FBI Moneypak  

FBI Moneypak. How to remove? (Uninstall guide)

by ,   Also known as FBI Green Dot Moneypak virus, FBI virus | Type: Ransomware

FBI Moneypak (can also be found as FBI virus) is a ransomware infection that clearly shows how the bad guys are skillfully improving their techniques while trying to earn more money. This virus not only displays misleading alert looking like a legitimate notification sent by Federal Bureu of Investigation but also locks the system down so that you can't do anything about it. The main reason why scammers have released such virus is really simple – they expect you to believe that you have been 'illegally watching copyrighted content and now you have to pay a 'fine' through Moneypak service'. Victim is usually asked to go to Wallmart or Wallgreens stores to make a payment (see the image below). Before you go and pay, read the details below to make sure that you have a deal with serious cyber infection. We highly recommend not to fall for FBI Moneypak virus because you will only support the online criminals in this way. 

How people get infected with FBI Moneypak?

This sophisticated intruder gets inside the system via trojan horses that come inside unnoticed by a user and download all the files needed for FBI Moneypak. In addition, FBI Moneypak locks the system down and displays its pop-up message based on misleading information about copyright and related rights law violation. In fact, it looks almost like a legitimate message displayed by FBI! However, you must keep in mind that this alert is completely deceitful and wants only to mislead you into spending your $100 to unlock the PC. Instead of that, you should don't waste your time and remove FBI Moneypak from your computer before it starts additional activity on your computer. 

How can I remove FBI Moneypak?

First of all, read how you can avoid getting infected with FBI Moneypak virus: security experts recommend to ignore all the spam letters and never open attachments that can be found inside them. In addition, stop wasting your time with freeware because such programs may also come together with viruses. Finally, always make sure you have reputable anti-virus and anti-spyware programs installed so that they could help you to prevent such viruses like FBI Moneypak.

In order to remove this dangerous threat and unlock your computer, you are highly recommended using reputable anti-malware programs, such as SpyHunterSTOPzilla or Malwarebytes Anti Malware. In addition, if you find yourself completely disabled, follow these steps before you run a full system scan wiith anti-malware:

  1. Take another machine and use it to download STOPzilla, SpyHunter, Malwarebytes Anti Malware or other reputable anti-malware program.
  2. Update the program and put into the USB drive or simple CD.
  3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
  4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Update: There are new versions of FBI Moneypak or FBI virus, that use other alerts and demand $200, not $100, for the fine. They are called FBI Green Dot Moneypak virus and FBI Virus Black Screen. They have no video recording, but use an audio warning that asks to pay the chash and get the Moneypak code to unlock your computer. We highly recommend to ignore this forged alert and remove the virus from your computer. If flash drive methos hasn't been effective, you cal also follow additional information for FBI Moneypak removal:

* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus/FBI Virus Black Screen are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual FBI Moneypak removal (special skills needed!):

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI Moneypak (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter to remove remaining FBI Moneypak virus files.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
SpyHunter - remover Happiness
Compatible with Microsoft Windows
What to do if failed? If you failed to remove infection using Webroot SecureAnywhere AntiVirus SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.
SpyHunter is recommended to uninstall FBI Moneypak. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of SpyHunter malware removal tool.

More information about this program can be found in SpyHunter review.

If you decided to select another anti-spyware, uninstall SpyHunter from your computer.
more than 40.000.000 downloads!
Webroot SecureAnywhere AntiVirus is recommended remover to uninstall FBI Moneypak. You should confirm using free trial that it detects current version of parasite.
Not using OS X? Download a remover for Windows.
Alternate Software
We are testing STOPzilla's efficiency (2014-10-16 01:40)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2014-10-16 01:40)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency (2014-10-16 01:40)
Defender Pro Ultimate
FBI Moneypak screenshot
FBI Moneypak snapshot

FBI Moneypak manual removal

Kill processes:
Delete registry values:
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:

Delete files:
%Program Files%\FBI Moneypak Virus
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%UserProfile%\Desktop\FBI Moneypak Virus.lnk

Geolocation of FBI Moneypak

Map reveals the prevalence of FBI Moneypak. Countries and regions that have been affected the most are: United States.

Removal guides in other languages

Information updated:

Comments on FBI Moneypak

S Lear
A quick way of shutting down this virus before it sys on is to use Ctrl-Alt-Delete and, find your Internet browser under the Running Processes list and then click the End Process button. If your using Google Chrome, itll actually crash the page so that you can then close the tab and reload whatever other tabs were in use. Doing it this way, you never need to click anything and therefore no user action causes the virus to download. Quick and easy, albeit annoying.
Good suggestion. I too have used the task manager to fix this. I just click on applications in the task manager, select the application referring to the virus and right click and end process. Reboot. I have run a virus scan afterwards but nothing ever shows up.
My phone is infected with this virus but I havent found instructions to remove it from a phone... help!
Its not that easy to remove, it actully got into my safe mode and after an hour of trying to get safe mode with prompts i got a restore done...5 minutes later the virus attacked again....finally got it and it stayed long enough for verizon to go in and remove it....took him bout 1 and a half hours to clean out...but ALL these files have to be deleted!! again Thanks to verizon premium service who had over 2000 calls about it THAT day
Next time just bring up the task manager (Ctrl, shift, esc.) Select applications, right click the application referring to the virus and "end process". Reboot. Its really that easy.
Can you reinstall windows in safe mode?
got infected with the $300 FBI moneypak virus yesterday. I almost belived it for a min but decided to re-inslall windows and got rid of it. going to beef up my security software now. Somebody should track the accounts and beat the crap out of these people!
Spy hunter will kill it if you can get to safe mode . Make a startup ( boot ) disk while your computer is healthy . ( Win 7 , all prgms , maintainence , youll see the system repair disk link ) , then if you cant get to safe mode , you can shut it down & boot with the disk in so you can run restore . I am using viper anti-virus & it got by that .
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)
Like us on Facebook