Severity scale:  

FBI Green Dot Moneypak Virus. How to remove? (Uninstall guide)

by ,
Also known as FBI Moneypak | Type: Ransomware | Tags: Ukash
SpyHunter is a tool to detect malware. You need to purchase full version to remove infections.
More information about SpyHunter and steps to uninstall.

FBI Green Dot Moneypak Virus is a very serious cyber infection that has nothing to do with a governmental organization, which is called FBI. Just like FBI Moneypak or simply FBI virus, it displays an alert that locks computer down and disables victims from loading any of their programs or files. The minute user logs in, his PC goes straight to the Green Dot Moneypak screen and locks the entire system down. Even rebooting to Safe Mode with Networking or Safe Mode to Command Prompt do not help in most of the cases. You must be especially careful if you live in USA because most of the users who have been infected by this threat live this area. However, there are many other versions of this ransomware spreading in Europe as well (be aware about International Police Association (I.P.A.) ransomwareAn Garda Siochana virus,  Police Central e-crime Unit virus and others). 


FBI Green Dot Moneypak Virus can be downloaded together with other programs or files without any permission asked. This may be fake video codecs, Flash updates or other freeware from the source that is not official. Besides, you should avoid opening spam email attachments as well if you don’t want to get this infection. Right after infiltration, FBI Green Dot Moneypak Virus replaces desktop’s background with large alert which seems to be sent by a governmental agency belonging to the United States Department of Justice. This alert tries to convince you that you have been breaking down various rules and now you have been caught for doing that:

All activity of this computer has been recorded.
If you use a webcam, videos and pictures were saved for identification.You can be clearly identified by resolving your IP address and the associated hostname.Your computer has been locked!I
llegally downloaded materials (MP3’s, Movies or Software) have been located on your computer.By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading of copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine of imprisonment for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded material is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will be automatically unlocked. Failure to adhere to this request could involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the “Submit” button.

Of course, this alert is completely forged and it has nothing to do with legitimate organization. If your computer has also been locked by such FBI warning, you must understand that paying the fine won’t unlock your computer but will only support the owners of this screen locker. In order to bring your PC back to normal, you must unlock your PC first and then remove FBI Green Dot Moneypak virus.


To unlock your computer and get an ability to scan it with decent anti-malware, firstly you must follow these steps:

1. Take another machine and use it to download SpyHunterSTOPzilla or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Now scan your computer with SpyHunter once more to remove all infected files from your PC.

UPDATE: We have alternative FBI Green Dot Moneypak Virus removal instructions. Try following them if flash drive option hasn't been helpful:

* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual FBI Green Dot Moneypak virus removal (special skills needed!):

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter to remove remaining FBI Green Dot Moneypak virus files. You can also try using STOPzilla or Malwarebytes Anti Malware.

UPDATE2: FBI Green Dot Moneypak virus has just been updated - now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps: 

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding MenuVolume DownVolume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
remover for FBI Green Dot Moneypak Virus
Compatible with OS X
Webroot SecureAnywhere AntiVirus is recommended remover to uninstall FBI Green Dot Moneypak Virus. You should confirm using free trial that it detects current version of parasite.
Not using OS X? Download a remover for Windows.
Do it now!
remover for FBI Green Dot Moneypak Virus Happiness
Compatible with Microsoft Microsoft Windows logo
SpyHunter is recommended to uninstall FBI Green Dot Moneypak Virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of SpyHunter malware removal tool. More information about this program can be found in SpyHunter review. If you decided to select another anti-spyware, uninstall SpyHunter from your computer.
more than 40.000.000 downloads!
What to do if failed? If you failed to remove infection using Webroot SecureAnywhere AntiVirus SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.
Alternate Software
We are testing STOPzilla's efficiency (2015-01-27 02:11)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2015-01-27 02:11)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency (2015-01-27 02:11)
Defender Pro Ultimate
Virus Removal Phone Support
FBI Green Dot Moneypak Virus screenshot

FBI Green Dot Moneypak Virus manual removal

Kill processes:
Delete registry values:
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:

Delete files:
%Program Files%\FBI Moneypak Virus
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%UserProfile%\Desktop\FBI Moneypak Virus.lnk

Geolocation of FBI Green Dot Moneypak Virus

Map reveals the prevalence of FBI Green Dot Moneypak Virus. Countries and regions that have been affected the most are: United States.

Removal guides in other languages

Information updated:

Comments on FBI Green Dot Moneypak Virus

My 6 yr old daughters Kindle now has this virus. How do you get rid of the virus if its on a Kindle?
Next time you will pay extra for a Macbook computer or Mac Desktop. This type of shit never happens.
that all sounds good but lets not make it to hard for people who don’t know computers unplug your internet restart your computer no internet it wont lock it up you will boot like always run your spywear programs cc cleaner spybot search and destroy or advance system care that will kill it turn your computer off plug in youe internet and away you go the bad thing is if you don’t have these cleaners or some sort of cleaner then you do need to do a format and clean install so un plug internet clean it and restart hope this helps and malwarebytes is great
Michael Brinson
cant remove FBI money pac virus from my galaxy s5
I just did a factory reset. (hard reset holding down the volume key the side button on the right and the bottom button on the face of the phone close) follow the prompts. In your phone and go to factory reset and youre going to lose everything that you downloaded but youll find it in your Google Play and backups and then I reformat the SD card havent had a problem since
I am trying to remove this virus from my phone but have no luck. Any suggestions?
How do u remove it from an android phone?????????
Ive just got this virus today but its on my samsung galaxy note 10.1 2014 edition. running android 4.4.2 and cant find any help on how to remove it
I have the virus that locks the computer stating it is from "THE DEPARTMENT OF JUSTICE" demanding $300.00 from Money pak. I restarted my computer, tapped F8 clicked on Safe Mode Command Prompt but the same message came up again. How do I get into my desk top computer to make repairs if this keeps coming up blocking me?
I dont know what I did. however I wrote the directions down for several ideas. Lo and worked! So thank you all for your help. You all rock! And if I could remember how I did it. I would tell you. I believe it was mostly what John had to say. Whatever, it worked. Thank you!!!
Have tried about everything and cant get in my computer in any mode before the virus pops up. Does anyone know a fix for this without being able to open windows?
To anyone that knows the answer i got a similar virus but was using campus pc on network. I just hit the power button on and off and everything worked it seemed ok. Is it gone?
Prior to reading this forum, I had attempted to boot up my computer in plain safe mode, and now when I turn on my computer, my screen is completely black. I tried pressing F8 (repeatedly) as soon as I turn my computer on but nothing happens. My computer just sits powered on with a black screen. Any suggestions? Am I totally screwed now?
Thanks a lot it worked....................
you can also bypass this thing by logging in as guest. if you dont have it. start in safe mode and add guest user . you can do this by ( while in safe mode) opening control panel, open administrative tools, manage another account , turn on guest accounts. trying to do a restore point while logged in at safe mode (as administrator) would automaticaly shut down . or even search for any of the files or processes. would result in auto shut down also. so go in as guest and do what ya need to -restore to previous point , download maleware ....etc.
Best to spend the money and have a computer store remove it. Restore loses a lot of data. Friend of mine has it and he is shut down with many grants written to be sent asap, restore will lose all that work. He watches porn, best advice, dont go to porn sites.

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)
Like us on Facebook