes, I know: stupid, stupid!!! :-( ) and my tablet immediately froze, everything locked down with just a screen wide message from the "interpol" that I had to pay 100 euro to unlock. My husband tried all day to get rid of it in safe mode but didn't manage so we just reinitialised everything. Luckily all important data was backed up on my PC but some photos lost and lots of settings to redo.

    • Christian Cawley
      February 12, 2015 at 8:58 am

      Strange that it should have just appeared. Malware doesn't work like that. Has someone else installed something on your phone?

  47. Tre
    January 30, 2015 at 9:45 pm

    OMG, Thank you. I was SO freaking out! Booted in safe mode and now im good.

    • Fredo
      January 31, 2015 at 3:02 am

      I was about to shit my pants no lie

    • kandi
      February 27, 2015 at 11:36 pm

      Same here freaking out what the Hell. Someone help me please.

  48. Luke
    January 28, 2015 at 3:32 pm

    I had a similar experience but it didn't lock me out of my phone or anything. It had a pop up showing my IP and stuff saying the same stuff as the FBI RansomWare Virus, but nothing had downloaded, I managed to close out of my browser and then I scanned for viruses, and nothing, so then I restored to factory settings. Am I okay, or are they going to use my IP, because if its not a virus what is it?

    • Luke
      January 28, 2015 at 3:38 pm

      Can someone please help me I am freaking out.

  49. Anon
    January 27, 2015 at 9:41 pm

    thank you so much the flash player malware got me earlier today and with the help of this was able to completely repair my phone to working condition.

    • Christian Cawley
      January 29, 2015 at 7:03 pm

      Great to learn that it worked!

  50. Anonymous
    January 25, 2015 at 5:12 pm

    I can't access anything as soon as turn the phone one it appears on the home screen that I have to pay $300 to have it unlocked

    • Christian Cawley
      January 26, 2015 at 1:21 pm

      Have you tried booting your phone in Safe Mode? Use Google to find the steps for your device if the generic steps above don't work.

  51. anonymous
    January 25, 2015 at 4:00 pm

    My phone got this virus...but when i turn it on it shows the whole message thing and wont even let me shut off my phone...So how am i supposed to reboot?

    • Christian Cawley
      January 29, 2015 at 7:03 pm

      Hi - your best solution would be to remove your device battery.

  52. Khan
    January 20, 2015 at 3:08 pm

    I have this FBi virus on my asus tablet tf101 ..but please help me to get in safe mode and to get rid of this crap thing ..i am so much worried

  53. Shahin
    January 19, 2015 at 9:32 am

    Hello, hope you are fine.

    We received this FBI Virus and removed it manually. But unfortunately, our pictures and videos are blocked and we cannot open them.
    Do you have any solution on this issue?
    Please let me know.

    Many thanks.

  54. Donovan
    January 18, 2015 at 3:49 pm

    Wat if your u already got it and your phone won't do wat we read

    • Christian Cawley
      January 22, 2015 at 11:21 am

      Then it's a factory reset.

  55. Samantha
    January 14, 2015 at 5:44 am

    This happened to my boyfriend but how does he get rid of it because it's not letting him do anything with his phone ?

    • Christian Cawley
      January 18, 2015 at 6:03 pm

      Hi Samanthan, has your boyfriend followwed the steps in this article?

  56. Angus
    January 14, 2015 at 1:09 am

    this is the only article that tells you to deactivate it first thanks so much

  57. Alex
    January 13, 2015 at 1:39 pm

    My phone has been infected by this virus and i do same as you told in your instruction. I turned on my phone in safe mood- setting-device administration-unchecked the tickbox from app then another page poped up as dectivate. But as i click on deactivate button same FBI thing popsup in safemood and i cant do anything. I need your help please.

  58. Clair
    January 8, 2015 at 5:45 am

    That scared the life out of me it came from an add on my browser and I was like WTH I swear I'm a good person i didn't do anything and than I started flipping out so I googled it thanks for writing this article I feel a bit better now

  59. Albert Francks
    January 8, 2015 at 12:01 am

    When i hold down the power device it gives me power off, restart,air plane mode and emergency mode and none of them work

  60. Albert Francks
    January 7, 2015 at 11:57 pm

    I need help everytime i start up my phone and put in my passcode it pops up in the first 5 seconds i cant get into my settings to get rid of it!

  61. Matthew
    January 7, 2015 at 1:04 pm

    Thanks Christian, but no luck with me.
    Got into safe mode
    found the offending flash install but can't be removed
    when to security and removed its administrator status but this executes the file.
    I think it likely this app has evolved as suggested earlier.
    unless there are new ideas, it will be a reset for my samsung s2 mobile.

  62. brian
    January 7, 2015 at 12:32 pm

    I have just been hit by the £200 ransomware demand police scam om my android Archos 101G9 tablet and am trying to figure out how to get it into safe mode

    • Christian Cawley
      January 7, 2015 at 12:44 pm

      As I understand it there is a button you must hold when the tablet restarts, however I'm unable to find out which button. Have you checked your device documentation?

  63. prince
    January 4, 2015 at 10:00 pm

    If this affects you, go to safe mode as told here, and uninstall the browsers like chrome, opera, uc etc. And restart the phone. The plugin or flash player showing the thread also will get uninstall with it.
    Enjoy

  64. Dave
    January 4, 2015 at 3:34 pm

    Thanks for your help. I have a Galaxy S4 and got the message right after installing a phoney ass flash player. I turned to the phone off and rebooted it in safe mode( turn phone off, wait for Samsung logo to show then tap the menu button repeatedly until your back to your main screen) then I went to settings>more>application manager and then uninstalled the felonious app. Once I uninstalled the app it was removed from the deice administrator list so you shouldn't have to worry. Now im back to normal. Thankx again

  65. Allmeda
    January 3, 2015 at 4:54 am

    It's a horrible thing,for a minute I thought I was going to have a heart attack but I turned off my device (and I thank the lag viruses) I had because it lagged my whole system so i had a head start to Uninstall it in my app menu on doing so the ransomware block claiming to be "FBI" and "WORLD CYBER DEFENSE DEVISION" just vanished and the ransome that was wanted in [Moneypak] just stopped and vanished after that horrible experience I am now scared to download apps off un-googleplay services.

    • Christian Cawley
      January 3, 2015 at 9:20 pm

      Thanks for sharing, Allmeda.

      With regards to external app stores, Amazon should be safe, but beyond that, it is wise to avoid non-Play app stores.

  66. tracy
    December 31, 2014 at 10:00 pm

    U need to factory reset your phone to get the malware off your phone. If you have a slow phone take advantage in that.

  67. cindy
    December 30, 2014 at 2:50 pm

    Help I have tried going in safe mode and going to administrator and checking app. It will not work.

  68. andy
    December 30, 2014 at 2:36 pm

    My son has a galaxy s4 and we try this method but it won't help, the safe mode won't appear what should I do??

    • Christian Cawley
      January 3, 2015 at 9:20 pm

      In this situation, factory reset is the best option.

  69. A.J.
    December 30, 2014 at 3:46 am

    When I am in security> administrator. It gives the option to deactivate bit it doesn't do anything. Nothing pops up confirming to deactivate. And after a few seconds it still brings me back to the FBI warning page. Can someone help??!?! I have an s4 and need to fix it before my parents see it and that think its real. If anyone can help thank you so much!!!!!

  70. TJurges
    December 28, 2014 at 5:40 pm

    I have it in SAFE MODE and it works but can't open any of my apps. HOW DO I GET THIS SHIT OFF MY PHONE???? THANKS

    • Bill
      December 28, 2014 at 10:01 pm

      The problem is you can't open apps in safe mode. I went to Samsung's support desk on line and they told me how to do a factory reset. My phone is a galaxy s5.

  71. zion walker
    December 28, 2014 at 5:39 pm

    Yes my new phone us locked and when i shut it off it didn't give me the option to reset in safe mode what do i do now

  72. Debra johnson
    December 28, 2014 at 7:17 am

    MY Polaroid tablet won't let me do anything, it is just stuck on the page about a green dot card different locations where to buy them & enter the code

    • Christian Cawley
      January 3, 2015 at 9:21 pm

      Hi Debra, how have you dealt with this so far? Have you attempted a factory reset?

  73. Debra johnson
    December 28, 2014 at 7:14 am

    I have been infected with ransomwear, please help!

  74. Angel
    December 28, 2014 at 6:29 am

    How do I hard reset my Samsung Galaxy Tab4 when it is locked by the FBI virus? Please help me

    • Bill
      December 28, 2014 at 10:12 pm

      Go to the Samsung support desk. They led me through doing a factory reset and it fixed the problem. However you will lose your contacts and any pictures or other personal data you saved.

  75. Sean Bennett
    December 27, 2014 at 9:50 pm

    Thanks for the help. This just happened to my LG G3. I had been researching the problem for the last 10 hours and was ready to perform a hard reset when I decided to research the problem one more time. I was fortunate to come across your information and within 5 minutes had completely removed the malware and reset my phone. Thanks again

    • mystery
      May 12, 2015 at 1:18 am

      can u please help how did u do it

  76. Lorraine
    December 27, 2014 at 11:55 am

    I've got a lg phone completely blocked. Wanting money for watching child porn sum one plz help no idea wot to do x

  77. Bill
    December 27, 2014 at 11:16 am

    I just got it on my new Galaxy S5 I don't know how to remove it. But I would rather replace my phone than give these crooks any money.

    • Christian Cawley
      January 3, 2015 at 9:22 pm

      Hi Bill, have you used the steps outlined on MakeUseOf to remove it?

  78. Selina
    December 26, 2014 at 1:51 pm

    I received a ransomware when I was watching a video, however it seems to be different from ransomwares I searched up (it didnt lock my phone) and it disappeared right after I restarted my phone. So I am still freaking out over if it is a ransomware or not. Oh and also the security thing is set up in my samsung is set up when this happened.

    • TJurges
      December 28, 2014 at 5:42 pm

      Hold the bottom part of the volume key and power button at the same time for 4 seconds and that should get you in safe mode

  79. John Reeves
    December 25, 2014 at 6:50 pm

    I did a Samsung Security Update that allows an automatic scan. The moment I installed it, the rogue program was gone. It was like nothing had happened. Not all anti-malware programs are on the up and up. Some masquerade as anti-malware only to reveal themselves as malware. Whatever you do, don't panic or pay any money. I'm glad I wasn't the only one with this problem.
    Unfortunately I knew where I went on the Internet, so I thought someone was going to be knocking on my door.

    • Christian Cawley
      January 3, 2015 at 9:22 pm

      Good advice, John Reeves, anyone with a Samsung should follow suit.

  80. David. Underwood
    December 25, 2014 at 6:29 pm

    I have recently encountered this from a website. I simply closed the page.

  81. Anonymous
    December 24, 2014 at 9:50 pm

    My brother Jake, was trying to download a browser and a FBI symbol came up and said he was caught with child pornography, but he really didn't have any pornography on his phone and said he had to pay a $200 dallor fine or go to federal prison..if I was ANYONE ELSE watch out at what you're trying to download .

    • ..,,,,,
      January 20, 2015 at 5:03 am

      Me to help I'm only 12

  82. Samantha
    December 24, 2014 at 8:40 am

    I have an HKC 8 inch tablet and it doesn't seem to have a safe mode. I can turn it off, and then I can turn it back on and log in. I have a few short seconds before the screen pops back up. What should I do? I can't remove the battery.

    • Christian Cawley
      January 26, 2015 at 11:10 am

      "..,,,," - suggest you follow the steps above and failing that, run a factory reset.

  83. Jess
    December 24, 2014 at 5:12 am

    Also my phone is an android and it only froze up chrome. Nothing else. Could this be a new version? The pop up sounded exactly the same as what I've been reading. It's just weird because it only locked chrome and went away fairly easily. However it did say my device was locked

    • cheryl
      December 31, 2014 at 5:23 am

      I had this happen to me today. Though I was able to close it and get chrome back. Did yours ever get worse?

  84. Jess
    December 24, 2014 at 5:10 am

    I got a pop up on my phone when I accidentally clicked on a site on google. I am getting used to this new phone and my finger lingered over a site for a bit to long. I pressed the back button but then the pop up came up. It said I needed to pay $200 and accused me of watching child porn and other things like that. I noticed my phone was using data so I closed my apps, and switched to wifi. Then I went back into chrome and the pop up was gone along with every tab I had open. Does this also sound like a virus??

  85. T. Smith
    December 23, 2014 at 9:59 am

    You are a life saver. These simple steps helped me to remove the virus from my phone. Thanks a lot!

  86. Ahmad
    December 23, 2014 at 5:00 am

    i was really worried because after trying everything people told me it didnt work. so thn i just turned on safe mode and factory reset my phone. unfortunately everything was gone but my problem was fixed

  87. Hunter
    December 20, 2014 at 7:04 pm

    I got this a couple days ago. My s4 is rooted and have titanium backup. When I got I read it and was like HELL NO! I removed my battery, turned it on and went into titanium and uninstalled it. It somehow came back so I froze it and then uninstalled it. Have the unknown sources checked because my rooted apps don't run. It was some fake app that I somehow got online. Should have seen it from the beginning when something downloaded. Then I hit install. Should have deleted it after it downloaded and never installed. Now going to be very strict on apps and may even reset my whole device if I have anymore problems.

  88. Kerri
    December 18, 2014 at 2:13 am

    Help PLEASE, my son got this virus on his Galaxy S3 (GT-I9300 international model), when powered on in all above stated methods say Downloading do not disconnect usb cable during software update

    I greatly appreciate any suggestions

    Thanks!

  89. Jokerinthedark
    December 17, 2014 at 11:31 pm

    Im not gonna lie I somehow got this crap on my phone and you totallly saved my life with this so thank you lol

  90. the virus pro
    December 17, 2014 at 3:23 pm

    U can disable it by going into safe mode like it says but it is wrong about one thing with the new ransome ware apps u can't delete it u have to go into settling when in safe mode and factory reset it if u can't get into safe mode hold the power button on ur device when the virus is up and it shows the fbi screen this will power down ur phone when 8t is powering back up hold down ur how button the volume button then the power button this will also take u to the factory reset and then it will have tiny words in the top left corner of ur screen use the volume buttons to sroll then scroll to factory reset it will ask u are u sure then u scroll to yes and hit the power button to select it then ur phone is free from the virus :]

  91. luke
    December 17, 2014 at 1:00 am

    My gmail is lukepfost12 @gmail.com

  92. luke
    December 17, 2014 at 12:58 am

    I Download edI downloaded the app porn droid and I can't get to safe mode the FBI thing pops up to quick and I can't get to my setting because it pops up in 10 seconds what can I do t

    • Hunter
      December 20, 2014 at 7:12 pm

      I had the same thing. Remove your battery if possible to turn it off. Try finding out how to enter the safe mode for you device. I have an s4 rooted so I was able to remove it in titanium backup. If needed then you can find out how to enter your devices menu thing.(power, volume up and home) for most devices when powered off. I would reset the device if you can't remove it before it comes up,

  93. luke
    December 17, 2014 at 12:58 am

    I Download edI downloaded the app porn droid and I can't get to safe mode the FBI thing pops up to quick and I can't get to my setting because it pops up in 10 seconds what can I do t

  94. Anna
    December 13, 2014 at 3:30 am

    $150.00 fine? I actually never found out how to uninstall it because it wouldn't let me. I downloaded Adobe Flash Player 10.1.1 just to see a movie called "Faults in Our Stars,.. FBI virus accused me of terrorism and watching illegal porn.. Disgusting way to tale so I plan to revenge this Spam one day once I learn the computers and it's vulernabilities.. Reseting my phone cause me to lose my precious photos and now they are gonna pay.

  95. john
    December 6, 2014 at 5:51 am

    It says I gotta pay $500
    Is it the same thing? Please I need help

  96. Wen
    December 5, 2014 at 2:20 am

    Hello it is on my kindle and it wont let me do nothing on my kindle. It accuses me of having porn and says i have to pay $500. It says they will triple it if i ignore it. Please help :(

    • john
      December 6, 2014 at 5:52 am

      It says the same thing on my galaxy s4

  97. johnny
    December 4, 2014 at 10:33 pm

    Wow I just got the damn virus asking for $500 and my phone was completely locked saying some crap about illegal actions that I had done. I did manage to get my phone into safe mode and that is how I'm writing this, but it won't let me delete the virus app which in this case it is called porn droid. I think I'm going to have do factory reset but I'm reluctant to do so because I would then lose my Clash of Clans account. Any help on how I would be able to remove the virus without completely resetting my phone

    • aj
      December 5, 2014 at 12:22 am

      Hello Johnny I also got infected with the virus have you resolved the issues, I would like to ?now how, this is driving me crazy.

    • Wen
      December 5, 2014 at 2:21 am

      THIS IS EXACTLY WHAT IS HAPPENING TO ME. But on my kindle. It's completely locked

    • john
      December 6, 2014 at 5:53 am

      Your lucky I can't even get it to safe mode

    • john
      December 6, 2014 at 5:54 am

      Did it say to not try to delete or reset your phone

  98. lol
    December 4, 2014 at 8:29 pm

    I was hit. When I was online I had a adobie flash .apk download I thought I could trust it. But after I downloaded it I got the FBI virus. The for the help ?

  99. Anonymous
    December 4, 2014 at 6:43 am

    Im in safe mode on my note 2 and It won't let me uncheck in security device administrator. How do I remove the malware!? Please help

    • Nate
      May 2, 2015 at 7:19 am

      Sadly you will have to factory reset. Luckily my ransom wasn't that advanced but it was asking for $500!!!

  100. deddie
    December 4, 2014 at 3:14 am

    I was screwed too i thought i would actually have to pay but i looked it up and the removal and safe mode helped

    • Amanda
      January 15, 2015 at 8:17 am

      Omg thank you Deddie!!! I have been getting so frustrated with this the past two days!! Didn't know about going to device administrator till I saw your comment and I think it worked! THANK YOU!!!

  101. jc
    December 3, 2014 at 12:37 am

    i tried uninstalling in safe mode but it doesnt let me uninstall the box is greyed out and there is no sign of it in device admins

    • deddie
      December 4, 2014 at 3:17 am

      Go to security device administrators an uncheck any new apps

  102. Bob
    November 29, 2014 at 5:52 pm

    My Samsung Galaxy S5 is locked period. I have a few seconds to try to get into my phone and the FBI screen pops up. I was thinking about paying $69.95 to yoocare to fix......

  103. nonegiven
    November 22, 2014 at 4:37 pm

    Can you connect by USB and pull your files off to a folder on your computer, then factory reset? Or does this malware have a way to stop that?

  104. nonegiven
    November 22, 2014 at 4:33 am

    My husband got this today. He googled and found safe mode, then factory reset. He didn't have anything important on there that couldn't be recovered. I had to sign him into google and dropbox, set up his email, reinstall his apps from Play, sign into Amazon, deregister and reregister his tablet, and resend his books to the app. Because, you know, that would be hard.
    He doesn't know how to sideload apps, himself. I don't know how he got it.

  105. Harold
    November 21, 2014 at 11:31 am

    I got it from a website on my new Moto X. I went to safe mode, selected Chrome, and then uninstall updates. Everything seems to be in order now.

  106. Trent
    November 18, 2014 at 3:51 pm

    I was just victimized on this "ransomware". It's holding my pictures, videos and other things for "ransom". I uninstalled all third party applications but when I exit safe mode, my phone still acts up. It'll either show the message again or it will just go black. When I press the home key, it goes to the main screen but it'll just go black again 5 seconds later. If i'm lucky for that much time.

  107. Danish Pastry
    November 18, 2014 at 7:52 am

    I can't seem to find a rogue app but have this problem, any other ways to get rid of this?D

  108. Tim
    October 31, 2014 at 6:27 am

    First of all thank you for this guide. It was very helpful.
    Second, I am wondering if this virus is evolving, because it was attempting to prevent me from doing anything while I was in safe mode. I kept getting a pop-up message "process com.android.systemui has stopped" . Every time I hit ok it would return a second or two later, all while I was in safe mode. It made following the steps very difficult.

    • Christian Cawley
      October 31, 2014 at 11:20 am

      Tim, I certainly wouldn't rule that out.

      Did you manage to complete removal eventually?

  109. maney
    October 29, 2014 at 1:18 pm

    this Ransomwhere appeared on my friends Kindle Fire, 1st generation. I ended up doing a hard reset. first, charge the battery to 40% then hold the power button until the device powers down then you have about 30 seconds to do a "restore to factory default" before the ransomwaere starts again.

    • Richard
      November 14, 2014 at 7:41 pm

      go to you security settings and disable the lock that is the best way i just had it happen to me

    • Anonymous
      May 4, 2015 at 6:32 pm

      u can just go to downloads an uninstall also in thiryy seconds then u good

  110. Lee
    October 28, 2014 at 4:59 am

    My tablet Asus M30 something, invaded with FBI RANSOME. Currently in safe mode. FOUND flash that I downloaded. Its locked from being able to uninstall, cant remove administration so i can uninstall. I hate to think of having to reset which would erase everything. What option have i missed, i want my tablet back. Email me please

  111. Derrick
    October 13, 2014 at 9:23 pm

    re FlashPlayer: I just tried to play a song on SingSnap, my karaoke website. Stock browser still wont play them. Galaxy S4. I MUST have Flash and a third party browser that supports it. I use firefox.

  112. Aidan
    October 12, 2014 at 10:16 pm

    Simple, just go to http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html and it has official versions of flash which are not filled with ransomware

  113. Jk
    October 7, 2014 at 8:19 am

    when i try to disable it in device admn it says it cant

  114. Jk
    October 7, 2014 at 8:18 am

    when i try to disable it in device admn it says it cant

  115. Christian Cawley
    October 4, 2014 at 10:27 pm

    Or rather: you *can* be affected by this as other commenters have stated above.

    • James Bruce
      October 5, 2014 at 10:39 am

      I can't imagine waking up to this. Hopefully, wont ever happen if i stick to iPhone, but time will tell.

    • ngwa
      September 20, 2016 at 10:15 pm

      pls can u guys heip me my phone was blocked by the american fbi

  116. ScottW
    October 4, 2014 at 10:15 pm

    So essentially, do absolutely nothing at all. You can't get this because it's not in the Google Play store, so almost nobody could possibly get it. Oh, and if you have verify apps checked, you can't get it. Oh, and if you have Play Services, you won't get it either. So basically nobody is actually going to get this, and this whole story is pointless.

    • JAnd
      October 4, 2014 at 10:40 pm

      Google play is blocked by China. So for expats working there 3rd party app stores for English apps are essential. It's good to know what to do in that case.

    • Anonymous
      January 30, 2015 at 7:49 pm

      Bullshit it isn't real, its on my phone right now

    • Anonymous
      January 30, 2015 at 7:53 pm

      You probably shouldn't have disabled the security on your phone then Anonymous Coward. That's your fault.

  117. chris
    October 3, 2014 at 6:58 pm

    Yea hit my tablet wanted 300.00 tablet render. Useless one computer geek company wanted 150.00 to debug it but I could buy another tab cheaper. Showed adobe flash player free so i loaded it. But u can load adobe flashplayer from ur app store free of charge.

  118. Hfrankjr
    October 3, 2014 at 3:25 pm

    I just checked and Flash Player doesn't exist. Adobe Flash Player is there under Apps. I uninstalled it; don't need it anyway. Right? Or should I put it back in?

    • jeroen
      January 27, 2015 at 3:59 pm

      there used to be a flash for older versions of android, but you don't need it anyway, unless you visit sites like newgrounds on your phone, flash content works bad on touch anyway so it doesn't really matter

  119. Kieran
    October 3, 2014 at 11:31 am

    It started on desktops/laptops, it even indirectly says so at the start of the article here :-) I had to clean it off my flatmate's laptop a few months ago, that and about 40-odd other viruses. Lesson learned by him, never use limewire :-P

    • Phoghat
      October 3, 2014 at 12:52 pm

      " never use limewire"
      True Dat

  120. TK S
    October 3, 2014 at 5:14 am

    Hi I'm the one who had mentioned being infected in a comment on another post. I forgot to mention that I had even tried booting into safe mode but still could not remove it. AVAST was my only saving grace. Play store wasn't usable from that device so I had to go online and send from the play store web page to my device.

    My particular device was actually the moto x

    • cindy
      December 31, 2014 at 10:11 pm

      I have this on my phone and have tried going in in safe mode. Went to security admin and found the porn viewer thing and tried to delete but had no luck. Any suggestions would be great.

    • Ben
      January 11, 2015 at 6:38 pm

      That's the same problem I have, it won't let me deactivate it

  121. Barett Petersen
    October 3, 2014 at 1:16 am

    Is there a way to scan your phone to locate or discover any possible apps that may be ransomware?

    • tom bell
      November 6, 2014 at 10:39 pm

      Install androidlost on your phone. You cn log in remotely that way or change appps/settings by using adb

    • Brad
      December 25, 2014 at 3:19 am

      I had this pop up on my new Galaxy s5 the first day I got it by watching videos on Liveleak. I restarted in safe mode and tried everything that the different sites suggested. I finally just went to the apps menu and hit the "my files" icon. Just checked downlosd history and found a newly loaded file called pornviewer or something close anyway. I uninstalled it and it all went back to normal.

  122. Jessica C
    October 2, 2014 at 11:33 pm

    I'm not surprised that ransomware freaks people into paying money to unlock their devices. I wonder though why we don't see this sort of thing on desktops/laptops. Do we?

    • Shannon
      October 3, 2014 at 2:50 am

      Jessica, you CAN see this sort of thing on desktops and laptops. It can be a bear to remover, too, as there seems to be different strains of this ransomware.

    • CS
      October 3, 2014 at 3:40 pm

      I have seen it on many people's desktop over the last few years. Friends and family usually come to me when they get the message. By the time they ask for my help they usually have several malware applications running in addition to the ransom-ware.
      My usual fix is to reboot the PC in Linux, copy their photos, music and documents onto an external drive and then do a clean reinstall the OS from an OEM disk.

    • Macguy
      October 4, 2014 at 3:30 pm

      I saw one floating around a couple of weeks ago called Cryptowall that was affecting PCs

    • nuts
      May 3, 2015 at 11:10 pm

      Yes, if you visit lots of porn sites on any device, you are likely to get it.

  123. Alex
    October 2, 2014 at 10:36 pm

    I have actually never had any sort of virus or malware on my phone ever, and I do install quite a few third party apks, along with rooting my phone, flashing different roms (CM11 on the Nexus 4 rocks by the way!), installing Xposed framework, installing Xposed modules, etc. Now that I think about it a little more, nobody that I know with an Android phone has ever had a virus or malware problem either! I've been hearing this ever since Android came out, that it has viruses and malware, but I have never seen a case first hand. I've only seen it reported on the interwebs. It might be because I'm (generally) smart about what I install, but still, with all of the problems I've heard about Android viruses/malware online, and the fact that I've never seen an Android virus or malware, a lot of it just seems, well, made up. I'm not discrediting MakeUseOf - You guys are actually awesome and very helpful; thank you for that - I really just want to know how many people are actually affected by Android viruses/malware. Is it really that big of a problem?

    • Bob robertson
      December 25, 2014 at 4:17 am

      Well I was infected with it I downloaded a lot of third party apks and stuff and one day I was stupid and accidentally downloaded a flash player that had it scared the crap out of me. So yeah it has infected people but is it very common no because I've been downloading 3rd party apps foreves and it has only happened once

    • Bev
      January 9, 2015 at 2:56 pm

      My 6 year old grandson got on his Xoom; it's real alright. No safe mode and at a loss how to remove.

  124. Doc
    October 2, 2014 at 4:32 pm

    " Keeping the Verify Apps option checked also helps as it checks every installed app automatically." Older versions of Android don't have "Verify Apps" - my Android 4.1.1 tablet doesn't have this checkbox, nor does my Android 4.0.4 phone. Good luck to those not lucky enough to own the most recent (and thus most expensive) device.

Leave a Reply

Your email address will not be published. Required fields are marked *