FBI Moneypak Virus – Removal Instructions

  • Facebook
  • Twitter
  • Google Plus
  • Add to favorites

FBI Moneypak Ransomware Infection – Removal Information

Image of the FBI Moneypak Virus

 

The latest rogue infection is called the FBI Moneypak virus, released in early October 2012.  This infection is being released at an alarming rate with over 20,000 computers getting infected per day, most of the distribution is happening in the United States.  The goal of this infection is to hold your computer ransom until you pay the fee to have it removed.  The Moneypak virus has zero affiliation any government organization, let alone the FBI. 

After the system becomes infected, the FBI Moneypak Virus will immediately start popping up on the computer.  If this happens, the best course of action is to remove it immediately.  The longer it stays on the system, the more difficult it becomes to remove and the more damage it can do to the system.

We can be reached at 800.530.8514 if you need a malware removal specialist to assist.


What exactly is Ransomware FBI Moneypak Virus?

 

Most of these infections are referred to as hostage infections because they prevent users from performing simple functions like running simple programs, websurfing on the Internet, checking their emails, and printing documents you may notice you cannot do a few of these things with the FBI Moneypak Virus.  Users can get infected by surfing infected websites, opening emails that come attached with the infection, or by downloading free software, games, or music that have the infection attached to the download. Stay away from unknown download sites and peer to peer networks as these tend to attract infection based Internet traffic.

In 9 out of 10 cases, If the system had an up to date Anti-Virus and was properly patched by Microsoft’s security updates, the user would stand a good chance of preventing the infection.  After systems become infected, it becomes increasingly difficult to remove the infection.  Viruses have put in place defensive measures to make sure users cannot simply install software and remove the virus.  This particular infection almost guarantees the need for a certified technician to work on the computer because specific files and folders will have to be manually deleted to complete the removal process.

There are many different forms and shapes Ransomware can take. FBI Moneypak, FBI, FBI Moneypak Virus, MoneyPak, Ukash, yorkshire, UK, Ice, Department of Justice, White screen, jak usunąć, Ransomware Reloaded, WinLock, Reveton, Zeus, Paysafecard, Metropolitan Police Service, Police National E-Crime Unit, and Votre ordinateur a ete pour violation de la loi Française are all different types of Ransomware that does the same thing.

If the Ransomware that you have is not the FBI Moneypak Virus, I encourage you to still try these removal steps, as many Ransomware viruses are located in the same area and just have a different name.

To try and get past these roadblocks, we’ve put in place a set of instructions that should help users remove the FBI Moneypak Virus from their computers.  We recommend backing up all important files before the removal process and we recommend performing full system tune-up after the removal process.  These two things will prevent loss of data and maximize computer efficiency.  If the following instructions do not work and you cannot get rid of the FBI Moneypak Virus using our recommended software, then feel free to call our Virus removal hotline at 800.530.8514, we are open 24 hours a day 7 days a week.

Click here for more about Ransomware..

 

ALERT:
Ransomware is not any type of goverment association, the goverment, or any type of authority. All acusations made by ransomware viruses are UNTRUE and paying these cyber criminals can cause further problems and issues.


FBI Moneypak Virus Ransom  How to remove Ransomware

Depending on the severity of the FBI Moneypak Virus or how long the computer has been infected, users infected by ransomware will require different removal steps. listed here are the options to remove Ransomware for all stages of progression and all types.

  1. Ransomware Removal Applications – Automatically clear out all infections and Ransomware FBI Moneypak Virus.

  2. Manual Ransomware Removal- Remove associated FBI Moneypak Virus files. (ADVANCED)

  3. System Restore – Restore your computer to a time and date before the Ransomware FBI Moneypak Virus.

  4. Safe Mode With Networking – Manual infection removal and automated infection scan for the FBI Moneypak Virus.

  5. Flash Drive Option – Load Antivirus (or AM) software to a flash drive, scan for and remove the FBI Moneypak Virus.

  6. Coming Soon.. – Download Ransomware FBI Moneypak Virus Removal applications to a disk to scan and remove infections.

 

Option 1 – Ransomware FBI Moneypak Virus Removal Applications:

Easily remove the Ransomware FBI Moneypak Virus using Malwarebytes Anti-Malware Software.


1. Before we begin the steps we need to boot into safemode with networking, as there is a good chance if you have ransomware you cannot get into normal mode. So please shut down your computer if you havent done so already by holding down the power button on your computer’s tower for 10 seconds, or until you hear it turn off.



    FBI Moneypak Virus Ransomware

2. When the computer is off, push the power button once to turn it back on. As soon as you see anything on your computer screen continueilously tap "F8" (Windows 8 is Shift-F8) repeatly until you see the “Advanced Boot Options Screen”.



    FBI Moneypak Virus Ransomware


3. Select “Safemode with Networking” here and allow it to boot up into your desktop. If you immediantly see the virus at boot, please attempt another option, or give us a call.



    FBI Moneypak Virus Ransomware

4. Open your web browser and download malwarebytes at malwarebytes.org, when at the site click “Free Download“. It will redirect you to “Download.com“. Once there click the big green “Download Now” button



    FBI Moneypak Virus Ransomware



5. Once you have downloaded and installed Malwarebytes, open into it and run a full system scan by selecting Perform full scan and then clicking on the scan button located at the lower part of the page.

     



    FBI Moneypak Virus ransom



6. Once the scan is done, Malwarebytes will display thstronge results, showing the malware and possibly the FBI Moneypak Virus that was found. Now you need to select all of the malicious files and click the Remove Selected button on the lower left side of the page.


    FBI Moneypak Virus ransom


Note

If Malwarebytes didn’t work, here are some other popular Ransomware FBI Moneypak Virus Removal tools:


Super Anti-Spyware, Hitman Pro, AVG Antivirus, Kaspersky, Microsoft Defender, and Microsoft Security Essentials.

REMEMBER!
If you have any issues or problems with removing the infection on your computer, we can help! We are open 24/7 and will be more than happy to help you remove the infection with ease.

Option 2 – Manual FBI Moneypak Virus Removal (advanced):

 

Alert
This option is very advanced and should be handled by a technician, please call us with any questions. Some of the files described in this sample solution may not be found in your Ransomware because there are so many different types and they can be named randomly. So do not be alarmed if you cannot find “Ctfmon” (a file in the steps below) as it may not be there and may be named something else in a different location.

 

1. Turn off the infected computer completely by holding in the power button of the computer for 10 seconds or until the computer shuts completely off. (If the computer is already off skip this step)


    FBI Moneypak Virus Ransomware


2. Turn on the computer by pressing the power button and immediately begin to tap the “F8” (Windows 8 is Shift-F8) button over and over until you see the “Advanced Boot Options” screen which looks like this:


    FBI Moneypak Virus Ransomware


3. Please select “Safe Mode with Command Prompt” after selecting this you will see a large amount of text on the screen, and when it is done you will see a black box labeled “Command Prompt” with a blinking white cursor on it where you could begin typing.


    FBI Moneypak Virus Ransomware


4. Please type “Explorer.exe” in the black box with blinking cursor and hit the “Enter” key. If done correctly you will see your “Start Menu” and desktop icons come back onto your computer.


    FBI Moneypak Virus Ransom


5. Now we need to show hidden files. Double click on any folder on your computer to open it.
(EX. “My computer, My Documents, any personal folder even)

While the folder is up hold down the “Alt” key and press “T”. This will bring you to a drop down menu which you need to click “Folder Options” on. When you first get in the “Folder Options” page click on the “View” tab at the top of the page, there will be a list on this page.

About 7 to 8 check boxes down there will be a folder named “Hidden Files and folders” with 2 circle check boxes under it, it is the only option with circle check boxes. Under “Hidden Files and folders”, click the option that says “Show hidden Files and Folders” then click “Apply”, and “OK”. This will display hidden files.


FBI Moneypak Virus ransom

6. This step is the most important, removing the FBI Moneypak Virus and other infected files. Below is a list of “Locations” and “File names” that you will use to remove the infection.


Main Ransomware virus location:

windows XP only
C:\Documents and Settings\%username%\Application Data\
windows vista-8 only
C:\users\%username%\Appdata\Roaming\
All windows versions
%AppData%
Less popular BUT still used locations:
windows XP only
C:\Documents and Settings\%username%\Local Settings\Application Data\
windows XP only
C:\Documents and Settings\%username%\Application Data\
windows XP only
C:\Documents and Settings\All Users\Application Data\FBI Moneypak Virus
windows XP only
C:\Documents and Settings\%username%\Start Menu\Programs\Startup
windows vista-8 only
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup
windows vista-8 only
C:\users\%username%
windows vista-8 only
C:\users\%username%\Appdata\
windows vista-8 only
%programdata%
All windows versions
%temp%
All windows versions
%Program Files%\FBI Moneypak Virus\

 

Note

These are the locations that almost every ransomware virus lives. Every virus is different and could be anywhere located on the computer, but these locations are a very good place to start.

Infected File names

Note
Be aware that a lot of the time the name is random, or is even a random set of numbers or letters (EX. TES20893.EXE or Snxtvfntrm.exe)

 

Now that you know the common locations and file names, we are going to start the removal process with where to type them to. You need to go to the above locations and look for any files that are in the list or any that seem out of place.

A. Luckily the very first location, which is the most popular location for ransomware, will work on any version of windows. The Ransomware FBI Moneypak Virus will be in this folder most of the time, compared to the other locations. So if you find one of the listed files or a random file here, chances are this is your virus. But feel free to go through each and every location to be sure.


    Below is an example of a user that has 3 different “Ransomware Infections”. They also are all in the “%appdata%” location. This is simply an example picture to show you how the infection could look when you find it.

     


    ransom example

 

B. Bring up the “Run Box” we talked about in the above step by holding down the “Windows” key and taping the letter “R”.

WR FBI Moneypak Virus


    FBI Moneypak Virus run  box

     


    Note
    This will bring up a run box with a location for you to type in. This run box can take you to every location written above. It will be your key to finding the ransomware on your computer.

     


C. When the “Run Box” is displayed please type “%APPDATA%” (Without the Quotes) in the text field on the “Run Box” and press “OK” or hit the “Enter” key.


    FBI Moneypak Virus run  box

     


D. This will display your “Application Data” folder. As stated above 8 out of 10 times, the virus will be in this location. This location should have quite a few folders in them that help your applications like Microsoft office, internet explorer, and Fire Fox run to your preferences. There will never be a file in this location that if you delete, would render your system from running.

FBI Moneypak Virus ransom

    Note

    This doesn’t mean delete items that look legitimate, but it should help ease your mind about what you are removing. So please look in this location for any file in the list above, or any file that seems out of place or random. There is a very high chance that any file that ends in .EXE , .DAT , .INI , or simply has no extension can be removed from this location.)


E. Once you have found a file or multiple files that are in the list, or seem like a virus in this location, delete them and then empty your recycling bin on the desktop by right clicking it and selecting “Empty”.


    FBI Moneypak Virus ransom

    FBI Moneypak Virus Delete

F. If you did not find a suspicious file(s) in this location it may be in any of the other locations that were listed earlier, or even if you did find a file and removed it that you believed to be a virus, but want to make sure, you can navigate to these other locations using the same steps. Simply reference the next location in the list and start back at step 6-B and when you get to step 6-C replace “%APPDATA%” with the location you referenced on the list.

    Note

    When checking other locations you will need to determine what version of windows you have and only type in the locations that are for your version of windows and the ones for all versions of windows.

    For Example: If I have Windows XP I would type in the locations that have either “windows XP only” or “All windows versions“ above them.
    If I have Windows Vista, 7, or 8 I would type the locations that have either “windows vista-8 only“
    or “All windows versions” above them.

    If you are unsure which version of windows you have, just use them all. Windows will tell you when one of the locations you typed in is not right or does not exist on your windows version.

    Remember though, %APPDATA% is the only location that mainly has only folders, making the search easier. The rest of the locations will require a more in depth search as deleting wrong files in other locations could harm your computer. If you need help with this please give us a call.




G. After going through the locations you wanted to go through and deleted the FBI Moneypak Virus and other virus files, Or even if you didn’t find any virus files, the next step is important. Even after deleting the virus files that prevent you from booting up, there still could be some hind in your %Temp% directory. Also if you didn’t find any files that matched the description of a virus file in the previous steps, they could be hiding in the %temp% directory. This step is quite easy though, as everything in this location isn’t needed. Just like step 6-B, and 6-C, bring up the run box by holding down the “windows” key and taping “R”.

WR FBI Moneypak Virus


• When it is displayed type “%temp%” (without the quotes) in the “Run box” text field.

FBI Moneypak Virus Temp


•This will display your Temporary folder. There may be a lot of folders and files in here, or very few. Either way they are not needed. Hold down the left “Ctrl” button and press “A” to selected all the items in the folder, or click the first item in the folder and scroll all the way down to the bottom. Hold down the “Shift” key and while holding it down, click on the last item in the folder and this will also highlight all the items in the folder.




With all the items highlighted press the “DEL” key on your keyboard or right click and click “Delete” then click “Yes” to confirm you want to delete the items. Some of the items may be in use and will ask you to skip them because they cant be deleted, simply skip those files and let it delete the rest. When you are done you should have no files or a very small amount left in this folder.


    FBI Moneypak Virus ransom


H. Now that the FBI Moneypak Virus files are gone, you must remove the registry keys that were attached to these infected files, or it could cause errors when starting up your computer in the future.

  1. Alert:
    Entering the Registry with no knowledge of how to use it could completely render your computer incapable of starting again. Please proceed with extreme caution or get the help of a technician by calling us!


    Open the run box (Refer to step 6-B and 6-C) and type “Regedit” and press “OK” or “Enter


    • This will open the windows registry editor. If you remember the name of the infected file you deleted, you can search for it in the registry by holding down “Ctrl” and pressing “F”.
    If you do not know the name of the file, or did not find any infected files you will have to go through the registry and delete any values you find from the list below.


FBI Moneypak Virus Registry

Infected Registry locations


REMEMBER!
If you have any issues or problems with removing the infection on your computer, we can help! We are open 24/7 and will be more than happy to help you remove the infection with ease.


Option 3 – Restore-Recover Computer:


There are three different ways to restore and recover your system


Option 1: Start Menu Restore:


A. Open Windows Start Menu and select All Programs.

Start FBI Moneypak Virus

B. Select the Accessories folder.

start2 FBI Moneypak Virus


C. Select System tools then select "System Restore". You may be asked for confirmation.

Start3 FBI Moneypak Virus


D. Follow the instructions given to restore your computer back to a previous date before the virus was on your computer.

Rstrui FBI Moneypak

 

Option 2: Windows run box Rstrui.exe Restore:


A. Open windows run box by holding down the “windows” button and pressing the "R” key, in the run box type "rstrui.exe" and press enter.
(On windows XP type “C:\windows\system32\restore\rstrui.exe)

WR FBI Moneypak Virus

Run restore FBI Moneypak Virus


B. Follow the instructions given in the Window’s Restore Wizard to restore your computer back to a time and date before you were infected by ransomware.

Rstrui FBI Moneypak

 

Option 3: Safe Mode With Command Prompt Restore:


This step is suggested if you are unable to access Window’s desktop.

Note

If windows is having trouble starting into "safe mode" and Window’s comes up with a black screen and the words "safe mode" in all four corners of the screen, move your cursor to the lower left corner, over the area where the Windows Start Menu search box would be located, and it will come up.


A. Reboot your computer, if you are having problems restarting it, simply unplug it.

FBI Moneypak Virus Ransomware


B. To enter safe mode press "F8" repeatedly as your computer restarts, if done properly you will see the Windows Advanced Options Menu with three safe mode options. Select the option "Safe Mode with Command Prompt" using your arrow keys on your keyboard and press enter.

FBI Moneypak Virus Ransomware


C. Be ready to type "explorer" when the Command Prompt opens and press enter. you only have a few seconds to do so, otherwise the FBI Virus will prevent you from typing. When your desktop is back and displayed hold down the "Windows key" (located at the bottom left of your keyboard) and tap "R", this will open the run box.

WR FBI Moneypak Virus


D. Once the run box shows up browse to:

Win XP: C:\windows\system32\restore\rstrui.exe and press "Enter"
Win Vista/Seven: C:\windows\system32\rstrui.exe and press "Enter
"

Run restore FBI Moneypak Virus


E. Now just follow the steps given to restore or recover your computer back to a time before the virus was on your computer, called a restore point.

Rstrui FBI Moneypak


REMEMBER!
If you have any issues or problems with removing the infection on your computer, we can help! We are open 24/7 and will be more than happy to help you remove the infection with ease.




Option 4 – Safe mode with Networking:


This option is for users who need addtional files off the internet, or has applications that are malfunctioning because of the virus. The idea to this step is to get connected to the internet and get a application to remove the Ransomware.


1. Turn off your computer by holding in the power button for ten seconds or until you hear/see it turn off, unplug your computer if needed, press the power button to turn the computer back on.

FBI Moneypak Virus Ransomware

2. As soon as you turn the computer back on continuously press "F8" until "Windows Advanced Options" Menu comes up. Use the arrows on your keyboard to scroll down to "Safe Mode with Networking" and press "Enter".

FBI Moneypak Virus Ransomware

Note

If windows is having trouble starting into "safe mode" and Window’s comes up with a black screen and the words "safe mode" in all four corners of the screen, move your cursor to the lower left corner, over the area where the Windows Start Menu search box would be located, and it will come up.


3. There are 2 options to choose from here:


• Follow steps 6 A- H to preform a manual removal from this point.

Download Malwarebytes, to remove malicious files on your computer.

A. Download the free or paid version of Malwarebytes.org

FBI Moneypak Virus Ransomware


B. Once you have downloaded Malwarebytes, open into it and run a scan by selecting Perform quick scan and then clicking on the scan button located at the bottom of the page.

FBI Moneypak Virus ransom
C. once the scan is complete Malwarebytes will display the results, showing the malware that was detected. now you need to select all of the malicious files and click the Remove Selected button on the lower left side of the page.

FBI Moneypak Virus ransom

Note

If Malwarebytes didn’t work, here are some other popular Ransomware FBI Moneypak Virus Removal tools:


Super Anti-Spyware, Hitman Pro, AVG Antivirus, Kaspersky, Microsoft Defender, and Microsoft Security Essentials.




Option 5 – USB trick:


Useful for users who can get into safe mode with command prompt but cannot find the virus.


1.
On a different uninfected computer, download Malwarebytes or a different Anti-virus you trust and save the setup.exe file to the USB flash drive .


2.
Turn off the infected computer completely by holding in the power button of the computer for 10 seconds or until the computer shuts completely off. (If the computer is already off skip this step)

FBI Moneypak Virus Ransomware


3. Turn on the computer by pressing the power button and immediately begin to tap the “F8” (Windows 8 is Shift-F8) button over and over until you see the “Advanced Boot Options” screen.
Please select “Safe Mode with Command Prompt

 

FBI Moneypak Virus Ransomware


5. Please type “Explorer.exe” in the black box with blinking cursor and hit the “Enter” key. If done correctly you will see your “Start Menu” and desktop icons come back onto your computer.

FBI Moneypak Virus Ransom


6. Remove the USB the uninfected computer and plug it into the infected computer, start to install Malwarebytes (or your trusted Anti-virus) using the setup.exe file located on the USB flash drive.


7. Run a full system scan, and remove any found infections.

mbam FBI Moneypak Virus


8.Restart your machine

FBI Moneypak Virus Ransomware

 

 

 

 

 

 

 

 


REMEMBER!
If you have any issues or problems with removing the infection on your computer, we can help! We are open 24/7 and will be more than happy to help you remove the infection with ease.
Nate - Admin

Nate - Admin

Growing up i always had a passion for computers and programming. My goal now is to take that knowledge and help others who do not have it. With the rapid growing rate that infections are released everyday, its hard for everyone to keep on top of it. That's what this site was made for. I'm currently a Computer Programmer at a Tech Support company, but have always been a Technician at heart. I spend my free time Reverse engineering viruses to develop cures, and learn how they work. This makes helping people who have been infected with any kind of virus a easy and fun task for me. Need help? Leave a comment on any page, or use the "Contact Us" Page and i will respond as soon as i can!

More Posts - Website

15 comments on “FBI Moneypak Virus – Removal Instructions

  1. Judy Ryan on said:

    Thanks for helping me remove this nasty infection. My husband and I were scared shi%%$^%$ this thing had stolen our identity. Thanks again, a couple very novice users.

  2. I have a virus on my laptop saying that i need to pay 300.00 to unblock it

  3. tim morris on said:

    remove virus

  4. Audrey on said:

    Hi – after i downloaded the spyhunter program and ran it on the infected computer in safe mode with networking, a window popped up the says ” the system administrator has set policies to prevent this installation. the laptop in question is running windows xp. Can you tell me what to change?

    • Nate - Adminadmin on said:

      Try these steps:

      Step 1:
      Run the software setup file as an administrator and check if it helps.
      a. Right click on the setup file of the software that you are trying to install.
      b. Select “Run as administrator”.

      Step 2:
      Temporarily disable the antivirus software running on the computer and check if you are able to install the software.

  5. shawn on said:

    this virus wan’t let me see anything except there image. any help please.

  6. Mike on said:

    Error 1500 wouldn’t allow me to download Spyhunter 4, tried to fix code 1500 unsuccessfully

  7. terry on said:

    what if my laptop will not start in safe mode. I select salfe mode with networking then my laptop retstarts itself and all i get is a blank screen

    • I would recommend trying Safe Mode with Command Prompt or last known good configuration. If you select Safe Mode with Command Prompt, in the command prompt field (blinking white cursor), type in explorer.exe and hit enter, this will bring up your desktop which will allow you to navigate to the download link from there. If you have any additional questions, give us a call. Good luck.

  8. how can u get rid of unwanted files on ur computer….like old movies u deleted that are still on the computer or books that were digital?!.

    • Hello,
      You can permanently delete a file by holding down “Shift” while you press “Delete”. If this opinion still doesn’t work, there are applications you can use to delete a pesty file on reboot, forcing the file to be removed. One application i use is “Unlocker”. Of course be careful what you delete with these applications, because it will go around windows protection!

      Have a wonderful day!

  9. amway global on said:

    I am trying to get remote desktop connection going, for the computers in the same network.. The problem is, my computer (Windows 7) does not seem to register the other computers on the network.. . Can anybody point me in the direction that might solve this issue?. The other computers are xp, if that makes a difference.. The other computers are xp, if that makes a difference..

    • Hello amway,

      I just want to make sure, are you all on the same network? Or is it a remote network? If remote please open up the port remote connection needs to function.

      If you are on a Local connection, it should be very simple. Make sure Remote Connection is enabled to be used on each of the computers you want to connect to. After this, on each computer you want to connect to, open up Command Prompt by holding down the “Windows” key, and pressing “R”. When the run prompt comes up type in “CMD”(Without Quotes).

      This will open up “Command Prompt”. Begin by typing “Ipconfig” (Without Quotes), and press “Enter”. This will show your computers IP address. If you are under a wired connection look for the IP under “Local Area Connection”, if Wireless then look under “Wireless Connection”.

      Once you have the Ip address for each of the computers you want to connect to, open up “Remote Desktop Connection” and type in the IP of the computer you want to connect to.

      Please let me know if this has worked for you!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>