Title: FBI Moneypak
Type: Ransomware
Also known as: FBI Green Dot Moneypak virus, FBI virus

Remove FBI Moneypak
Removal instructions

 
Severity scale:FBI Moneypak severity is 97  (97 / 100)
 

FBI Moneypak (can also be found as FBI virus) is a ransomware infection that clearly shows how the bad guys are skillfully improving their techniques while trying to earn more money. This virus not only displays misleading alert looking like a legitimate notification sent by Federal Bureu of Investigation but also locks the system down so that you can't do anything about it. The main reason why scammers have released such virus is really simple – they expect you to believe that you have been 'illegally watching copyrighted content and now you have to pay a 'fine' through Moneypak service'. Victim is usually asked to go to Wallmart or Wallgreens stores to make a payment (see the image below). Before you go and pay, read the details below to make sure that you have a deal with serious cyber infection. We highly recommend not to fall for FBI Moneypak virus because you will only support the online criminals in this way. 

How people get infected with FBI Moneypak?

This sophisticated intruder gets inside the system via trojan horses that come inside unnoticed by a user and download all the files needed for FBI Moneypak. In addition, FBI Moneypak locks the system down and displays its pop-up message based on misleading information about copyright and related rights law violation. In fact, it looks almost like a legitimate message displayed by FBI! However, you must keep in mind that this alert is completely deceitful and wants only to mislead you into spending your $100 to unlock the PC. Instead of that, you should don't waste your time and remove FBI Moneypak from your computer before it starts additional activity on your computer. 

How can I remove FBI Moneypak?

First of all, read how you can avoid getting infected with FBI Moneypak virus: security experts recommend to ignore all the spam letters and never open attachments that can be found inside them. In addition, stop wasting your time with freeware because such programs may also come together with viruses. Finally, always make sure you have reputable anti-virus and anti-spyware programs installed so that they could help you to prevent such viruses like FBI Moneypak.

In order to remove this dangerous threat and unlock your computer, you are highly recommended using reputable anti-malware programs, such as SpyHunterSTOPzilla or Malwarebytes Anti Malware. In addition, if you find yourself completely disabled, follow these steps before you run a full system scan wiith anti-malware:

  1. Take another machine and use it to download STOPzilla, SpyHunter, Malwarebytes Anti Malware or other reputable anti-malware program.
  2. Update the program and put into the USB drive or simple CD.
  3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
  4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Update: There are new versions of FBI Moneypak or FBI virus, that use other alerts and demand $200, not $100, for the fine. They are called FBI Green Dot Moneypak virus and FBI Virus Black Screen. They have no video recording, but use an audio warning that asks to pay the chash and get the Moneypak code to unlock your computer. We highly recommend to ignore this forged alert and remove the virus from your computer. If flash drive methos hasn't been effective, you cal also follow additional information for FBI Moneypak removal:

* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus/FBI Virus Black Screen are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual FBI Moneypak removal (special skills needed!):

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI Moneypak (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter to remove remaining FBI Moneypak virus files.


Automatic FBI Moneypak removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove FBI Moneypak you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall FBI Moneypak. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove FBI Moneypak using SpyHunter, submit question to our support team and provide as much details as possible.
dot
STOPzilla
download
manual required
We are testing STOPzilla's efficiency at removing FBI Moneypak (2012-07-03 07:55:07)
dot
Malwarebytes Anti Malware
download
manual required
We are testing Malwarebytes Anti Malware's efficiency at removing FBI Moneypak (2012-07-03 07:55:07)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing FBI Moneypak (2012-07-03 07:55:07)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing FBI Moneypak (2012-07-03 07:55:07)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove FBI Moneypak
FBI Moneypak snapshot:
FBI Moneypak snapshot

FBI Moneypak manual removal:

Kill processes:
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe
jork_0_typ_col.exe
vsdsrv32.exe
Protector-[rnd].exe
Inspector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%\FBI Moneypak Virus
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%AppData%\vsdsrv32.exe
%AppData%\result.db
%AppData%\jork_0_typ_col.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[random].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe

Geolocation of FBI Moneypak:

This map reveals the prevalence of FBI Moneypak. Countries and regions that have been affected the most are: United States.

QR code for FBI Moneypak removal instructions:

FBI Moneypak qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like FBI Moneypak are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall FBI Moneypak right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.

Removal guides in other languages

Information added: 2013-09-24 06:49:05
Information updated: 2013-09-24 06:49:05

Ask us discussions:

Modern viruses are really hard to remove. They have random file names, random registry entries, they can immitale legal products and files. Removal instructions sometimes can't Help to remove infection manually. Please take a look at our discussion where users like you share they experience in fighting the parasite:

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

3
0
Khanjo
It would be nice if the video actually explained what was going on, or if the instructions told me what im looking for
2
0
Khanjo
HAHAHA im an idiot saw it below, sorry guys/gals, my bad
1
0
edi
Hi my name is edwin and im affected with the moneypak fbi scam how do i remove i cant use any safe mode tho plz help i scared the heck out of me:)
1
0
antmanbee
I must have dodged a bullet. That FBI screen appeared but I had read article just day before about Moneypak so I knew what I was seeing and immediately shut down computer. Restarted...no problems. Same thing with similar extortionware, liveplatinumupdate.
Seems there has to be response on victims part. Attempting to close window is response enough.
Didnt get so lucky with mystartincredibar.
Got that on same day I dodged Moneypak.
Moneypak is also the "pay as you go" type credit card sold at Walgreens that extortionists want victim to purchase . The Tracfone of credit cards.
Thanks for list of files and instructions on how to modify.....
I will pick a few for random search.
See what comes up.
Just in case +
3
0
john
Hey i just got this virus about in hour ago i applied spyware what do i do
0
0
Brittany
Sadly I waited to long to restart my computer and the virus dug in. Its getting harder and harder to get it off. Im trying everything,however Ive heard that u can go to your local news center and they remove the virus for free. I will be trying this and more than likely it will work. So Im actually gonna be looking for ways to keep it off of my computer more so than finding a solution for when it does attack.
0
1
chan
My daughter did her school assignment and suddenly FBI moneypak screen was appeared on screen and computer was locked.
It showed that if you paid $200 your compter will be unlocked. I went to CVS to buy $200 moneypak. But my wife said its something wrong. All computer should be locked if it were crime. I searched the persons who were the same experiences as my computer. It said its virus and someone tried to steal money from me. I was safe and restored my laptop and now everything is okay with my computer. Dont pay or respond anything to the FBI moneypak screen or their request. Its fake. fake........
3
0
JOHN LB
Got it yesterday on my Netbook, tried restore, did not work. Tried other User-IDs and they were not affected. Changed to Admin User-id, ran Norton Scan and PC Matic and virus was gone. Conclusion, FBI Moneypak attaches itself to a specific user-id.
I did not use this PC fort 10 days, so my Norton software was not current and the virus got on it before Norton was updated.
Hope this helps others.
1
0
J V P
For some reason, whenever I start up in safe mode, mycomputer just logs off and shuts down.
0
0
J V P
Ive had the thing for what, 2 months? I thought that when I deleted the cftmon file, that would be the end of my troubles.
0
0
Raybird
I was able to completely get rid of the money pack FBI virus in about 20 minutes
pretty easy

just disable internet radio, then start up PC normal, then run SYSTEM RESTORE in the tools menu

that did it for my PC working good as new
0
0
MDS
I cant even start in any of the safe modes, or access the task manager. I must have some new strain. I just keep ending up at blue screem
0
0
Garrett
Whoa! I went through the same panic you all are experiencing with this! The easy solution that worked for me was this. I, too, could not even start in safe mode. I COULD start only in safe mode with command prompt. I have windows 7. From the command prompt, run a system restore. Type rstrui.exe. Select a time before your got the virus (i selected yesterday, since I just got it tonight). This solved the problem for me. Hopefully it does for you too. Good luck!
1
0
Ken
Lol. I did that too. I almost sh!t my pants. Lol
I only almost sh!t my pants because it was my own computer.
0
0
Karina
Thanks for posting the comment! I started my PC and I got an "FBI alert" I didnt belive it for long and hopped on my phone. Im currently waiting for windows to be restored. Hopefully it works.
0
0
Karina
An update: It worked! Although you didnt mention turning off/ disconnecting internet, I dis that and it worked like new. A few files were gone but was so worth it! Good luck to anyone else with this fustrating virus! (:
0
0
Anthony
I cant access the system restore because it says disc C is infected. So it will not start.
0
2
Jake
Mine is a new strain. Mine says $300 lol. Oh well. Ill have it off in the morning. I will lose files but nothing important. All you have to do is reload windows. We have the repair disks and all the disks that came with our pc. Ill lose photos but thats it. The easiest is to reinstall wondows. Then not only do you install an anti virus, but install avast and spybot. They continually update, and are like a barbed wire fence. After a few months you will have to download the free version of avast again. ALWAYS MAKE BACK UP DISKS BEFORE YOU USE YOUR NEW PC! Life is good and the nigerians didnt score off me. Also 99% of my photos are uploaded to photobucket and on disks. I are not a stupid person. Pissed off maybe but not stupid. I dont watch porn or download illegally. I made the mistake of replying to emails of stuff I sell on Craigslist. Any Craigslist users, should never reply to emails. Either make sure they email a number, or they call you whatever your choice. I also had my email account hacked and massive spam sent out under my name locked my account until I straightened it out. Reinstall windows and be done with it. Thank goodness I have 2 pcs and a laptop.
0
0
BB
Spy hunter will kill it if you can get to safe mode . Make a startup ( boot ) disk while your computer is healthy . ( Win 7 , all prgms , maintainence , youll see the system repair disk link ) , then if you cant get to safe mode , you can shut it down & boot with the disk in so you can run restore . I am using viper anti-virus & it got by that .
0
0
AVL
got infected with the $300 FBI moneypak virus yesterday. I almost belived it for a min but decided to re-inslall windows and got rid of it. going to beef up my security software now. Somebody should track the accounts and beat the crap out of these people!
0
0
pat
Can you reinstall windows in safe mode?
0
1
Jim
Its not that easy to remove, it actully got into my safe mode and after an hour of trying to get safe mode with prompts i got a restore done...5 minutes later the virus attacked again....finally got it and it stayed long enough for verizon to go in and remove it....took him bout 1 and a half hours to clean out...but ALL these files have to be deleted!! again Thanks to verizon premium service who had over 2000 calls about it THAT day
0
0
Jasmine
My phone is infected with this virus but I havent found instructions to remove it from a phone... help!
0
0
S Lear
A quick way of shutting down this virus before it sys on is to use Ctrl-Alt-Delete and, find your Internet browser under the Running Processes list and then click the End Process button. If your using Google Chrome, itll actually crash the page so that you can then close the tab and reload whatever other tabs were in use. Doing it this way, you never need to click anything and therefore no user action causes the virus to download. Quick and easy, albeit annoying.

Post Comment:

Attention: Use this form only if you have additional information about FBI Moneypak parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48599 Subscribers
Ask us
I failed to remove FBI Moneypak using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other