Remove FBI virus
Removal instructions

Severity scale:  
  (100/100)
FBI virus is also known as MoneyPack ransomware | Type: Ransomware | Tags: Ukash

FBI virus is a sneaky malware, which can get into its target computer undetected with a help of Trojan.LockScreen. As soon as it gets inside, this scamware presents itself as 'The FBI Federal Bureau Investigation' and shows an aggressively-designed alert. This alert claims that computer is blocked regarding to the Copyright and Related Rights Law violation and other seriously-looking reasons. Unfortunately, if you found yourself blocked by a program, which tells that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you must ignore such alert. That's because it means that your PC is infected. Remember, this program is distributed by scammers only for swindling your and other people's money, so you must remove FBI virus immediately after detection! Beware that security experts expect this group of ransomware to grow and improve in the future..

HOW CAN FBI VIRUS INFECT MY COMPUTER?

This infection gets inside the system through security vulnerabilities that appear as soon as people forget to take care of their computers' security. If you don't use security software or don't update it, you can also run into this virus one day. Of course, you must always think about safe browsing and avoid suspicious downloads that are actively offered on the Internet right now. The biggest issue, which is caused by this ransomware, is that it has ability to block the system, 'lock' it down and disable all programs that are kept on it. In order to 'unlock' it, FBI virus offers to pay the fine through MoneyPak or other prepayment systems. Of course, as you must have already understood, you must never pay this $100 fine if you don't want to support those scammers who are collecting these fines.

FBI VIRUS VERSIONS:

FBI Moneypak: This ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is accused for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100  fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.

FBI Green Dot Moneypak Virus: This ransomware locks the whole system down and displays a fake alert with FBI, Moneypak and McAfee logos. A miselading message, which belongs to this threat, claims that Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.

FBI Virus Black Screen: This ransomware from the FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen and system's lock down. It will similarly claim that you have been caught for law violations and will accuse you for visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.

FBI Online Agent: This ransomware also uses the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse victim for committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of the terrorism into the list of the crimes that are reported into this misleading warning.

FBI Cybercrime Division virus: That's the dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos. 

FBI PayPal virus: This ransomware is not related in any way to Federal Bureau of Investigation . As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC. In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.

FBI Department of Defense virus: This is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer. The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!

White Screen FBI virus: This is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly. However, you may also receive a huge warning from FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore warning that belongs to White Screen FBI virus and never pay any money or provide any personal information.

FBI Computer Crime and Intellectual Property Section virus: This is a dangerous ransomware that occupies entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons. Just like previous versions, it claims that computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.

FBI System Failure virus: FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine. This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such warning, you must ignore it and use anti-malware software to remove malicious files from the system. 

HOW CAN I REMOVE FBI VIRUS?

In order to remove FBI virus, you should firstly unlock your computer. For that, we recommend using another PC that has an Internet connection and following the steps listed bellow:

1. Take another machine and use it to download SpyHunter or other reputable anti-malware program. You can also try downloading STOPzilla or Malwarebytes Anti Malware.

2. Update the program and put into the USB drive or simple CD.

3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.

4. Reboot computer infected with virus once more and run a full system scan.

UPDATE: Be aware about the new versions of FBI virus, that are called FBI Green Dot Moneypak virusFBI Virus Black Screen and FBI Online Agent. They have been clearly designed to get more money from its victims, so they show a warning asking $200, not $100, to be payed through MoneyPak prepayment system. To remove these versions completely, run a full system scan with updated anti-virus/anti-malware program. In order to unlock your PC, use the steps given above and follow additional information:

* Users infected with FBI group of viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual FBI virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter to remove remaining files.

This video guide shows how to remove FBI virus. However, there might be some differences in its removal because of diffrent systems and versions of the parasite. Use the auto-removal process to remove the infection easily.

FBI virus video guide



Automatic FBI virus removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove FBI virus you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
remover for FBI virus Happiness
Guarantee
Compatible with Microsoft
SpyHunter is recommended remover to uninstall FBI virus. You should confirm using free trial that it detects current version of parasite.
more than 40.000.000 downloads!
What to do if you failed to remove the infection?
If you failed to remove FBI virus using SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.

Alternate Software

STOPzilla
We are testing STOPzilla's efficiency at removing FBI virus (2012-06-18 09:51:30)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing FBI virus (2012-06-18 09:51:30)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency at removing FBI virus (2012-06-18 09:51:30)
Defender Pro Ultimate
We are testing Defender Pro Ultimate's efficiency at removing FBI virus (2012-06-18 09:51:30)
Virus Removal Phone Support
1-877-657-9614
Help Line to remove FBI virus

FBI virus screenshot

FBI virus manual removal

Kill processes:
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe
jork_0_typ_col.exe
vsdsrv32.exe
Protector-[rnd].exe
Inspector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%\FBI Moneypak Virus
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%AppData%\vsdsrv32.exe
%AppData%\result.db
%AppData%\jork_0_typ_col.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[random].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe

Geolocation of FBI virus

This map reveals the prevalence of FBI virus. Countries and regions that have been affected the most are: United States, Indonesia, India, Canada and Mexico.

QR code for FBI virus removal instructions

FBI virus qrcode QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like FBI virus are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall FBI virus right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.

Removal guides in other languages

Information added: 2014-07-08 06:57
Information updated: 2014-07-08 06:57

Ask us discussions

Modern viruses are really hard to remove. They have random file names, random registry entries, they can immitale legal products and files. Removal instructions sometimes can't Help to remove infection manually. Please take a look at our discussion where users like you share they experience in fighting the parasite:

5

How to disable FBI virus warning?

-
1

What should I know about FBI MoneyPak/FBI virus removal?

-
4

Help me to unblock PC from FBI Green Dot Moneypak virus!

-
2

SpyHunter fails to remove FBI Moneypak/FBI virus, help!

-
1

FBI Virus elimination guide

-
7

How to unblock PC from FBI Moneypak/FBI virus

-
3

Need to banish FBI MoneyPak, help!

-
2

How to fix my PC after FBI virus infiltration?

-
2

Need your help to erase FBI Virus!

-
2

Need to fix my PC after FBI Green Dot Moneypak virus/FBI virus infiltration

-
2

How to eliminate FBI virus? Cannot activate SpyHunter 4!

-
2

Need to kill FBI Green Dot MoneyPak virus

-
2

Want to opt out FBI virus, help!

-
2

Stop ilqoxken.exe if you want to get rid of FBI virus

-
1

Fbi Green Dot Moneypak virus fix question

-
2

FBI Green Dot Moneypak virus elimination guide

-
2

What do I do? I see Error 1401 when trying to stop FBI Cybercrime Division virus

-
3

Help! Need to disable FBI virus!

-
1

Need a guide to delete FBI Moneypak

-
3

Fixing FBI Green Dot Moneypak virus

-
1

IP address useable once computer infected by FBI virus?

-
4

Is new Bitdefender 2013 Plus good to protect against FBI virus?

-
1

How to eliminate FBI virus?

-
1

Eliminating FBI Virus on my wife's computer

-
3

Trying to get rid of fbi 300 moneypak virus, help!

-
2

Can't find a way to uninstall FBI virus

-
1

How can I get rid of fbi scam??

-
1

FBI Virus removal from Linux

-
1

I think my computer is infected with FBI Virus, help!

-
1

Can FBI virus attach itself to the router?

-
4

How to get rid of FBI Virus scam?

-

Additional resources

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Users comments about FBI virus:

15
3
Jim
I had this and found it in the start menu. I WENT INTO SAFE MODE ANF REMOVED. Now its booting up and working fine.
0
3
Jack
Whats it called?
6
2
Greg
After rebooting my computer, I constantly clicked my Monzilla Firefox icon and got it to open ahead of the FBI malware. I did a system restore to a date that preceded the attack and everything has been operating fine since then. Nasty little virus go-go away.
5
2
Rick
I downloaded the trial version of malwarebytes. It scanned my comp, and removed the virus successfully.
3
4
Chrism
Rick,
I did the same thing, but I did NOT buy the software, and guess what? Its back, I will be buying the program this time you can bet.
2
3
Strange but works
just throwing this out their. I downloaded pinnaclegamerprofile or something for game controllers on pc...point is it somehow intersects it. you must logoff and then cancel the logoff because the pinnaclegamerprofile gets stuck; and it actually gets rid of it, well for now until you take action. point is if you cant get rid of it, download that program it helps, but youll still see it upon every boot up
4
1
GS
Free version of malwarebytes did it for me too.
2
2
michael Walling
It has changed....now unable to bypass it in safe mode. Also the comouter infected did not have and admin password on it before infection...now it does and therefore cannot use somfunctions needed to delete virus
2
3
Jeanne
Malwarebytes worked for me
0
1
scott
ctrl+alt+delete, log off, wait until it closes the "Virus" then scaned with my anti-virus, took it off.
0
3
maureen
So, this happened while my husbad was on the computer and they did a visus scan and a reboot scan and the virus is still on the computer and completely locked up. I cannot access SafeMode so now not sure what to do! I can load that SpyHunter onto a CD or USB, but I cannot get to the program to run it. The computer only shows icons, cannot open Start, cannot go into an icon, cannot go onto the web....nothing! Help!!
4
3
harry
it really work in less than 15 min.
6
3
Chuck
An updated version of Malwarebytes running in Safe Mode will find, isolate and destroy the FBI virus. It has to be run in the "Full Scan" mode though. Then reboot as normal and you should be okay.
3
2
Alexandre
I just boot and after entering on windows press Ctrl ...Alt...Del comes up the task manager window, 2 our 3 second s later the FBI warning starts and you will see on the task manager the ename of the file...after that press the power button till power off, start and boot again press F8 and boot from command prompt, search for the file ..........windows dir *.exe ,you will see all the execs files ....search for yours and delete.
3
4
Meme
I downloaded the trial version of malwarebytes, updated it. started in safe mode, It scanned my comp. Did not remove virus -Help
1
2
Dominic
Just fixed my dads laptop after he got infected wit his virus.
Use the free version of Malwarebytes, update the virus definitions and do a full scan.
Also make sure you run the scan while the computer is in safe mode.
Hope this helps.
6
1
Anthony
Hi, recently been affected by the virus. I tried Malware did not work! What did was pressing F8 during startup of system so i can see the Safe Mode Options, click Repair the system, and do a system restore well before the attack happened. Been fine since....
0
2
sanju
safemode with networking and download malwarebites and then run the files deleate the virus issue fixed..
2
1
Joe
Ctrl Alt Del to switch users to someone else on that computer who has admin. rights. Google ComboFix.exe and download it. Run it and if it asks for an update let it update, so you have the most recent version. Let it run, sometimes is doesnt seem like it is doing anything, but it will pop up a few windows. It will then run a scan, which takes about 10 to 15 mins, it will pop up a log of information for you, which it will also save for you. It will need to reboot your system, and then you should be fine.
1
1
Adam
Got it yesterday and downloaded the malwarebytes and it couldnt find the virus.... I think its changed names... I had to do a system restore to a previous point...
More comments...

Post Comment

Attention: Use this form only if you have additional information about FBI virus parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)
Like us on Facebook
News
Subscribe
Ask us
Parasites
Tags
Files
What's your antispyware?
Compare
I failed to remove FBI virus using SpyHunter.

Email


Close
add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!