Severity scale:  
  (95/100)

FBI Green Dot Moneypak Virus. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as FBI Moneypak | Type: Ransomware

FBI Green Dot Moneypak Virus – is a fake message that tries to make users believe that they have to pay to the FBI

FBI Green Dot Moneypak Virus
FBI Green Dot Moneypak Virus is a screen-locker that demands $200+ payment via Green Dot Moneypak service

Questions about FBI Green Dot Moneypak Virus

Green Dot MoneyPak virus is malware[1] that targets Windows computers and tries to extort money out of its victims. The malicious software displays a bogus message on the locked-up screen, which may look legitimate to inexperienced users. According to the fake instructions, the only way to unlock the machine is to pay up to the FBI – one of the major investigation agencies in the world. Even entering Safe Mode with Networking would not get rid of the screen-locker; thus, users may be tempted to pay criminals using Green Dot MoneyPak service which allows the money transfer to remain anonymous.

SUMMARY
Name FBI Green Dot MoneyPak virus
Alternative names Green Dot Moneypak Virus, Moneypak virus
Similar threats FBI virus
Type Ransomware, screen-locker
AV detection
  • Win32:Adware-gen
  • Generic6.CBOZ
  • Trojan.Amonetize.6373
  • Win32/Adware.OffersWizard.A application
Demanded payment $200 – $400
Symptoms Locked up screen, no access to any Windows functions
Distribution Spam emails, malicious sites, etc.
Elimination Download and install Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

The reason why computer gets locked up is due to Trojan Reveton. The Moneypak virus is deemed to be ransomware, as it holds computer hostage until the payment is made. However, typical ransomware, like Cerber, Locky or Dharma, locks up personal files instead of the computer and demands ransom for the decryption key. Another major difference is that ransomware authors request payment in Bitcoins which can be transferred anonymously into a specific wallet. Nevertheless, the goal of both types of cyber crooks is the same – to steal money from victims.

Green Dot Moneypak virus spreads using contaminated file attachments, via malicious websites, or as repacked or cracked[2] software executables. As soon as in enters the targeted machine, it makes certain changes to Windows Registry, allowing it to gain boot persistence. It also abuses Windows feature to hide file extensions. Nevertheless, the only way to remove FBI Green Dot Moneypak virus is by using a sophisticated anti-malware software, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

Residents of the USA should be particularly careful, as it affects users who live in that area. Nevertheless, users in Europe should be careful as well, as non-USA versions has been spotted – International Police Association (I.P.A.) ransomware, An Garda Siochana virus, Police Central e-crime Unit virus and others.

What makes this virus so believable, is that has an official FBI seal, the warning that the computer has been locked due to “violation of copyright law,” a very detailed instructions (and also scary warnings – like three years prison sentence or huge fine) of what happened, and the IP address. What is more, hackers warn users that the picture of their face was taken, if the camera is connected to the PC. Ok, sounds really scary.

But all you have to do is just calm down, think for a minute and realize that there is something wrong:

  • The FBI does not send personal emails or messages to regular users
  • Even if you downloaded illegal software, you could not simply pay yourself off – there have to be official documents of the fine, etc.
  • The FBI would not lock your computer out of the blue. In worst case scenario they would take it away physically

Thus, do not pay any fines, as it is a scam. Furthermore, victims who pay do not regain the operation of their computers. Therefore, if your machine is locked, you need to perform full FBI Green Dot MoneyPak virus removal either by using security software or System Restore function.

Green Dot Moneypak ransomware
Green Dot Moneypak Virus - a fake popup that pretends to be from the FBI. The message threatens with fines and jail sentences

Ways to protect yourself from computer infections

Ransomware and other dangerous infections typically enter machines via contaminated spam email attachments or links to malicious sites. Perpetrators use phishing emails sent by bots to convince users to open the attachment or click on the hyperlink. The example of a phishing email:

Dear Customer,

Please see attached invoice for $3150. The payment needs to be processed ASAP.

Crooks typically use well-known companies' names to make scams more believable. Nevertheless, look for grammar or spelling errors, strange formatting, email address, etc. Once you get to see more phishing email examples,[3] it will be much easier to determine which message is fake.

The malicious payload can also enter your computer via fake software updates on questionable sites, malicious programs downloaded from file-sharing or torrent sites, social networks, messaging apps and similar. Finally, reputable security software should be employed at every machine which is connected to the internet.

Remove MoneyPak virus from your computer permanently

Security experts[4] note that Green Dot MoneyPak virus removal might be difficult simply because malware uses a sophisticated encryption code. Although manual elimination is technically possible, we do not suggest regular users undertake this procedure.

You have to employ powerful security software, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes, and run a full system scan while in Safe Mode with Networking. Nevertheless, many users noted that this method does not work, and the screen stays locked even in Safe Mode. In that case, you should try to enter Safe Mode with Command Prompt to use System Restore function to remove FBI Green Dot MoneyPak malware. You can find all the instructions below.

FBI Green Dot MoneyPak virus is also capable of locking Android devices

FBI Green Dot Moneypak is used on Android
The virus has also been spotted attacking Android devices

FBI Green Dot Moneypak virus has been updated – it is now capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters the OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:

1. Reboot your Android device into Safe Mode:

  • Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  • Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  • When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  • Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:

  • Go to Settings -> Security. Here, select Device administrators.
  • Here, look for previously mentioned malicious app(s) and uncheck it
  • In order to finish the removal of FBI Android virus, select Deactivate and OK.

Offer
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

FBI Green Dot Moneypak Virus manual removal:

Kill processes:
tpl_0_c.exe

ch810.exe

0_0u_l.exe

[random].exe

jork_0_typ_col.exe

vsdsrv32.exe

Protector-[rnd].exe

Inspector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun[random].exe

HKEY_LOCAL_MACHINESOFTWAREFBI Moneypak Virus

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegistryTools’ = 0

HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem ‘EnableLUA’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionInternet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegedit’= 0

HKEY_CURRENT_USERSoftwareFBI Moneypak Virus

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ‘Inspector’

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFBI Moneypak Virus

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotector.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunInspector %AppData%Protector-[rnd].exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnOnHTTPSToHTTPRedirect 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsID 4

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsUID [rnd]

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsnet [date of installation]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorAdmin 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorUser 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemEnableLUA 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXE

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXEDebugger svchost.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = 0

Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%FBI Moneypak Virus

%AppData%Protector-[rnd].exe

%AppData%Inspector-[rnd].exe

%AppData%vsdsrv32.exe

%AppData%result.db

%AppData%jork_0_typ_col.exe

%appdata%[random].exe

%Windows%system32[random].exe

%Documents and Settings%[UserName]Application Data[random].exe

%Documents and Settings%[UserName]Desktop[random].lnk

%Documents and Settings%All UsersApplication DataFBI Moneypak Virus

%CommonStartMenu%ProgramsFBI Moneypak Virus.lnk

%Temp%_0u_l.exe

%Temp%[random].exe

%StartupFolder%wpbt0.dll

%StartupFolder%ctfmon.lnk

%StartupFolder%ch810.exe

%UserProfile%DesktopFBI Moneypak Virus.lnk

WARNING.txt

V.class

cconf.txt.enc

tpl_0_c.exe

To remove FBI Green Dot Moneypak virus, follow these steps:

Remove FBI Green Dot Moneypak using Safe Mode with Networking

To enable security software, enter Safe Mode with Networking using the following steps:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove FBI Green Dot Moneypak

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete FBI Green Dot Moneypak removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove FBI Green Dot Moneypak using System Restore

You can also get rid of FBI Green Dot MoneyPak virus by using System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI Green Dot Moneypak. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that FBI Green Dot Moneypak removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI Green Dot Moneypak and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

References

Removal guides in other languages