FBI Moneypak Virus - How to remove

FBI Moneypak Virus

FBI Moneypak Virus is one more dangerous ransomware that blocks targeted computer systems and tries to get money from their users. It uses the name of FBI and blames you for breaking the law by watching and distributing pornographic content files. According to the message of FBI Virus, you have to pay a fine of $200-$400 depending on version. It tells you to do that through Moneypak payment system which should sound a bit weird as no official institutions would use such means to collect the fines. And in fact, it is just a scam.

However, nobody wants to deal with FBI so, naturally, many people take this scam for granted and pay the fine. Moreover, since infected computer is completely blocked, usually people don’t know how to find any solution. Even your antivirus is disabled after FBI MoneyPak Virus enters your system. Paying that fine looks like the only solution. Unfortunately, nothing changes even after making the money transfer. This ransomware is a clear scam created by computer hackers who only seek to swindle your money away. They manage to distribute this virus through various security vulnerabilities. It can come bundled with downloads. Also you can get infected if you visit some malicious websites.

Moneypak Payment system is legitimate pre-paid card system and not affiliated with the scammers. However, the way prepaid cards operates makes it extremely hard or impossible to reverse the charges. You should not pay for ransomwares and remove the Moneypak virus instead.

There are several versions of this infection with different names. For instance:

  • Green Dot Moneypak Virus. An aggressive ransomware that blocks an infected computer completely. It uses the same psychological techniques as FBI Moneypak Virus to convince people into paying the fine. If you see your PC screen locked and a message from the Federal Bureau of Investigation informing that you breached federal laws, do not believe this scam. This blocking has nothing to do with the actual organization. Internet Crime Complaint Center (IC3) – FBI cyber crime division – informs that they get dozens of complains regarding Green Dot Moneypak Virus and its other versions. If your computer is infected with it, IC3 strongly recommends not paying any money or providing any personal information to the virus developers.
  • FBI Department of Defense. This virus is another ransomware that uses a name of FBI trying to earn some money. The program uses Trojan viruses to get into random systems without users’ consent. Once inside, the program completely blocks your computer so you would not be able to run any of your programs. It even disables your security tools and does not allow running Task Manager. Basically, the program displays once message in the middle of the screen saying that you have violated the law of the United States of America.
  • FBI virus hijacker. This version of FBI virus is targeted specifically to web browsers. It displays ‘Your browser has been locked’ warning message on your computer screen.It is listed not only as a hijacker, but as a ransomware as well, because in order to unlock and to be able to use your web browsers again you will be asked to pay scammers a ransom. FBI virus hijacker is very similar to a classic ransomware that lock your computer completely without you being able to reach any files or applications. Yet this virus is a bit different – hackers have found a new way how to scam people and make money by misusing them.
  • FBI Anti Piracy Warning. It’s a ransomware that generates a fake message warning that your computer has been locked because some illegal activity has been noticed on your computer. In fact the program was designed by cyber criminals to get money from random computer users. FBI Anti Piracy Warning does not allow to do anything on your computer as you only see a warning in front of you. None of the programs on your computer work and you are not able to do anything on your machine. You may know that it is not the first time when the names of police institutions are used in order trick computer users.
  • United States Cyber Security Virus. Another ransomware targeted specifically to USA and Canada citizens. It is relevant to FBI ransomware, some cyber security specialists even name is at another version of FBI. The same as other similar ransom viruses, United States Cyber Security Virus claims that user of infected computer have performed some illegal actions that are beyond the the law and therefore all files and applications have been locked. In order to be able to use certain computer again and unlock all personal files, user is asked to pay a certain amount of money. It is meant to be as a fine for a done damage. Usually it is $100, $200 or $300. A lot of users get scared, because United States Cyber Security Virus claims that user is guilty for violating Copyright, i.e. listening for music or watching videos downloaded from the Internet. However, you should not believe it and not pay a single dollar for those cyber criminals. You are not guilty for anything, they are only looking to make some money from users of infected computers.

FBI Moneypak Virus removal methods

Note, that there are many versions of this scam, but each of them can be removed with various degrees of difficulty. It is tought to identify correct method at once, so if one method fails, skip and try next one. We cover most of the methods from easiest to the most complex to remove this FBI Moneypak scam.

The easiest way to get rid of FBI Moneypak virus is scan your PC from unaffected account with administrative permissions with Spyhunter or Malwarebytes Anti-Malware. If you are not so lucky and have no unaffected account on your computer, there are other options:

  1. Restart your computer, press F8 while it is restarting.
  2. Choose safe mode with networking.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application from Application Data.
  5. Restart your computer again.
  6. Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to find the file and remove it. Here is a video guide, showing how to do all the steps:

Removing FBI Moneypak Virus when you can boot to Safe Mode with command prompt only

If you cannot use Safe Mode, try rebooting into safe mode with command prompt. Here how to delete Moneypak Virus using this approach:

  1. Reboot into safe mode with command prompt. FBI Moneypak Virus should not be launched this time.
  2. Run regedit. Search for Winlogon.
  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
  4. Save changes, reboot to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. Reboot normally, your system should start without parasite interfering.
  6. Install and run https://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete FBI Moneypak Virus executables it finds.

Here is a video guide illustrating this virus removal method:

There are couple versions of FBI Moneypak Virus that encrypts user documents and images. Depending on parasite version, the files might be recoverable, but it is not always the case. In such cases I recommend using PC support or one of the existing decryptors for the files.

Note, that even if all of safe modes are blocked and you can not access other user account and run Anti-Malware program scan from there, you can still clean your PC from this infection. We recommend either using Bootable antivirus CD/USB disk (Hitman Pro Kickstarter USB is one of such choices) and scanning with it or calling +1-888-334-2444 (USA / CA ) for help.

Using Hitman Pro Kickstarter USB to remove FBI Moneypak virus that blocks all Safe Modes

  1. For this approach, you will need an uninfected PC and an empty USB disk.
  2. Download Hitman Pro on this PC. No need for installation and Run it.
  3. Press on Icon to create Kickstart USB. Follow the instructions.
  4. Switch infected PC Off. Put USB disk in, turn PC On and press DEL.
  5. Search for Booting order settings (varies depending on PC) and choose boot from USB as primary option.
  6. Save settings and Exit.
  7. Follow instructions on screen.
  8. When PC is booted, you should have access to your PC. Scan with Hitman Pro or Spyhunter and delete the FBI Moneypak scam files.
  9. Take USB out and reboot normally.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

Removal guides in other languages

45 responses to “FBI Moneypak Virus

  1. @Cheryl
    you can get the virus removed with norton live the remotely access and remove it my brother caused mine to get locked with the same virus and they fixed it

  2. was put on my computer i tryed the codes on the card-tryed3 time more it did not remove block on my computer still locked out for some thing i was not doing ,,,money pak card 05760074362165 pass work DEBBYRYAN

  3. The only way to remove this is to reboot in safe mode and then restore your computer to the last restore point

  4. @Cheryl Download MalwareBytes & run it, it will remove the Virus. You can google it. Restart your PC in safe mode F8 at startup & choose Safe Mode with networking. You can then download Malwarebytes, install it & run it to remove the virus (Trojan).

  5. I was able to use my computer by starting it in Safe Mode and then Restoring my system to a point several days before the virus showed up. I wonder, however, whether any the virus’s files could have been left behind, causing possible havoc?

  6. If the virus still runs in safe mode start windows as a command prompt only and then run explorer.exe from the command line to start windowz.

  7. Forget the scans and the manual removal of moneypak virus files. I tried this and don’t have much hair left on my head. After much frustration, a light bulb went off. I have vista with system restore. I restored the computer to the state it was in 2 days pryor to this and presto, it was gone. By doing system restore all of the files that were downloaded from 2 days ago to the present were deleted. If you have had the virus longer than 2 days, just choose a date before you downloaded the virus. Example; You got the virus 8 days ago. Restore your computer to a date 9 days ago or longer. It worked for me and I will now use this method for any virus and get it off in a matter of seconds. Hope this info. gets out to alot of folks and saves them from pulling out their hair. We need keep our hair and get rid of viruses.

  8. i got a malicious fbi moneypak virus that blocked my pc and impeach me to use sound device

  9. I got this today. If you have a dual monitor you can do all this in normal mode. It only affected one of my monitors. Moving the mouse from one monitor to the main allowed me to use my bottom toolbar (I use auto hide, so when I moved back it would pop-up). Then I just dragged the program to the other monitor. Nothing disappeared from monitor two the entire time.

  10. i got virus sum how & my stepdad went in safemode & manually removed it. (im 14 & was googlin cool homebrews & plugins for my lite custom firware/official frmware psp & then a webpage-thevirus-popped up)

  11. Even when I start in safe mode with networking, it takes over whole screen before I can do anything, so how could I download or even install from cd any antivirus program, or even restore to an earlier date.

  12. what if we just leave it until it reaches the 48 hours will we still be convicted of the criminal prosecution?

  13. I got the virus restored my computer to a previous point and everything runs properly. However, the start up process is extremely slow! I have bought and ran RegHunter and SpyHunter and the start up process is still about 5 minutes. Anyone else have this issue or know how to fix it???

  14. Billy: One of the most typical causes for so slow startup is missing driver file. This might be caused by rootkit that got removed. I would run logged boot and see if there are any errors. Then research from that point.

  15. @Bobby To the people that paid them, please go back and take a civics class, the FBI would never ask for money let alone with an untraceable prepaid payment like moneypak. Really in the US you must be criminally processed before you are forced to pay any fines. These people must have raked in hundreds of thousands at this point.

  16. I removed it by hitting f8 when booting. Scroll using the cursors to safe networking mode and hit enter. Go into youre start page and do a system restore.

  17. I got the virus today. I was clicking on window blinds pics from yahoo images. then an Adobe pop up came up even a java pop up- I declined java, but I always get adobe pop ups FROM ADOBE!. Adobe should put out a message to NEVER update Adobe from a pop up, it looked very legit! No virus warning came up. Anyway no mater what mode I bring my comp up in , the virus shuts my computer back down. Even in command promp, I have a few seconds to try something, then the virus will shut my computer down, I NEVER have access to the desktop at all. It’s totally got my comp on lock. I will try a bootable root fixer, hope it works, but this is a messy headache. No one else seems to have this version. HELP!

  18. This version is more sophisticated. In Safe Mode with command prompt only, I can access task manager but I wont show anything out of the ordinary. At the prompt I must type in Explorer.exe to see any of my files. I can try to run a virus scan, but like I said, this one is sophisticated, It only gives you 10 minutes to do anything then it will shut your system down, so I cant run a virus check…yet. I will try a quick scan and maybe a bootable, but like I said 10 minutes. People who make this shhh should go to jail!!! Anyone else got this particular one? Yeah, Its the bogus Adobe update, then you get the FBI shut down or pay! (do NOT pay)

  19. What The: it looks like it is doable in your case. Watch the video for safe mode with command prompt. There will be a registry key which references both explorer.exe and second executable. Delete that executable and reboot. Then perform scan from normal mode (which won’t reboot). I would go for TDSS Killer (against rootkit) and then Spyhunter (fast generic scan).

  20. OK, I fixed it. I didn’t read how to delete at the top of this page, just started reading people’s comments. I did exactly what it says at the top and it worked. and my version was the worst! I ran regedit in safe comand mode, searched for winlogon/shell/ and deleted all the junk after explorer.exe which pointed to a skype fie. I DONT have Skype! I deleted other temp files from my comp, mainly in appdata where things hide!. also ran free winutilities the old version ! Then I was able to boot in regular mode and ran “Spyhunter file” from the top of this page. Hyjackthis, unhacme, malwhare bites, spybot- all found stuff to delete but NEVER got rid of the white WSODeath. Only regedit did. Thanks 2 viruses for the solution, sorry for being negative though but I’m willing to bet these hackers create these viruses to make money and the very same people create the antivirus to make money and sell the cure to you to make money that way also! HMMmmmmmmm! Same as Sars, Avian flu, Aids, ect!

  21. When choosing any of the safe modes as soon as I log in my computer logs back off. Windows 7 restore to last successful log in is only restore choice and that doesn’t work. Is there a boot file I could download from another computer to an external drive then boot this infected one with to start the process?

  22. Tried these things but no luck, couldn’t access task manager nor could I access command prompt, so decided to make the hitmanpro kickstarter flash stick. Used f12 to get to boot options. Chose USB option. Next screen gave option to bypass normal boot but at that point, no input from keyboard would work, any button just gave loud beeping error noise. I was unable to get past this point. So I tried another shutdown and reboot but on second try and other tries, USB boot option had disappeared completely. Finally since I saw computer had option to boot to Linux environment rescue and restore, I was able to get to there and restored from an old backup. Then I was able to get normal looking desktop but system was still screwy. Many programs would not run, Explorer would work but no downloads would work. Finally I put full Hitmanpro on another flash drive and the infected computer was at least able to see it and so I executed it from there which found more infection and finally fixed final symptoms. Gah! It was a very smart virus it seems.

  23. I think you believed the SCAM to not be a scam when it was. Comments and out internet provider have stated it is indeed a SCAM and if you pay the money, they will unblock. However, it
    is only a matter of time it will happen again because th virus needs to be removed!

  24. Not sure how to get to system restore since I get to safe mode screen (tired all safe modes) and it brings me back to the involved message from “Department of Justice” no option to get to the restore prompts…:(

  25. The FBI Virus hijacked Chrome so I alt-tabbed to Firefox on the other screen and confirmed the scam. Chrome taking up screen 1 and start menu were frozen but screen 2.
    -My Norton Antivirus had no effect. System Restore for 3 days earlier failed.
    -I downloaded and ran Malwarebytes right there. It found things.
    -I rebooted and held F8 to safe mode with networking and reran Malwarebytes again. Found & quarantined more things.
    -Downloaded and ran Hitman Pro after another reboot to safemode with networking- found still more things.
    -Reboot so safe mode and Spyhunter 4 is running in background now and found even more things like high danger rated Quick-seeker. com Search and the StartNow Toolbar by Zugo.

    FYI: CryptoPrevent at Foolishit.com looks like a good deal.

  26. Understand that the FBI, The Local Police, PTA, MSG, etc. will not notify you before knocking on your door…..Buy a Good Reliable Program to protect your computer and info….I have McAfee All Access and I’m very please. When on the internet, I’m never 100% protected, I do use common sense, don’t open email that I don’t expect or know where it came from And stay away from sites that smell wrong……Bill

Leave a Reply

Your email address will not be published. Required fields are marked *