FBI Green Dot Moneypak Virus (Removal Guide) - updated Jun 2018
FBI Green Dot Moneypak virus Removal Guide
What is FBI Green Dot Moneypak Virus?
FBI Green Dot Moneypak Virus – is a fake message that tries to make users believe that they have to pay to the FBI
FBI Green Dot Moneypak Virus is a screen-locker that demands $200+ payment via Green Dot Moneypak service
Green Dot MoneyPak virus is malware[1] that targets Windows computers and tries to extort money out of its victims. The malicious software displays a bogus message on the locked-up screen, which may look legitimate to inexperienced users. According to the fake instructions, the only way to unlock the machine is to pay up to the FBI – one of the major investigation agencies in the world. Even entering Safe Mode with Networking would not get rid of the screen-locker; thus, users may be tempted to pay criminals using Green Dot MoneyPak service which allows the money transfer to remain anonymous.
SUMMARY | |
Name | FBI Green Dot MoneyPak virus |
Alternative names | Green Dot Moneypak Virus, Moneypak virus |
Similar threats | FBI virus |
Type | Ransomware, screen-locker |
AV detection |
|
Demanded payment | $200 – $400 |
Symptoms | Locked up screen, no access to any Windows functions |
Distribution | Spam emails, malicious sites, etc. |
Elimination | Download and install FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes |
The reason why computer gets locked up is due to Trojan Reveton. The Moneypak virus is deemed to be ransomware, as it holds computer hostage until the payment is made. However, typical ransomware, like Cerber, Locky or Dharma, locks up personal files instead of the computer and demands ransom for the decryption key. Another major difference is that ransomware authors request payment in Bitcoins which can be transferred anonymously into a specific wallet. Nevertheless, the goal of both types of cyber crooks is the same – to steal money from victims.
Green Dot Moneypak virus spreads using contaminated file attachments, via malicious websites, or as repacked or cracked[2] software executables. As soon as in enters the targeted machine, it makes certain changes to Windows Registry, allowing it to gain boot persistence. It also abuses Windows feature to hide file extensions. Nevertheless, the only way to remove FBI Green Dot Moneypak virus is by using a sophisticated anti-malware software, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
Residents of the USA should be particularly careful, as it affects users who live in that area. Nevertheless, users in Europe should be careful as well, as non-USA versions has been spotted – International Police Association (I.P.A.) ransomware, An Garda Siochana virus, Police Central e-crime Unit virus and others.
What makes this virus so believable, is that has an official FBI seal, the warning that the computer has been locked due to “violation of copyright law,” a very detailed instructions (and also scary warnings – like three years prison sentence or huge fine) of what happened, and the IP address. What is more, hackers warn users that the picture of their face was taken, if the camera is connected to the PC. Ok, sounds really scary.
But all you have to do is just calm down, think for a minute and realize that there is something wrong:
- The FBI does not send personal emails or messages to regular users
- Even if you downloaded illegal software, you could not simply pay yourself off – there have to be official documents of the fine, etc.
- The FBI would not lock your computer out of the blue. In worst case scenario they would take it away physically
Thus, do not pay any fines, as it is a scam. Furthermore, victims who pay do not regain the operation of their computers. Therefore, if your machine is locked, you need to perform full FBI Green Dot MoneyPak virus removal either by using security software or System Restore function.
Green Dot Moneypak Virus - a fake popup that pretends to be from the FBI. The message threatens with fines and jail sentences
Ways to protect yourself from computer infections
Ransomware and other dangerous infections typically enter machines via contaminated spam email attachments or links to malicious sites. Perpetrators use phishing emails sent by bots to convince users to open the attachment or click on the hyperlink. The example of a phishing email:
Dear Customer,
Please see attached invoice for $3150. The payment needs to be processed ASAP.
Crooks typically use well-known companies' names to make scams more believable. Nevertheless, look for grammar or spelling errors, strange formatting, email address, etc. Once you get to see more phishing email examples,[3] it will be much easier to determine which message is fake.
The malicious payload can also enter your computer via fake software updates on questionable sites, malicious programs downloaded from file-sharing or torrent sites, social networks, messaging apps and similar. Finally, reputable security software should be employed at every machine which is connected to the internet.
Remove MoneyPak virus from your computer permanently
Security experts[4] note that Green Dot MoneyPak virus removal might be difficult simply because malware uses a sophisticated encryption code. Although manual elimination is technically possible, we do not suggest regular users undertake this procedure.
You have to employ powerful security software, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes, and run a full system scan while in Safe Mode with Networking. Nevertheless, many users noted that this method does not work, and the screen stays locked even in Safe Mode. In that case, you should try to enter Safe Mode with Command Prompt to use System Restore function to remove FBI Green Dot MoneyPak malware. You can find all the instructions below.
FBI Green Dot MoneyPak virus is also capable of locking Android devices
The virus has also been spotted attacking Android devices
FBI Green Dot Moneypak virus has been updated – it is now capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters the OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:
1. Reboot your Android device into Safe Mode:
- Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
- Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.
If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.
2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):
- When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
- Here, look for previously mentioned malicious app(s) and uninstall all of them.
If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:
- Go to Settings -> Security. Here, select Device administrators.
- Here, look for previously mentioned malicious app(s) and uncheck it
- In order to finish the removal of FBI Android virus, select Deactivate and OK.
Getting rid of FBI Green Dot Moneypak virus. Follow these steps
Manual removal using Safe Mode
To enable security software, enter Safe Mode with Networking using the following steps:
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Remove FBI Green Dot Moneypak using System Restore
You can also get rid of FBI Green Dot MoneyPak virus by using System Restore:
-
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
-
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI Green Dot Moneypak. After doing that, click Next.
- Now click Yes to start system restore.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from FBI Green Dot Moneypak and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Malware. Wikipedia. The Free Encyclopedia.
- ^ What is cracked software?. Quora. Question and answer site.
- ^ Roger A. Grimes. 15 real-world phishing examples — and how to recognize them. CSO. Security decision-makers.
- ^ Avirus. Avirus. Hungarian cybersecurity experts.