Severity scale:  

FBI Green Dot Moneypak Virus. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as FBI Moneypak | Type: Ransomware

FBI Green Dot Moneypak Virus is a very serious cyber infection that has nothing to do with a governmental organization, which is called FBI. Just like FBI Moneypak or simply FBI virus, it displays an alert that locks computer down and disables victims from loading any of their programs or files. The minute user logs in, his PC goes straight to the Green Dot Moneypak screen and locks the entire system down. Even rebooting to Safe Mode with Networking or Safe Mode to Command Prompt do not help in most of the cases. You must be especially careful if you live in USA because most of the users who have been infected by this threat live this area. However, there are many other versions of this ransomware spreading in Europe as well (be aware about International Police Association (I.P.A.) ransomware, An Garda Siochana virus, Police Central e-crime Unit virus and others).


FBI Green Dot Moneypak Virus can be downloaded together with other programs or files without any permission asked. This may be fake video codecs, Flash updates or other freeware from the source that is not official. Besides, you should avoid opening spam email attachments as well if you don’t want to get this infection. Right after infiltration, FBI Green Dot Moneypak Virus replaces desktop’s background with large alert which seems to be sent by a governmental agency belonging to the United States Department of Justice. This alert tries to convince you that you have been breaking down various rules and now you have been caught for doing that:

All activity of this computer has been recorded.
If you use a webcam, videos and pictures were saved for identification.You can be clearly identified by resolving your IP address and the associated hostname.Your computer has been locked!I
llegally downloaded materials (MP3’s, Movies or Software) have been located on your computer.By downloading, those were reproduced, thereby involving a criminal offense under Section 106 of the Copyright Act.
The downloading of copyrighted material via the Internet or music-sharing networks is illegal and is in accordance with Section 106 of the Copyright Act subject to a fine of imprisonment for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded material is punishable under Section 184 paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with which the files were downloaded.To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. Payable through GreenDot Moneypak. After successful payment, your computer will be automatically unlocked. Failure to adhere to this request could involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the “Submit” button.

Of course, this alert is completely forged and it has nothing to do with legitimate organization. If your computer has also been locked by such FBI warning, you must understand that paying the fine won’t unlock your computer but will only support the owners of this screen locker. In order to bring your PC back to normal, you must unlock your PC first and then remove FBI Green Dot Moneypak virus.


To unlock your computer and get an ability to scan it with decent anti-malware, firstly you must follow these steps:

1. Take another machine and use it to download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with FBI ransomware once more and run a full system scan.

Now scan your computer with Reimage once more to remove all infected files from your PC.

UPDATE: We have alternative FBI Green Dot Moneypak Virus removal instructions. Try following them if flash drive option hasn't been helpful:

* Users infected with FBI Moneypak/FBI virus/FBI Green Dot Moneypak virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual FBI Green Dot Moneypak virus removal (special skills needed!):

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable FBI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining FBI Green Dot Moneypak virus files. You can also try using Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

UPDATE2: FBI Green Dot Moneypak virus has just been updated – now it is capable of blocking Android devices. It acts just like its previous versions. So, as soon as FBI android virus enters OS, it locks is down and then displays a fake warning message asking people to pay a fine for their illegal online activities. Please, do NOT pay this fine! If your Android device was blocked, you should follow these steps:

1. Reboot your Android device into Safe Mode:

  1. Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
  2. Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.

If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.

2. Uninstall malicious app (FBI Android virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):

  1. When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
  2. Here, look for previously mentioned malicious app(s) and uninstall all of them.

If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by this android virus or follow these steps:

  1. Go to Settings -> Security. Here, select Device administrators.
  2. Here, look for previously mentioned malicious app(s) and uncheck it
  3. In order to finish the removal of FBI Android virus, select Deactivate and OK.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove FBI Green Dot Moneypak Virus you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall FBI Green Dot Moneypak Virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
FBI Green Dot Moneypak Virus snapshot
FBI Green Dot Moneypak Virus snapshotFBI Green Dot Moneypak Virus snapshot

FBI Green Dot Moneypak Virus manual removal:

Kill processes:








Delete registry values:


HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegistryTools’ = 0

HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem ‘EnableLUA’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionInternet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegedit’= 0

HKEY_CURRENT_USERSoftwareFBI Moneypak Virus

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ‘Inspector’

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFBI Moneypak Virus

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotector.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunInspector %AppData%Protector-[rnd].exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnOnHTTPSToHTTPRedirect 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsID 4

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsUID [rnd]

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsnet [date of installation]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorAdmin 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorUser 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemEnableLUA 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXE

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXEDebugger svchost.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = 0

Unregister DLLs:

Delete files:
%Program Files%FBI Moneypak Virus








%Documents and Settings%[UserName]Application Data[random].exe

%Documents and Settings%[UserName]Desktop[random].lnk

%Documents and Settings%All UsersApplication DataFBI Moneypak Virus

%CommonStartMenu%ProgramsFBI Moneypak Virus.lnk






%UserProfile%DesktopFBI Moneypak Virus.lnk





About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

Removal guides in other languages

  • Danielle

    My 6 yr old daughters Kindle now has this virus. How do you get rid of the virus if its on a Kindle?

  • JoJo

    Next time you will pay extra for a Macbook computer or Mac Desktop. This type of shit never happens.

  • mike

    that all sounds good but lets not make it to hard for people who don’t know computers unplug your internet restart your computer no internet it wont lock it up you will boot like always run your spywear programs cc cleaner spybot search and destroy or advance system care that will kill it turn your computer off plug in youe internet and away you go the bad thing is if you don’t have these cleaners or some sort of cleaner then you do need to do a format and clean install so un plug internet clean it and restart hope this helps and malwarebytes is great

  • Michael Brinson

    cant remove FBI money pac virus from my galaxy s5

    • John

      I just did a factory reset. (hard reset holding down the volume key the side button on the right and the bottom button on the face of the phone close) follow the prompts. In your phone and go to factory reset and youre going to lose everything that you downloaded but youll find it in your Google Play and backups and then I reformat the SD card havent had a problem since

  • jessie

    I am trying to remove this virus from my phone but have no luck. Any suggestions?

  • jessie

    How do u remove it from an android phone?????????

  • Isaac

    Ive just got this virus today but its on my samsung galaxy note 10.1 2014 edition. running android 4.4.2 and cant find any help on how to remove it

  • Mark

    I have the virus that locks the computer stating it is from “THE DEPARTMENT OF JUSTICE” demanding $300.00 from Money pak. I restarted my computer, tapped F8 clicked on Safe Mode Command Prompt but the same message came up again. How do I get into my desk top computer to make repairs if this keeps coming up blocking me?

  • Irish

    I dont know what I did. however I wrote the directions down for several ideas. Lo and worked! So thank you all for your help. You all rock! And if I could remember how I did it. I would tell you. I believe it was mostly what John had to say. Whatever, it worked. Thank you!!!

  • Justin

    Have tried about everything and cant get in my computer in any mode before the virus pops up. Does anyone know a fix for this without being able to open windows?

  • ben

    To anyone that knows the answer i got a similar virus but was using campus pc on network. I just hit the power button on and off and everything worked it seemed ok. Is it gone?

  • Elise

    Prior to reading this forum, I had attempted to boot up my computer in plain safe mode, and now when I turn on my computer, my screen is completely black. I tried pressing F8 (repeatedly) as soon as I turn my computer on but nothing happens. My computer just sits powered on with a black screen. Any suggestions? Am I totally screwed now?

  • chako

    Thanks a lot it worked………………..

  • mark.

    you can also bypass this thing by logging in as guest. if you dont have it. start in safe mode and add guest user . you can do this by ( while in safe mode) opening control panel, open administrative tools, manage another account , turn on guest accounts. trying to do a restore point while logged in at safe mode (as administrator) would automaticaly shut down . or even search for any of the files or processes. would result in auto shut down also. so go in as guest and do what ya need to -restore to previous point , download maleware ….etc.

  • bill

    Best to spend the money and have a computer store remove it. Restore loses a lot of data. Friend of mine has it and he is shut down with many grants written to be sent asap, restore will lose all that work. He watches porn, best advice, dont go to porn sites.

  • Jill

    My dad has this virus, safe mode is llocked, as soon as he tries to get into it, it boots him back into windows. Disconnecting the internet hasnt helped either. Any suggestions?

    • Jill

      oh, and i forgot, its the only account on the pc.

      • Mahi

        If are able to get into your pc and try to go to (for Win 7)
        C:ProgramData and see if you can find unusual file. These are random named files. Click on Date Modified and check anything added recently and delete them.

  • Paul

    Do a system restore, the run a quality virus program. Then find the idiot who wastes his him writing these viruses and punch him in the face.

  • Ilan

    Dale, Malwarebytes did remove it for me I guess you need to update! thank you guys. I boot my laptop with command promt in safe mode and typed in “explorer.exe” as Rick has suggested and boy I was saw happy to see my start menue. (thank you rick!) then I ran Malwarebytes in fast scan detected 23 red ones and then performed full scan and found 4 more. about system restore it is not enough it will come back scan and remove this nasty program has lost of trojans !

  • Jim

    Ok, kiddies I have removed the virus even though I was not able to get to safe mode or to a command prompt. This is what I did, I am not sure if your options are identical so please review this before you start.
    Restart computer and press F8 to get to the start up options,
    Select repair and enter,
    select os to repair,
    select user account to repair,
    when system recover options menu comes up select System Restore and go to the first option before FBI green dot. Let the system continue until all is finished. Worked for me, I hope it works for you.

  • Jim

    Ok, most of you are not getting to the issue here.
    I have windows vista home
    I have no way to get to any safe mode options, none, I CAN NOT GET TO SAFE MODE.
    The reason I wrote in caps was not to offend, but to get you to understand that there is no safe mode. I can boot from each option in the F8 menu, but when the system boots there is that annoying warning preventing me from doing anything. I do not have a second account, it is my computer. So, to sum this up, no safe mode, no command prompt, still have virus.

  • DAVE

    TO MIKE,
    Thanks for the info.did the c/prompt and restore to a couple a days ago and ran m-bytes.picked up 39 viruses and got rid of em.machine is working fine now.THANKS Again!

  • rob

    CHECK: In safe mode with command prompt
    CHECK: I typed explorer.exe
    However, it still takes me to the virus before I get to Control Panel. Ideas?

  • hodo

    yes i did. i was told by the guy i had a virus and he needed to remove it and he could do it by remote control. He said the fee would depend on the problem. the problem was i let him take remote control of my pc and he moved everything so fast i couldnt follow him. then he said the fee would be 175 dollars. i told him to go suck eggs and then he said he would accept 75 so i (thinking this was a good deal) paid the rotton rat. little did i know while he had remote access he installed some nasty virus and some malware (and i accualy paid him for it). they will not stop. once they get your phone number they might wait 3 months and call back saying you have won a lottery, you need to send .001% of the winnings for processing. .001% of the supposed winnings of 5 million was 5000 bucks. I knew there was no way any sweepstake or lottery (especially since i didnt enter any) would make you pay for any winning. & i was right!

  • blah

    Has anyone else recieved a random phone call from an unknown number? The person on the other line is saying I have a virus and he can help me remove it. As I had this virus the other week, I have since removed it and nothing has happened. Until I got that phone call this morning. Does anyone have any other information?

  • JD

    Windows XP. System Restore not working. All safe modes are disabled. Got the virus on Christmas Day. Need to manually remove through search. Please list specific files if possible. Thanks in advance.

  • Mark

    I have XP. I cannot get into safe mode. I tried all 3 safe modes numerous times – regular safe, safe with networking and safe with command. They all kick right back to the page after 20-30 seconds.

  • Marissa

    Mine said Im a pedophile. I thought it was real for a second, because my friend showed me this nasty picture once.. but now I know its not. They could see me on the webcam. Why would an 18 yr old girl be a pedophile?

  • Gary

    I too got hit with this nasty virus. No luck removing it yet. I have XP. Ive tried safe mode, safemode with networking, and command prompt. Every combination brings me to the the virus screen. Ive tried to log in as user and admin. Same thing. Is there something I can run externally to get around this? I have USB drives available. Thanks in advance.

    • Gary

      UPDATE I was able to get in using command prompt with networking. I quickly typed explorer.exe and my restore window showed up. Restored successfully to last week. Windows now starts normally and my desktop appears. Im running a malwarebytes scan. Im not connected to the internet yet. Im wondering if there are other tools I should use before I claim victory over this virus. Thanks again!

  • Charlie

    Thanks to all for comments. Did a system restore to two days prior and seems to have completely resolved the issue. Id like to find and castrate these dirty rat bastards.

  • albert davis

    i albert davis is report money pak to the b.b.b. it is a scams day got me for 300.00 get the virus off my computer i albert ask to remove all virus scams off my computer so i can e mail and get e mail money pak is blocking my e mail facebook my unmaem and password unlock my computer report to the f.b.i. can i will call the b.b.b. remove all viaus and scams .

  • J.

    I kept getting the blue screen of death when I tried to enter safe mode. Worked for about 3 hours with no luck. Finally, I disconnected the internet cable and loaded windows normally. IT WORKED!!! I then did a system restore to a few days ago, and everything is working great. DISCONNECT THE INTERNET CABLE!

  • nick

    Why such kind of nonsense is happening in my pc..your steps helped me to remove Guard Pro fake virus.thanks guys..

    Provide me information to know how i will be able to know that my system get infected once again by same virus???

  • Daniel

    i went to “safe mode with networking” enter, goes to next screen will not do anything. black screen. what do i do next. want to make sure virus off and computer clean before getting on job network..

  • Geary

    Followed everyones directions, was able to get to the restore point from this summer, and restored to there. THANKS to all of you!

  • Zam

    Please, how can i do?
    I cant run by safe mode and networking.
    Please, some one..

  • Phil

    No system restore points…which is odd. What now?

  • Nikil
  • steve

    my pc is infected and I cant seem to boot in safe mode. what should i do?

    Win 7
    i unplugged internet connection
    rebooted kept hitting f8 but cantt get to safe mode option.

    • Mahi

      If you are able to get into your pc and try to go to (for Win 7)
      C:ProgramData and see if you can find unusual file. These are random named files. Click on Date Modified and check anything added recently and delete them.

    • needtoknow

      rebot in safe mode with prompt, then type explorer.exe, should look old school, go to control panel and do a system restore. should do the trick by the way info is care of mike mentioned earlier in post

    • needtoknow

      thankfully i got my network back up enough to find this website. Almost gave in i made it as far as buying the card but i found out about the virus through this site and the info mike gave help me fix the issue. thank you

  • Kris

    I keep trying to do a restore and it keeps failing. Any suggestions?

  • Dave

    When i try to get on Safe mode or Safe mode with command prompt i get the BSOD (blue screen of death). Any suggestions?

  • DB

    When I enter Safe Mode, the GreenDot screen still shows up. How can I restore?

  • Sue

    Ive been attempting Restores (yesterday, last week, last month)…each time Im being told “Your computer cannot be restored to: xxx (date), No changes have been made to your computer”. Any other suggestions for a novice PC person?

  • Mickr

    Hi, When I try Safe Mode I can only use safe Mode With Networking as Safe Mode does not allow a domain to be specified which my logon requires. When I use safe Mode With Networking as soon as the computer logons on it locks with a white screen. There is no possibility to type a CMD command or try access Ststem restore. Any suggestion splease on what I can do here?

  • Dan

    I was fortunate enough to have had another account on my vista so I used that to create another administrative account. Once I did that I I started in safe mode and made copies of files pics ect. then just deleted the original administrative account. Virus was blown into the virtual cosmos! Have had no problem since =)

  • Mario

    I had the FBI Green Dot virus and could not find anything unusual in the regedit area or registry area. I went to WINDOWS EXPLORER and did a *.exe search (with a date modifier set to today) to find the problem. The file name was something like unph???.exe I hope this helps someone.

  • Aim

    Mike….you are a genius…thank you so much!

  • Hector

    I love you mike fixing this virus make me change my study field to computer since thank you so much mike I can sleep good tonigh

  • Ryan

    I booted up in safe mode then went to administrator to do a system restore. I only restored it 1 week earlier, maybe took 5 minutes and when my laptop rebooted the virus was gone.

  • Kevin

    Thanks Mike, worked for me too. Just a note about System Restore; it could take some time, mine took about 1 hour 25 minutes as the Java applet churned. There is no percentage countdown or other status bar visual indicator. Patience required. Once done it will reboot. Im on Win7 and went back 5 days to the Restore point. I had no system changes in the 5 day span other than McAfee Internet Security (laugh) and Windows updates.

  • ken C

    System Restore worked like a charm!

  • Tom

    I have been trying to get rid of this virus and several others for days. Get blu screen of death and pc only will stay up for a few minutes before going to blue screen I was able to get the command prompt in safe mode and I typed explorer.exe but after that it wouldnt take me to restore point or I dont know where to find it . I was able to open my computer and run malware bytes scan tool. But it didnt find anything ? Im about redy to toss this bleeping thing. Please help a nubie. How do you find restore points etc. thanks in advance. Tom
    I have a program called combofix someone told me to run but Im afraid to since my pc only stays up for 2 or 3 min until blue screen pops up.

  • Ray

    System restore worked for me after placing in safe mode. I restored to settings 2 days prior. What a relief. This is a nasty virus.

  • mike

    SpyHunter, Malwarebytes and sytem restore not working for me.

    SpyHunter requires an internet connection to install. FBI virus has disabled network so I cannot install it. Also, Malwarebytes does ot work (even with a manual update of virus definitions). No restore points.

  • mike

    any ideas if you have no restore points for a system restore?

  • Parker

    That helped thanks

  • LEE

    I could not access to safety mode, only safety mode with prompt. on the prompt, put “rstrui.exe” then enter, enter…. then it was auotmatically restored and romoved.

  • Dean

    I did the Vista recovery, and it worked!!!! Went 5 days back. SWEET! Thanks everyone!!!!

  • S Schwartz

    Computer was restored to normal operation by restarting in safe-mode and removing the following files:

    wsidten.dll found in C:Documents and Settings***Local SettingsTemp
    ctfmon shortcut found in C:Documents and Settings***Start MenuProgramsStartup
    lsass.exe found in C:Documents and SettingsAll UsersApplication Data

    wsidten.dll and lsass.exe were replaced with 0 byte / read-only dummy files to prevent reinfection.
    Make dummy files by creating a new text document, rename it, and make it read-only.

  • Ric

    Another piece of advice from my experience last night. In case you cant find system restore shortcut from window safe mode like myself after entering explorer.exe, you can type in rstrui.exe at the prompt directly for system restore. Just wait for a minute and your computer will start rebooting.

  • Ric

    Thanks for the great advices to all mentioned the system restore. I just did it last night on Window Vista and the nightmare is now over.
    Additional advice: F8 only needed to press ONCE right from reboot, otherwise you can never get into safe mode. Dont install SpyHunter unless you plan to buy it. After installing, it will only scan your system but not removing anything unless you register and pay $40.

  • jimbo

    I have discovered an easy way to remove the moneypak virus without scanning and without manually removing files. My computer has vista and a thing called system restore. After trying various scans, that didnt work, something clicked. My computer didnt have these virus files downloaded 2 days ago so I decided to use system restore to restore my computer to the state it was in 2 days ago. By doing this the computer itself will remove the virus, because the computer will remove all files that were downloaded from 2 days ago to present. Presto, that moneypak virus was gone like a rabbit in a hat. If I ever get any more viruses, malware, spyware, ransomwear, etc. I now have a way to get them off in seconds. I hope this saves alot of peoples hair from being pulled out.

    • dell

      Thank you so much for the excellent advise. With my Windows Vista I did exactly as you suggested and it seems to have worked. Scared the crap out of me initially, but glad I researched it on our family computer and found your advice. My Laptop and I thank you!

  • zoe

    After I put into safe mode and restart computer virus shows up and I cannot do any other instructions. What am I doing wrong?

  • Matt

    nvm i got it, now all i need to know is how to be sure you got rid of the virus for good

  • Mia

    Thanks Mike!!!! It worked!! So relieved and thankful to you for your help!!!!

  • matt

    My comp. doesnt do ANYTHING if you press f8 while its booting… ?

    • Bill

      Press F8 repeatedly as it is booting

  • tomi

    Thanks mike! It works!

  • george

    I Bburned cd spyhunter what neaxt 🙂

  • wilber

    Hey thanks a lot for this useful information. I was able to get a full copy of Spy Hunter and bam no more F.B.I junk lol

    thanks a bunch.


  • justin

    i revealed that YOOsecurity madr the virus so people would buy their anti virus if this gets heard spread the word!!!

  • Will

    I have tried the system restore and its not working. Any other options

  • Jamie

    I dont have any system restore points, what should I do?

  • mdubb

    I didnt have to turn off the wireless… I just cut off the computer turned it on. When asked I went to turn on the computer in “safe mode”. Then when the computer loaded I hit “f8”. typed in explorer.exe then. I went the start menu, typed in “restore”…went to system restore and the computer restored it to the last date I was on the computer and the virus is gone! thanks to Mike!

  • sean

    I just restored back 1 day before and the virus is still there.

  • gus

    How do these bastards get away with this kind of stuff?

  • Andrew

    Had a different version on this virus a few months ago and once in safe mode malwarebytes removed it and had no issues. This time around it has been unsuccessful but Im going to give spyhunter a shot. Glad to see there is more info about this than the last time I looked, Thanks!

  • William

    Thank you Mike..Computer is back to the way it should be…WORKING…again THANK YOU!!!!!!!!!!!!!!

  • Will

    Mikes instructions worked great. Virus gone, everything working fine – no loss of data. Thanks!

  • Mike

    You have to hit F8 while your computer is booting up. Then select reboot with command prompts. A bunch of Stuff will pop up but give it a few minutes and it will eventually change. Type in explorer.exe and it should boot up in safe mode. Then go to wherever your system restore is and go from there. System restore works and I did not download any malware or spyware stuff. Computer works fine.

    • Purpleyeti

      Thanks, if I could have your babies I would.

    • Michael J

      Thanks so much Mike!!! It really worked thanks for sharing

    • Bill

      Thanks Mike worked for me also.

    • Chip

      Thanks for sharing your knowledge Mike. Worked like a charm.

    • Jazz

      Thank you so much Mike. I was abt to spend $180 to have someone come out to fix my computer. Truly thank you.

  • doug

    Desktop computer wont boot in safe mode, get a blue screen and have to power off. It boots if disconnected from internet cable, but task manager and regedit doesnt work, is the computer shot?

  • rob

    I have the same problem. It wont let me log in in safe mode or safe mode with command prompt

  • Justin

    I have the same problem as Dave…..

  • Rick

    Boot into Safe Mode with Command Prompt, then type explorer.exe. You can run System Restore from there.

    • Zam

      Please, what is windows system32?

    • rob

      what if it wont let me log on in safe mode with command prompt. If i get to the log in screen it rejects every password? If i try safe mode with networking it accepts the password but then gives me a blank white screen with message “waiting for page to load”

      • g

        How did you fix the problem where every password is incorrect, and safe mode does not work? how to get fix it

  • Dave

    What should I do if I cant even get into safe mode? The only user account is the admin and thats whats infected so I cant run anything in a win os environment. Is there any options for a standalone bootable copy of something that will remove this or at least get me into windows?

    • Brian

      spam press F8 while your computer is booting up to access safemode with networking. This should allow you to run a security scan and look for further assitance on the web,

  • Shantina

    system restore will remove virus.

    • Thomas

      It will also delete absolutely anything you have done inbetween the restore point and now. Fine for some people, but if you happen to save files that are creative in nature (stories, digital art, electronic music), or otherwise irreplacable (family pictures recently taken that you havent had a chance to copy, same for videos), then there is always a risk that you will delete these items.

      This is kind of like using a flamethrower to get a fly; yes, it will take care of the problem, but its also likely to destroy something that you want to keep.

    • Kelly

      I removed the virus using system restore 5 days ago and its back. Now my system restore says there are no restore points.

  • Dale

    Malwarebytes fails to remove the virus. Any suggestions

    • TJ

      I rebooted into safe mode with Windows 7 and did a system restore. I opened up Microsoft Security Essentials to find that the virus had been quarantined. I have since deleted those files, updated Security Essentials and ran a scan which showed no deteced items.

    • andy

      tuen off your internet connection , go to system restore go back a day before the virus and it should be gone