FBI MoneyPak (scam) - Removal Guide

by Lucia Danes - -   Also known as FBI Green Dot Moneypak virus | Type: Ransomware

FBI MoneyPak Removal Guide

What is FBI MoneyPak?

FBI MoneyPak is a computer threat that locks your PC screen for money extortion purposes

FBI MoneyPak virus

FBI MoneyPak (also known as FBI virus) is one of the earlier versions of malware now known as ransomware. It does not lock user files but instead blocks victims from accessing their PCs fully by locking their screens. Those infected are also unable to call up Windows components that would help to shut down the screenlocker, for example, the Task Manager or Registry Editor.

The main goal of this attack is to convince victims that their computers have been locked by the Federal Bureau of Investigation for allegedly illegal activities performed on the computer. Cybercriminals want users to transfer a specific amount of money (usually between $200 and $300USD) via the MoneyPak financing system that allows complete anonymity of the recipient. Do not pay this fake fine as you will lose your money, and your screen won't be unlocked!

Name FBI MoneyPak
Type Screen-locker, ransomware, scam
Distribution Spam emails, software vulnerabilities, malicious or repacked installers, software cracks, etc.
Functions Locks access to computer functions and shows fraudulent message about allegedly committed crimes by the victim; asks to pay $200 via MoneyPak or more to allegedly unlock the screen and drop all charges
Risks Monetary loss and personal information reveal to cybercriminals
Removal Access Safe Mode as explained below and perform a full system scan with anti-malware software
System fix Use FortectIntego to remediate the computer and fix damaged system files

The message that is provided to users can be very frightening, as many might get immediately concerned about an FBI investigating them. This is precisely the effect that threat actors are going for – to frighten victims and make them pay the requested money.

However, the are multiple flaws within this scam, so it is important not to panic and think rationally. The main reason why scammers have released such a virus is really simple – they expect you to believe that you have been “illegally watching copyrighted content, and now you have to pay a fine through Moneypak service.”

There are several other horrendous crimes that users are accused of, including:

  • Distribution of disturbing pornographic material;
  • Illegal access to a computer (which is ironic, as the computer was locked illegally)
  • Delivery of spam or malicious ads, etc.

The victim is usually asked to go to Walmart or Walgreens stores to make a payment. Please do not do that as you end up losing your money for good and hand it to criminals that fuels their intention to create more malware and infect more innocent people.

There are several different versions of FBI Moneypak or FBI virus that use other alerts and demand $200, not $100, for the fine. They are called the FBI Green Dot Moneypak virus and FBI Virus Black Screen. They have no video recording but use an audio warning that asks to pay the cash and get the code to unlock your computer.

We highly recommend to ignore this forged alert and remove the virus from your computer. For that, access Safe Mode as explained below and perform a full system scan with a powerful anti-malware, such as SpyHunter 5Combo Cleaner. FortectIntego can also be used to fix virus damage done to the computer (it is particularly useful if Windows starts crashing, returning errors, or suffering from other stability issues after the eliminated of the infection).

Propagation properties of screen-locker

This sophisticated intruder gets inside the system via trojan horses that come inside unnoticed by a user and download all the files needed for FBI Moneypak. Also, the virus locks the system down and displays its pop-up message based on misleading information about copyright and related rights law violation.

In fact, it looks almost like a legitimate message displayed by the FBI! However, you must keep in mind that this alert is completely deceitful and wants only to mislead you into spending your $100 to unlock the PC. Instead of that, you should don't waste your time and remove the infection from your computer before it starts additional activity on your computer.

Security experts recommend ignoring all the spam letters and never open attachments that can be found inside them. Also, stop wasting your time with freeware because such programs may also come together with viruses. Finally, always make sure you have reputable anti-virus and anti-spyware programs installed so that they could help you to prevent viruses from infiltrating your PC.

Remove FBI Moneypak and never transfer the requested money

In order to remove this dangerous threat and unlock your computer, you are highly recommended using reputable anti-malware programs, such as SpyHunter 5Combo Cleaner or Malwarebytes, and then use FortectIntego to remediate Windows system files. Besides, if you find yourself completely disabled, follow these steps before you run a full system scan with anti-malware:

  1. Take another machine and use it to download an anti-malware program.
  2. Update the program and put into the USB drive or another external storage device.
  3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
  4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Below you will find detailed instructions on how to access Safe Mode with Networking. However, you should not look for malicious files yourself and rely on professional anti-malware software instead.

Offer
do it now!
Download
Fortect Happiness
Guarantee Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Fortect review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Download SpyHunter 5 Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Malwarebytes
Download | Review | Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
Download Combo Cleaner Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions

Getting rid of FBI MoneyPak. Follow these steps

Scan your system with anti-malware

If you are a victim of ransomware, you should employ anti-malware software for its removal. Some ransomware can self-destruct after the file encryption process is finished. Even in such cases, malware might leave various data-stealing modules or could operate in conjunction with other malicious programs on your device. 

SpyHunter 5Combo Cleaner or Malwarebytes can detect and eliminate all ransomware-related files, additional modules, along with other viruses that could be hiding on your system. The security software is really easy to use and does not require any prior IT knowledge to succeed in the malware removal process.

Repair damaged system components

Once a computer is infected with malware, its system is changed to operate differently. For example, an infection can alter the Windows registry database, damage vital bootup and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software is not capable of doing anything about it, leaving it just the way it is. Consequently, users might experience performance, stability, and usability issues, to the point where a full Windows reinstall is required.

Therefore, we highly recommend using a one-of-a-kind, patented technology of FortectIntego repair. Not only can it fix virus damage after the infection, but it is also capable of removing malware that has already broken into the system thanks to several engines used by the program. Besides, the application is also capable of fixing various Windows-related issues that are not caused by malware infections, for example, Blue Screen errors, freezes, registry errors, damaged DLLs, etc.

  • Download the application by clicking on the link above
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation process Reimage installation
  • The analysis of your machine will begin immediately Reimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically. Reimage results

By employing FortectIntego, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI MoneyPak and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages