Severity scale  

FBI Green Dot Moneypak Virus. How to Remove? (Uninstall Guide)

removal by - -   Also known as FBI Moneypak | Type: Ransomware

FBI Green Dot Moneypak Virus is a very serious cyber infection that has nothing to do with a governmental organization, which is called FBI. Just like FBI Moneypak or simply FBI virus, it displays an alert that locks computer down and disables victims from loading any of their programs or files. The minute user logs in, his PC goes straight to the Green Dot Moneypak screen and locks the entire system down. Even rebooting to Safe Mode with Networking or Safe Mode to Command Prompt do not help in most of the cases. You must be especially careful if you live in USA because most of the users who have been infected by this threat live this area. However, there are many other versions of this ransomware spreading in Europe as well (be aware about International Police Association (I.P.A.) ransomware, An Garda Siochana virus, Police Central e-crime Unit virus and others).


FBI Green Dot Moneypak Virus can be downloaded together with other programs or files without any permission asked. This may be fake video codecs, Flash updates or other freeware from the source that is not official. Besides, you should avoid opening spam email attachments as well if you don’t want to get this infection. Right after infiltration, FBI Green Dot Moneypak Virus replaces desktop’s background with large alert which seems to be sent by a governmental agency belonging to the United States Department of Justice. This alert tries to convince you that you have been breaking down various rules and now you have been caught for doing that:

All activity of this computer has been recorded.
If you use a webcam, videos and pictures were saved for identification.You can be clearly identified by resolving your IP address and the associated hostname.Your computer has been locked!I
llegally downloaded materials (MP3’s, Movies or Software) have been located on your computer.By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading of copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine of imprisonment for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded material is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will be automatically unlocked. Failure to adhere to this request could involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the “Submit” button.

Of course, this alert is completely forged and it has nothing to do with legitimate organization. If your computer has also been locked by such FBI warning, you must understand that paying the fine won’t unlock your computer but will only support the owners of this screen locker. In order to bring your PC back to normal, you must unlock your PC first and then remove FBI Green Dot Moneypak virus.


To unlock your computer and get an ability to scan it with decent anti-malware, firstly you must follow these steps:

1. Take another machine and use it to download Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Now scan your computer with Reimage once more to remove all infected files from your PC.

UPDATE: We have alternative FBI Green Dot Moneypak Virus removal instructions. Try following them if flash drive option hasn't been helpful:

* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual FBI Green Dot Moneypak virus removal (special skills needed!):

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining FBI Green Dot Moneypak virus files. You can also try using PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

UPDATE2: FBI Green Dot Moneypak virus has just been updated - now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall FBI Green Dot Moneypak Virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall FBI Green Dot Moneypak Virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
We are testing Plumbytes's efficiency (2015-01-27 02:11)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2015-01-27 02:11)
Hitman Pro
Webroot SecureAnywhere AntiVirus
FBI Green Dot Moneypak Virus screenshot

FBI Green Dot Moneypak Virus manual removal

Kill processes:
Delete registry values:
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:

Delete files:
%Program Files%\FBI Moneypak Virus
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%UserProfile%\Desktop\FBI Moneypak Virus.lnk

Geolocation of FBI Green Dot Moneypak Virus

Map reveals the prevalence of FBI Green Dot Moneypak Virus. Countries and regions that have been affected the most are: United States.

Removal guides in other languages

Information updated:

Comments on FBI Green Dot Moneypak Virus

My 6 yr old daughters Kindle now has this virus. How do you get rid of the virus if its on a Kindle?
Next time you will pay extra for a Macbook computer or Mac Desktop. This type of shit never happens.
that all sounds good but lets not make it to hard for people who don’t know computers unplug your internet restart your computer no internet it wont lock it up you will boot like always run your spywear programs cc cleaner spybot search and destroy or advance system care that will kill it turn your computer off plug in youe internet and away you go the bad thing is if you don’t have these cleaners or some sort of cleaner then you do need to do a format and clean install so un plug internet clean it and restart hope this helps and malwarebytes is great
Michael Brinson
cant remove FBI money pac virus from my galaxy s5
I just did a factory reset. (hard reset holding down the volume key the side button on the right and the bottom button on the face of the phone close) follow the prompts. In your phone and go to factory reset and youre going to lose everything that you downloaded but youll find it in your Google Play and backups and then I reformat the SD card havent had a problem since
I am trying to remove this virus from my phone but have no luck. Any suggestions?
How do u remove it from an android phone?????????
Ive just got this virus today but its on my samsung galaxy note 10.1 2014 edition. running android 4.4.2 and cant find any help on how to remove it
I have the virus that locks the computer stating it is from "THE DEPARTMENT OF JUSTICE" demanding $300.00 from Money pak. I restarted my computer, tapped F8 clicked on Safe Mode Command Prompt but the same message came up again. How do I get into my desk top computer to make repairs if this keeps coming up blocking me?
I dont know what I did. however I wrote the directions down for several ideas. Lo and worked! So thank you all for your help. You all rock! And if I could remember how I did it. I would tell you. I believe it was mostly what John had to say. Whatever, it worked. Thank you!!!
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)