Moneygram Virus - How to remove?
Moneygram virus is a ransomware application that uses a name of FBI in order to get computer users’ trust and steal money from them. It’s a program that comes from the same family of ransomware like infamous FBI Moneypak virus. Thanks for Kafeine for uncovering this version. The program is distributed through compromised websites, spam email attachments and by convincing users to download it as a reputable software. Once inside, the program completely blocks the system and displays a message on the computer screen that looks like a notification by FBI.
The message warns that your PC is blocked due to violating Copyright and Related Right Law and illegally using or distributing copyrighted content or because you have been viewing of distributing prohibited Pornographic content. It explains which articles of Criminal Code have been violated and what possible punishments for that are. By the end of the message you will be offered to pay $300 fine within the next 72 hours through MoneyPack or MoneyGram xpress Packet for your computer to be unblocked. In fact, it is just an attempt to steal money from you. Have a closer look at a part of the message by Moneygram virus:
FBI. CYBERCRIME DIVISION
International Cyber Security Protection Alliance
Your PC is blocked due at least one of the reasons specified below.
You have been illegally violating “Copyright and Related Rights Law” (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article1, Section 2, Clause 8 of the Criminal code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing of distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America. Article 2, Section 1, Clause 2 of the Criminal Code Provides for a deprivation of liberty for 4 to 12 years.
If you received it on your computer, you can be sure that your computer has been attacked by cyber criminals. Beware that FBI would never use such means to warn you about the violations you have done. Moreover, their fines would never be collected using pre-paid cards. You have to remove Moneygram virus from your computer immediately after noticing it on your PC. Below we explain how to do that. Since there are few versions of this annoying ransomware, there is more than one way how to remove it. Choose the one that works for your case.
If you can use Safe Mode:
- Restart your computer, press F8 while it is restarting
- Choose safe mode with networking
- Launch MSConfig
- Disable startup items rundll32 turning on any application from Application Data;
- Restart your computer again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to find the file and remove it. Here is a video guide, showing how to do all the steps:
If you cannot use Safe Mode, try rebooting into safe mode with command prompt. Here is how to delete Moneygram Virus using this approach:
- Reboot into safe mode with command prompt. Moneygram Virus should not be launched this time.
- Run regedit. Search for Winlogon.
- There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
- Save changes, reboot to safe mode with networking.
- Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
- Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete Moneygram Virus executables it finds.
Here is a video guide illustrating this virus removal method:
Note, that if all safe modes are blocked and you can not access other user account and run Anti-Malware program scan from there, there is a chance to clean the PC again. We recommend either using Bootable antivirus CD/USB disk and scanning with it or calling +1-888-334-2444 (USA / CA ) for help.