FBI Moneypak Virus - How to remove?

 

What is FBI Moneypak Virus?

FBI Moneypak Virus is one more dangerous ransomware that blocks targeted computer systems and tries to get money from their users. It uses the name of FBI and blames you for breaking the law by watching and distributing pornographic content files. According to the message of FBI Virus, you have to pay a fine of $200-$400 depending on version. It tells you to do that through Moneypak payment system which should sound a bit weird as no official institutions would use such means to collect the fines. And in fact, it is just a scam.

However, nobody wants to deal with FBI so, naturally, many people take this scam for granted and pay the fine. Moreover, since infected computer is completely blocked, usually people don’t know how to find any solution. Even your antivirus is disabled after FBI MoneyPak Virus enters your system. Paying that fine looks like the only solution. Unfortunately, nothing changes even after making the money transfer. This ransomware is a clear scam created by computer hackers who only seek to swindle your money away. They manage to distribute this virus through various security vulnerabilities. It can come bundled with downloads. Also you can get infected if you visit some malicious websites.

Moneypak Payment system is legitimate pre-paid card system and not affiliated with the scammers. However, the way prepaid cards operates makes it extremely hard or impossible to reverse the charges. You should not pay for ransomwares and remove the Moneypak virus instead.

FBI Moneypak Virus removal methods

Note, that there are many versions of this scam, but each of them can be removed with various degrees of difficulty. It is tought to identify correct method at once, so if one method fails, skip and try next one. We cover most of the methods from easiest to the most complex to remove this FBI Moneypak scam.

The easiest way to get rid of FBI Moneypak virus is scan your PC from unaffected account with administrative permissions with spyhunter or Malwarebytes Anti-Malware. If you are not so lucky and have no unaffected account on your computer, there are other options:

  1. Restart your computer, press F8 while it is restarting.
  2. Choose safe mode with networking.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application from Application Data.
  5. Restart your computer again.
  6. Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to find the file and remove it. Here is a video guide, showing how to do all the steps:

 

Removing FBI Moneypak Virus when you can boot to Safe Mode with command prompt only

If you cannot use Safe Mode, try rebooting into safe mode with command prompt. Here how to delete Moneypak Virus using this approach:

  1. Reboot into safe mode with command prompt. FBI Moneypak Virus should not be launched this time.
  2. Run regedit. Search for Winlogon.
  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
  4. Save changes, reboot to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. Reboot normally, your system should start without parasite interfering.
  6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete FBI Moneypak Virus executables it finds.

Here is a video guide illustrating this virus removal method:

 

There are couple versions of FBI Moneypak Virus that encrypts user documents and images. Depending on parasite version, the files might be recoverable, but it is not always the case. In such cases I recommend using PC support or one of the existing decryptors for the files.

Note, that even if all of safe modes are blocked and you can not access other user account and run Anti-Malware program scan from there, you can still clean your PC from this infection. We recommend either using Bootable antivirus CD/USB disk (Hitman Pro Kickstarter USB is one of such choices)  and scanning with it or calling +1-888-334-2444 (USA / CA ) for help.

Using Hitman Pro Kickstarter USB to remove FBI Moneypak virus that blocks all Safe Modes

  1. For this approach, you will need an uninfected PC and an empty USB disk.
  2. Download Hitman Pro on this PC. No need for installation and Run it.
  3. Press on Icon to create Kickstart USB. Follow the instructions.
  4. Switch infected PC Off. Put USB disk in, turn PC On and press DEL.
  5. Search for Booting order settings (varies depending on PC) and choose boot from USB as primary option.
  6. Save settings and Exit.
  7. Follow instructions on screen.
  8. When PC is booted, you should have access to your PC. Scan with Hitman Pro and Spyhunter and delete the FBI Moneypak scam files.
  9. Take USB out and reboot normally.

 

Automatic FBI Moneypak Virus removal tools

 
  Download Spyhunter for FBI Moneypak Virus detectionNote: Spyhunter trial provides detection of parasite like FBI Moneypak Virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual FBI Moneypak Virus removal

 

Important Note: Although it is possible to manually remove FBI Moneypak Virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other FBI Moneypak Virus infected files and get help in FBI Moneypak Virus removal by using Spyhunter scanner. 

 

FBI Moneypak Virus screenshots

 
FBI-virus
fbi-moneypak-virus
 
 
 
 
 
 
 
 
 
 
 

42 thoughts on “FBI Moneypak Virus

  1. Cheryl
     

    we cannot remove this from my father inlaws pc

     
  2. Cheryl
     
     
  3. jennifer
     

    @Cheryl
    you can get the virus removed with norton live the remotely access and remove it my brother caused mine to get locked with the same virus and they fixed it

     
  4. JIMMY
     

    was put on my computer i tryed the codes on the card-tryed3 time more it did not remove block on my computer still locked out for some thing i was not doing ,,,money pak card 05760074362165 pass work DEBBYRYAN

     
  5. JIMMY
     

    if you can re move all viruss

     
  6. Steve
     

    The only way to remove this is to reboot in safe mode and then restore your computer to the last restore point

     
  7. OldNYFirefighter
     

    @Cheryl Download MalwareBytes & run it, it will remove the Virus. You can google it. Restart your PC in safe mode F8 at startup & choose Safe Mode with networking. You can then download Malwarebytes, install it & run it to remove the virus (Trojan).

     
  8. David
     

    I was able to use my computer by starting it in Safe Mode and then Restoring my system to a point several days before the virus showed up. I wonder, however, whether any the virus’s files could have been left behind, causing possible havoc?

     
  9. Bobby
     

    I have paid them and they removed my virus! Thank you FBI!

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Bobby: you have paid to scammers, and not for real FBI

       
    2. wendy milam
       

      I think you believed the SCAM to not be a scam when it was. Comments and out internet provider have stated it is indeed a SCAM and if you pay the money, they will unblock. However, it
      is only a matter of time it will happen again because th virus needs to be removed!

       
  10. sofa king
     

    If the virus still runs in safe mode start windows as a command prompt only and then run explorer.exe from the command line to start windowz.

     
  11. bo coufal
     

    Forget the scans and the manual removal of moneypak virus files. I tried this and don’t have much hair left on my head. After much frustration, a light bulb went off. I have vista with system restore. I restored the computer to the state it was in 2 days pryor to this and presto, it was gone. By doing system restore all of the files that were downloaded from 2 days ago to the present were deleted. If you have had the virus longer than 2 days, just choose a date before you downloaded the virus. Example; You got the virus 8 days ago. Restore your computer to a date 9 days ago or longer. It worked for me and I will now use this method for any virus and get it off in a matter of seconds. Hope this info. gets out to alot of folks and saves them from pulling out their hair. We need keep our hair and get rid of viruses.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      bo coufal: Depends on the version of trojan… sadly it is nearly impossible to determine the exact version of trojan from the design (as they share it)

       
    2. wendy milam
       

      Not sure how to get to system restore since I get to safe mode screen (tired all safe modes) and it brings me back to the involved message from “Department of Justice” no option to get to the restore prompts…:(

       
      1. Giedrius Majauskas (admin)
         
         
        Post author

        You might wish to boot from alternate OS scanner CD / USB and scan.

         
  12. jacques janvier
     

    i got a malicious fbi moneypak virus that blocked my pc and impeach me to use sound device

     
  13. Jeff D.
     

    I want to thank “bo coufal” for this advice. It is very clever and it worked.

     
  14. Dan D.
     

    I got this today. If you have a dual monitor you can do all this in normal mode. It only affected one of my monitors. Moving the mouse from one monitor to the main allowed me to use my bottom toolbar (I use auto hide, so when I moved back it would pop-up). Then I just dragged the program to the other monitor. Nothing disappeared from monitor two the entire time.

     
  15. Rhoads
     

    i got virus sum how & my stepdad went in safemode & manually removed it. (im 14 & was googlin cool homebrews & plugins for my lite custom firware/official frmware psp & then a webpage-thevirus-popped up)

     
  16. David Maiorino
     

    Even when I start in safe mode with networking, it takes over whole screen before I can do anything, so how could I download or even install from cd any antivirus program, or even restore to an earlier date.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      David: depends on version. There are basically 3 or 4 removal ways depending on version.

       
  17. David Maiorino
     

    Finally able to remove it using System Restore to an earlier date.

     
  18. Jessica
     

    what if we just leave it until it reaches the 48 hours will we still be convicted of the criminal prosecution?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Jessica: depends on version, but in many cases it will not be removed, it will mess your PC more.

       
  19. Ryan D
     

    Even when i enter safe mode virus pops up what do i do

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Ryan: For this, use safe mode with command prompt guide. It is tougher, but it works.

       
  20. Jimmy W
     

    I am not able to edit my registration keys. How do I get or make a bootable anti-virus cd?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Jimmy: Download Kaspersky bootable cd from their website.

       
  21. Billy S
     

    I got the virus restored my computer to a previous point and everything runs properly. However, the start up process is extremely slow! I have bought and ran RegHunter and SpyHunter and the start up process is still about 5 minutes. Anyone else have this issue or know how to fix it???

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Billy: One of the most typical causes for so slow startup is missing driver file. This might be caused by rootkit that got removed. I would run logged boot and see if there are any errors. Then research from that point.

       
  22. oboy`
     

    @Bobby To the people that paid them, please go back and take a civics class, the FBI would never ask for money let alone with an untraceable prepaid payment like moneypak. Really in the US you must be criminally processed before you are forced to pay any fines. These people must have raked in hundreds of thousands at this point.

     
  23. A+
     

    I removed it by hitting f8 when booting. Scroll using the cursors to safe networking mode and hit enter. Go into youre start page and do a system restore.

     
  24. what the
     

    I got the virus today. I was clicking on window blinds pics from yahoo images. then an Adobe pop up came up even a java pop up- I declined java, but I always get adobe pop ups FROM ADOBE!. Adobe should put out a message to NEVER update Adobe from a pop up, it looked very legit! No virus warning came up. Anyway no mater what mode I bring my comp up in , the virus shuts my computer back down. Even in command promp, I have a few seconds to try something, then the virus will shut my computer down, I NEVER have access to the desktop at all. It’s totally got my comp on lock. I will try a bootable root fixer, hope it works, but this is a messy headache. No one else seems to have this version. HELP!

     
  25. what the
     

    This version is more sophisticated. In Safe Mode with command prompt only, I can access task manager but I wont show anything out of the ordinary. At the prompt I must type in Explorer.exe to see any of my files. I can try to run a virus scan, but like I said, this one is sophisticated, It only gives you 10 minutes to do anything then it will shut your system down, so I cant run a virus check…yet. I will try a quick scan and maybe a bootable, but like I said 10 minutes. People who make this shhh should go to jail!!! Anyone else got this particular one? Yeah, Its the bogus Adobe update, then you get the FBI shut down or pay! (do NOT pay)

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      What The: it looks like it is doable in your case. Watch the video for safe mode with command prompt. There will be a registry key which references both explorer.exe and second executable. Delete that executable and reboot. Then perform scan from normal mode (which won’t reboot). I would go for TDSS Killer (against rootkit) and then Spyhunter (fast generic scan).

       
  26. what the
     

    OK, I fixed it. I didn’t read how to delete at the top of this page, just started reading people’s comments. I did exactly what it says at the top and it worked. and my version was the worst! I ran regedit in safe comand mode, searched for winlogon/shell/ and deleted all the junk after explorer.exe which pointed to a skype fie. I DONT have Skype! I deleted other temp files from my comp, mainly in appdata where things hide!. also ran free winutilities the old version ! Then I was able to boot in regular mode and ran “Spyhunter file” from the top of this page. Hyjackthis, unhacme, malwhare bites, spybot- all found stuff to delete but NEVER got rid of the white WSODeath. Only regedit did. Thanks 2 viruses for the solution, sorry for being negative though but I’m willing to bet these hackers create these viruses to make money and the very same people create the antivirus to make money and sell the cure to you to make money that way also! HMMmmmmmmm! Same as Sars, Avian flu, Aids, ect!

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      what the: Writting malware is much more lucrative, they do not need to write antiviruses for that… Good to know that we helped.

       
  27. lost it
     

    When choosing any of the safe modes as soon as I log in my computer logs back off. Windows 7 restore to last successful log in is only restore choice and that doesn’t work. Is there a boot file I could download from another computer to an external drive then boot this infected one with to start the process?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Lost it: almost all antivirus vendors offer such CDs. Also, you can try making Hitman Pro kickstarter USB.

       
  28. Eva
     

    Tried these things but no luck, couldn’t access task manager nor could I access command prompt, so decided to make the hitmanpro kickstarter flash stick. Used f12 to get to boot options. Chose USB option. Next screen gave option to bypass normal boot but at that point, no input from keyboard would work, any button just gave loud beeping error noise. I was unable to get past this point. So I tried another shutdown and reboot but on second try and other tries, USB boot option had disappeared completely. Finally since I saw computer had option to boot to Linux environment rescue and restore, I was able to get to there and restored from an old backup. Then I was able to get normal looking desktop but system was still screwy. Many programs would not run, Explorer would work but no downloads would work. Finally I put full Hitmanpro on another flash drive and the infected computer was at least able to see it and so I executed it from there which found more infection and finally fixed final symptoms. Gah! It was a very smart virus it seems.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author
       

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>