Remove Police or FBI virus from Android phone (Removal Guide)

If your Android phone is locked and you are seeing an “ATTENTION! Your phone has been blocked up for safety reasons” notification from a law enforcement agency (FBI, Australian Federal Police, Metropolitan Police, U.S. Department of Justice) asking you to pay a fine via GreenDot MoneyPak, Ukash or Paysafecard code, then your device is infected with a malicious app.

[Image: Android FBI virus]

These type of malicious appps are distributed through malicious websites, or legitimate websites that have been hacked, which will say that you need to install a special “video player” app, and then offering it for download. This infection may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

What is the “Police or FBI virus” for Android ransomware?

This infection is part of the Troj/Koler Ransomware family of computer infections that target Android users from all over the world.
When the malicious app is installed the Android ransomware virus will display a bogus notification that pretends to be from an official law enforcement agency (examples: Irish An Garda Síochána, Royal Canadian Mounted Police, Police Central e-crime Unit, Australian Federal Police) and states that your Android phone has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.

The malicious ransomware app will lock you out of your Android phone and applications, so whenever you’ll try to unlock or use your smartphone, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of an MoneyPak, Ukash, Paysafecard or MoneyGram Xpress voucher. The malware’s authors prefer these payment services because transactions made through them cannot be reversed and are hard to trace.

Furthermore, the malicious app will claim that all your file are encrypted. The good news is that this infection doesn’t scramble any of your data or filtrate audio and video as it claims, and it merely locks your phone with a popover browser window that quickly reappears if you try to get clear of it. The bad news is that the continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware.
Even rebooting won’t help as the malware kicks back in early in the process of restarting. A factory reset will get rid of it, but that also removes all your other installed apps and stored data.

Is my Android phone infected with the Police or FBI virus?

If your Android phone is infected with a ransomware app, this infection will display a localized webpage that covers the entire screen of the infected smartphone and demands payment for the supposed possession of illicit material.

[Image: Android Police lock screen virus]

[Image: Android lock screen virus]

Cyber criminals often updated the design of this lock screen, however you should always keep in mind that the Federal Bureau of Investigation or any other police agency will never lock down your phone.

The message displayed by this ransomware infection can be localized depending on the user’s location, with text written in the appropriate language:

ATTENTION! Your phone has been blocked up for safety reasons listed below.
All the actions performed on this phone are fixed.
All your files are encrypted
CONDUCTED AUDIO AND VIDEO.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United Stated of America criminal law.

Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading pof pirated music, video warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.

Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your phone, that unauthorized access had been stolen information of State importance and to data closed for public Internet access.

[…]

The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
Amount of fine is 300$. You can settle the fine with MoneyPak xpress Packed vouchers
As soon as the money arrives to Treasury account, you phone will be unblocked and all information will be decrypted in course of 24 hours.

The “ATTENTION! Your phone has been blocked up for safety reasons” message on the lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send any vouchers or money to these cyber criminals, and if you have, you can  should request a refund, stating that you are the victim of a computer virus and scam.

How to remove Police or FBI virus from Android (Removal Guide)

This page is a comprehensive guide which will remove the malicious app from your Android phone. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

OPTION 1: Remove the malicious app from your Android phone

STEP 1: Reboot your Android phone to Safe Mode to avoid the Police or FBI lock screen

The Android Police or FBI virus effectively locks your phone with a pop-over browser window, like the one you see above, that quickly reappears if you try to get rid of it. The continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware, and a plain reboot won’t help, because the malware comes back to life early in the restart.

To avoid the Police or FBI lock screen, we will need to start your Android phone in Safe Mode.
Safe Mode for Android is a mode that allows a phone to load all the default settings and software the phone originally came with, most importantly your system starts up without loading any third-party apps.

There are a few methods to enter the “Safe Mode”, depending on the model of your Android phone.

Method 1: Reported to work on Google devices and various Android Open Source Project, or AOSP, derivatives like CyanogenMod

  1. Press and hold the power button as you would to power down or reboot.
  2. A menu will pop-up on your Android device. TAP and HOLD the “Power off” option.
    [Image: Hold the power button until this menu appears]
    If nothing happens long press the “Reboot” option instead of  “Power off”.
  3. A dialog should appear offering you to reboot your Android device to “Safe Mode”. When this happens, click on “OK” to enter “Safe Mode
    [Image: Reboot to Safe Mode Android]
  4. If you have managed to select “Safe Mode”, you will see the text “Safe Mode” at the bottom left corner of the screen.
    [Image: Android Safe Mode]

Method 2: Reported to work on Samsung Galaxy devices

  1. Power down your Android phone.
  2. Turn on and repeatedly tap the soft-button for “Menu.”
  3. If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

Method 3: Reported to work on Samsung Galaxy S3 and other devices

  1. Power down your Android device.
  2. Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (HTC One and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor’s logo appears.
  3. If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

STEP 2: Uninstall the malicious app from your Android phone

The Police or FBI virus for Android installs itself under different names, in this step we will try to identify and remove any malicious app that might be installed on your phone.

  1. To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
    [Image: Go to Settings and select Apps]
  2. This will bring up a list of installed apps, including the malicious app that is responsible for the Police or FBI lock screen.
    At this moment the malicious app that is locking Android phones goes by the different names: BaDoink Video Player, Network Driver System, Video Render System Security 1.0 or Adobe Flash Update.

    Cyber criminals are often changing the name of the malicious app to prevent users from finding it.
    We recommend that you search in the installed apps list for any unknown or suspicious apps.

    [Image: Search for the malicious app that is locking your Android phone]

    If the malicious app is “Adobe Flash Player“, then your Android phone is infected with the latest version of ScarePakage ransomware. This app will most likely will not allow you to uninstall it.
    To remove it, some variants of ScarePakage (fake Adobe Flash Player app) will uninstall themselves if you enter a random, long-enough number to satisfy the MoneyPak (15-digits) demand. If this will not work, than you will have to follow reset your phone settings as seen in OPTION 3.
  3. Touch the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen, then click on “Uninstall” button:
    [Image: Touch the app you’d like to uninstall]

    If the Uninstall button is grayed out (this may happen if your phone is infected with the Android Screen Locker malware) then go to:
    1. Settings > Security > Device administrators.
    2. Tap the app that you cannot uninstall.
    3. Choose “Deactivate” > “OK” and immediately shutdown your device.
    4. Start your device again and then uninstall the malicious app.
  4. A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
    [Image: Remove malicious app from Android phone]
  5. Restart your Android device.

STEP 3: Scan your device with Zemana Mobile Antivirus

In this step, we will scan your Android phone for malware with Zemana Mobile Antivirus application. Zemana Mobile Antivirus is a free anti-malware application which will help us detect if any malicious app or file is installed on your device.

  1. You can download Zemana Mobile Antivirus from the below link:
    ZEMANA MOBILE ANTIVIRUS DOWNLOAD LINK (This link will open a new web page from where you can download Zemana AntiMalware for Android)
  2. Click on the “Install” button, and when the app permissions will be displayed click on “Accept” to install Zemana Mobile Antivirus on your device.
    Install Zemana Mobile Antivirus
    Zemana Mobile Antivirus will be installed on your phone, this will only take a few seconds. When Zemana Mobile Antivirus has finished installing, open the app
  3. To perform a system scan with Zemana Mobile Antivirus, click on the “Full Scan” button .
    Zemana Mobile Antivirus Full Scan
  4. The scan may take a few minutes depending on how many apps you have installed.
    Zemana Mobile Antivirus while scanning
    If any malicious apps are detected, click on the “Delete All” button remove them from your Android device.
    Zemana removing Android malware

OPTION 2: Remove Police or FBI lock screen with avast! Ransomware Removal

Avast! Ransomware Removal quickly and easily removes malware from your device and decrypts all your files held hostage for free, so you don’t have to pay a ransom.

  1. Using your computer or another device with is not infected with Police or FBI virus, go to the below link:
    AVAST RANSOMWARE REMOVAL DOWNLOAD LINK (This link will open a new web page from where you can download avast! Ransomware Removal)
  2. Login to the “Google Play” with the same user information (your Gmail account) you use to login to your Android phone
    [Image: Sign into your Gmail account (the same that you use on your phone)]
  3. Click on the “Install” button, and Avast! Ransomware Removal app will be installed on your device in a minute[Image: Click on the Install button][Image: Install Avast Ransomware Removal on your Android phone]
  4. After the app is remotely installed on your Android phone, click the app name in the notification bar.
    [Image: Click on the App name in the notification bar]
  5. The “Avast! Ransomware Removal” app will start and provide you will need to follow the on-screen instructions.
    [Image: Avast Ransomware Removal scan]
  6. “Avast! Ransomware Removal” should now remove the malicious app from your phone. When this Avast has completed its task, you will need to uninstall it from your phone.

OPTION 3: Backup & Reset your phone to remove the Police or FBI lock screen

This is the last resort and is meant to be used only if the other two options have failed. When you use the “Backup and Reset” option on your device, it will restore the phone to its original settings, as if it is new again, thus removing the malicious app from your Android.
To restore your Android device to its default settings, we will need to use the “Safe Mode” as seen in Option 1, Step 1. Before you proceed with this option make sure your phone is in “Safe Mode” (How to get into “Safe Mode” on Android phone.)

STEP 1: Copy your videos, pictures and other personal documents onto your computer

Resetting your device to its default settings will remove all your images, videos or personal documents, so before doing a hard reset, we advise you to copy them onto your computer. Below you can see how you can easily copy the files from an Android device to a computer:

STEP 2: Reset your Android phone to its factory settings

This process will clear the entire phone and revert it back to how it was when it came off the assembly line.
The phone is going to think its brand new right out of the box.

Your Android phone should now be clean. If you are still experiencing problems while trying to remove a malicious app from your device, please ak for help in our Malware Removal Assistance forum.

SHARE THIS ARTICLE

STELIAN PILICI
I've started MalwareTips in 2010 to help people solve their computer problems. My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.

We love Malwarebytes and HitmanPro!

We really like the free versions of Malwarebytes and HitmanPro, and we love the Malwarebytes Anti-Malware Premium and HitmanPro.Alert features.

Malwarebytes Logo Malwarebytes Premium sits beside your traditional antivirus, filling in any gaps in its defenses, providing extra protection against sneakier security threats.

Malwarebytes Premium Features

HitmanPro Logo HitmanPro.Alert prevents good programs from being exploited, stops ransomware from running, and detects a host of different intruders by analyzing their behavior. HitmanPro.Alert will run alongside your current antivirus without any issues.

HitmanPro.Alert Features