FBI Green Dot Moneypak Virus is a very serious cyber infection that has nothing to do with a governmental organization, which is called FBI. Just like FBI Moneypak or simply FBI virus, it displays an alert that locks computer down and disables victims from loading any of their programs or files. The minute user logs in, his PC goes straight to the Green Dot Moneypak screen and locks the entire system down. Even rebooting to Safe Mode with Networking or Safe Mode to Command Prompt do not help in most of the cases. You must be especially careful if you live in USA because most of the users who have been infected by this threat live this area. However, there are many other versions of this ransomware spreading in Europe as well (be aware about International Police Association (I.P.A.) ransomware, An Garda Siochana virus, Police Central e-crime Unit virus and others).
HOW PEOPLE GET INFECTED WITH FBI GREEN DOT MONEYPAK VIRUS?
FBI Green Dot Moneypak Virus can be downloaded together with other programs or files without any permission asked. This may be fake video codecs, Flash updates or other freeware from the source that is not official. Besides, you should avoid opening spam email attachments as well if you don’t want to get this infection. Right after infiltration, FBI Green Dot Moneypak Virus replaces desktop’s background with large alert which seems to be sent by a governmental agency belonging to the United States Department of Justice. This alert tries to convince you that you have been breaking down various rules and now you have been caught for doing that:
All activity of this computer has been recorded.
If you use a webcam, videos and pictures were saved for identification.You can be clearly identified by resolving your IP address and the associated hostname.Your computer has been locked!I
llegally downloaded materials (MP3’s, Movies or Software) have been located on your computer.By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading of copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine of imprisonment for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded material is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will be automatically unlocked. Failure to adhere to this request could involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the “Submit” button.
Of course, this alert is completely forged and it has nothing to do with legitimate organization. If your computer has also been locked by such FBI warning, you must understand that paying the fine won’t unlock your computer but will only support the owners of this screen locker. In order to bring your PC back to normal, you must unlock your PC first and then remove FBI Green Dot Moneypak virus.
HOW CAN I REMOVE FBI GREEN DOT MONEYPAK VIRUS?
To unlock your computer and get an ability to scan it with decent anti-malware, firstly you must follow these steps:
1. Take another machine and use it to download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with FBI ransomware once more and run a full system scan.
Now scan your computer with Reimage once more to remove all infected files from your PC.
UPDATE: We have alternative FBI Green Dot Moneypak Virus removal instructions. Try following them if flash drive option hasn't been helpful:
* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual FBI Green Dot Moneypak virus removal (special skills needed!):
- Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage to remove remaining FBI Green Dot Moneypak virus files. You can also try using Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.
UPDATE2: FBI Green Dot Moneypak virus has just been updated – now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:
1. Reboot your Android device into Safe Mode:
- Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
- Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.
If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.
2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):
- When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
- Here, look for previously mentioned malicious app(s) and uninstall all of them.
If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:
- Go to Settings -> Security. Here, select Device administrators.
- Here, look for previously mentioned malicious app(s) and uncheck it
- In order to finish the removal of FBI Android virus, select Deactivate and OK.
FBI Green Dot Moneypak Virus manual removal:
Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREFBI Moneypak Virus
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem ‘EnableLUA’ = 0
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionInternet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegedit’= 0
HKEY_CURRENT_USERSoftwareFBI Moneypak Virus
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFBI Moneypak Virus
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotector.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsnet [date of installation]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exeDebugger svchost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exeDebugger svchost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXE
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXEDebugger svchost.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = 0
%Program Files%FBI Moneypak Virus
%Documents and Settings%[UserName]Application Data[random].exe
%Documents and Settings%[UserName]Desktop[random].lnk
%Documents and Settings%All UsersApplication DataFBI Moneypak Virus
%CommonStartMenu%ProgramsFBI Moneypak Virus.lnk
%UserProfile%DesktopFBI Moneypak Virus.lnk