Remove FBI CYBERCRIME DIVISION virus (MoneyPak Scam)

The FBI CYBERCRIME DIVISION MoneyPak Ransom is a computer virus (Trojan:W32/Reveton), which will display a bogus notification, that pretends to be from the International Cyber Security Protection Alliance and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The FBI CYBERCRIME DIVISION virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of a  Greendot MoneyPak code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus FBI CYBERCRIME DIVISION notification shows what is happening in the room.
If your computer is infected with FBI CYBERCRIME DIVISION virus,then you are seeing the below notification:
[Image: FBI Cybercrime Division virus]
The FBI CYBERCRIME DIVISION lock screen will display the following message:

FBI CYBERCRIME DIVISION
International Cyber Security Protection Alliance
ATTENTION! Your PC is blocked due at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America.
Article 2, Section I, Clause 2 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been…
Article 2, Section 1, Clause 8 of the Criminal Code provides for a fine of up to 5200,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 2, Section 1, Clause 1 of the Criminal Code provides for a fine of up to 5200,000 and/or deprivation of liberty for 4 to 9 years.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 2, Section 1, Clause 2 of the Criminal Code provides for a fine of up to 5500,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned Article 2, Section 1, Clause 1 of the Criminal Code of United States of America.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of United States of America of February 05, 2013, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours! To unblock the computer you must pay the fine through MoneyPak of $300. When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State’s account.
Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.

The FBI CYBERCRIME DIVISION notification is a scam, and you should ignore any alert that this malicious software might generate.
Under no circumstance should you send any money via MoneyPak to these cyber criminals, as this could lead to identity theft,and if you have, you can request a refund from Greendot MoneyPak >> HERE << , stating that the payment was due to a scam and a computer virus.

FBI CYBERCRIME DIVISION Greendot MoneyPak Ransomware – Virus Removal Guide

STEP 1: Remove FBI CYBERCRIME DIVISION lock screen from your computer

FBI CYBERCRIME DIVISION MoneyPak virus has modified your Windows registry and added its malicious files to run at startup, so whenever you’re trying to boot your computer it will launch instead its bogus notification.To remove these malicious changes, we can use any of the below methods :

Method 1: Start your computer in Safe Mode with Networking and scan for malware

Some variants of FBI CYBERCRIME DIVISION virus will allow the users to start the infected computer in Safe Mode with Networking without displaying the bogus lock screen. In this first method, we will try to start the computer in Safe Mode with Networking and then scan for malware to remove the malicious files.

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
    Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safe Mode with Networking]
  4. If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.

IF the FBI CYBERCRIME DIVISION virus didn’t allow you to start the computer in Safe Mode with Networking,you’ll need to follow Method 2 to get rid of its lock screen.


Method 2: Restore Windows to a previous state using System Restore

System Restore can return your computer system files and programs to a time when everything was working fine, so we will try to use this Windows feature to get rid of FBI CYBERCRIME DIVISION lock screen.

  1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
    Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
  2. Use the arrow keys to select the Safe mode with a Command prompt option.
    Enter Safe Mode with Command Prompt
  3. At the command prompt, if you are using Windows Vista, 7 or 8 type C:\windows\system32\rstrui.exe , and then press ENTER.
    If you are using Windows XP, you will need to type C:\windows\system32\restore\rstrui.exe, and then press ENTER.
    [Image: Start System Restore from Safe Mode with Command Prompt]
  4. The System Restore utility will start, and you’ll need to select a restore point previous to this infection.
    Restore points in Windows 7
  5. After System Restore has completed its task, you should be able to boot in Windows normal mode, and perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.

IF the FBI CYBERCRIME DIVISION virus didn’t allow you to restore your computer to a previous point, you’ll need to follow Method 3 to get rid of its screen lock.


Method 3: Remove FBI CYBERCRIME DIVISION lock screen with msconfig utility

When your computer was infected with the FBI CYBERCRIME DIVISION virus, this trojan has set a its malicious files to start whenever your computer is booting. IF you didn’t have a restore point, we can use msconfig to remove it’s malicious start-up entry.

  1. While your computer is in Safe Mode with Command Prompt, type msconfig to start the Windows System Configuration utility.
    [Image: Type msconfig in the Command prompt]
  2. Click on the Startup tab, then search for any suspicious or unknonw entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and unckech them from startup, then click on OK.
    This will stop the FBI CYBERCRIME DIVISION virus from starting with Windows, however it won’t remove the malicous files from your computer.
    [Image: Uncheck any suspicious entries from start-up]
  3. Type shutdown /r in the command prompt to restart your computer, then  perform a scan with Malwarebytes Anti-Malware and HitmanPro as seen on STEP 2.

IF the FBI CYBERCRIME DIVISION virus didn’t allow you to start the computer in Safe Mode with Command Prompt you’ll need to follow Method 4 to get rid of its screen lock.


Method 4: Remove FBI CYBERCRIME DIVISION virus with HitmanPro Kickstart

IF you couldn’t boot into Safe Mode with Command Prompt or didn’t have a System Restore point on your machine, we can use HitmanPro Kickstart to bypass this infection, and access your computer to scan it for malware.

  1. We will need to create a HitmanPro Kickstart USB flash drive,so while you are using a “clean” (non-infected) computer, download HitmanPro from the below link.
    HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
  2. Insert your USB flash drive into your computer and follow the instructions from the below video:
  3. After you have create the HitmanPro Kickstart USB flash drive, you can insert this USB drive into the infected machine and start your computer.
  4. Once the computer starts, repeatedly tap the F11 key (on some machines its F10 or F2),which should bring up the Boot Menu, from there you can select to boot from your USB.
    Next,you’ll need to perform a system scan with HitmanPro as see in the below video:
  5. After HitmanPro Kickstart has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.

STEP 2: Remove FBI CYBERCRIME DIVISION malicious files from your computer

Run a computer scan with Malwarebytes Anti-Malware Free

  1. You can download Malwarebytes Anti-Malware Free from the below link,then double click on it to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process.
    DO NOT make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked,then click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for FBI CYBERCRIME DIVISION virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for FBI CYBERCRIME DIVISION virus]
  5. When the Malwarebytes scan will be completed,click on Show Result.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  7. After your computer will restart in Normal mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

Run a computer scan with HitmanPro

  1. Download HitmanPro from the below link,then double click on it to start this program.
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
    IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  2. HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
    HitmanPro scanner
    HitmanPro installation
  3. HitmanPro will start scanning your computer for FBI CYBERCRIME DIVISION malicious files as seen in the image below.
    HitmanPro scans after
  4. Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove these malicious files.
    HitmanPro scan results
  5. Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
    HitmanPro 30 days activation button

If you are still experiencing problems while trying to remove FBI CYBERCRIME DIVISION virus from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help you with your computer issues, then it's your duty to let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

THE 411 ON ME

FC Barcelona fan, Starbucks addicted and super geek.
I am the creator and owner of MalwareTips.com
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

Follow me on Google Plus

You can follow me on Google Plus, and I will try to keep you informed with the latest computer infections and malware threats!

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free of charge.
We do not request any kind of money in exchange for our services, however if you like to support us with our hardware maintenance costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.
  • knice1

    Thanks! Restore with command prompt worked to restore. I was locked from everything. Thanks a lot!

  • Felisha

    Thank you …you saved my pc and money from this scam…this works thanks again….

  • John

    Thank you. Just started in safe mode and ran MalwareBytes and it
    cleaned up the problem. Great program!

  • Jennifer

    Used Method 1 and it worked like a charm. Not the first time this site has helped out. Thanks a bunch.

  • John

    I used system restore to get functional again and am now using System Suite’s malware removal to be rid of this menace. If that does not work, I will download the free removal tool. Thanks ever so much, as this probably saved me about $100

  • isaac

    Thanks!
    It worked.

  • Ilene

    Method 2 worked like a charm!!! Thank you thank you thank you!!!

  • Duane

    I used Method 2 and it worked for me. Thank you…

  • Method2

    Thank you!
    I have used System Restore to fix my laptop!

  • Tran

    You saved my PC! Can’t thank you enough. I had to try method 2 to restore windows but it worked. Again, THANK YOU.

  • Michele

    Thank you! I have used Method 1, and it worked!
    Again thank you!