The “FBI Virus” is a ransomware that locks down a user’s profile. There are different ways to remove it, but try these steps.
Try and get on another user account if you are locked out of yours. Try the local administrator account if you have one.
If that doesn’t work, try your account in safe mode.
Once inside of a user profile, Run =>
V.class=> the virus can have names other than
rool0\_pk.exebut it should look like it doesn’t belong and should have a create date/time the same as a
.classfile if you sort by file mod/create time you’ll find it.
%appdata%\microsoft\windows\start menu\programs\startup=> remove
ctfmon (ctfmon.lnk)this is what’s calling the virus on startup => also check
HKLM:\Software\Microsoft\Windows\CurrentVersion\Runand make sure there’s nothing obvious there.
If those still haven’t removed it, start running all the virus scans you have inside another profile.
Re-image your computer if infection still persists.