The FBI MoneyPak Ransomware is a computer virus, which will display a bogus alert, that pretends to be from the Federal Bureau of Investigation and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The FBI virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of 100$ in the form of a MoneyPak code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.
If your computer is infected with FBI virus,then you are seeing any of the below screens:
The bogus notification from the FBI will display the following message:
The FBI
Federal Bureau of Investigation
ATTENTION!
IP: xxx.xxx.xxx
Location: Your Country Here
IPS: Your ISP HereYour PC is blocked due to at least one of the reasons specified below.
You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.
Pursuant to the amendment to the Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!
To unblock the computer, you must pay the fine through MoneyPak of 100$.
The FBI notification is a scam, and you should ignore any alert that this malicious software might generate.
Under no circumstance should you send any money via MoneyPak to these cyber criminals, as this could lead to identity theft,and if you have, you can request a refund from MoneyPak stating that the payment was due to a scam and a computer virus.
FBI MoneyPak Virus Removal Guide
STEP 1: Remove FBI lock screen from your computer
FBI MoneyPak virus has modified your Windows registry and added its malicious files to run at startup, so whenever you’re trying to boot your computer it will launch instead its bogus notification.To remove these malicious changes, we can use any of the below methods :
Method 1: Start your computer in Safe Mode with Networking and scan for malware
Some variants of FBI virus will allow the users to start the infected computer in Safe Mode with Networking without displaying the bogus lock screen. In this first method, we will try to start the computer in Safe Mode with Networking and then scan for malware to remove the malicious files.
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
![[Image: Safe Mode with Networking]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/safemode.jpg)
- If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the FBI virus didn’t allow you to start the computer in Safe Mode with Networking,you’ll need to follow Method 2 to get rid of its lock screen.
Method 2: Restore Windows to a previous state using System Restore
System Restore can return your computer system files and programs to a time when everything was working fine, so we will try to use this Windows feature to get rid of FBI lock screen.
- Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - Use the arrow keys to select the Safe mode with a Command prompt option.
- At the command prompt, if you are using Windows Vista, 7 or 8 type C:\windows\system32\rstrui.exe , and then press ENTER.
If you are using Windows XP, you will need to type C:\windows\system32\restore\rstrui.exe, and then press ENTER.
![[Image: Start System Restore from Safe Mode with Command Prompt]](http://malwaretips.com/blogs/wp-content/uploads/2013/02/cmd-system-restore.jpg "Start System Restore from Safe Mode with Command Prompt")
- The System Restore utility will start, and you’ll need to select a restore point previous to this infection.
- After System Restore has completed its task, you should be able to boot in Windows normal mode, and perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the FBI virus didn’t allow you to restore your computer to a previous point, you’ll need to follow Method 3 to get rid of its screen lock.
Method 3: Remove FBI lock screen with msconfig utility
When your computer was infected with the FBI virus, this trojan has set a its malicious files to start whenever your computer is booting. IF you didn’t have a restore point, we can use msconfig to remove it’s malicious start-up entry.
- While your computer is in Safe Mode with Command Prompt, type msconfig to start the Windows System Configuration utility.
![[Image: Type msconfig in the Command prompt]](http://malwaretips.com/blogs/wp-content/uploads/2013/02/command-prompt-start-msconfig.jpg "Type msconfig in the Command prompt")
- Click on the Startup tab, then search for any suspicious or unknonw entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and unckech them from startup, then click on OK.
This will stop the FBI virus from starting with Windows, however it won’t remove the malicous files from your computer.
![[Image: Uncheck any suspicious entries from start-up]](http://malwaretips.com/blogs/wp-content/uploads/2013/02/msconfig-remove-startup-item.jpg "Uncheck any suspicious entries from start-up")
- Type shutdown /r in the command prompt to restart your computer, then perform a scan with Malwarebytes Anti-Malware and HitmanPro as seen on STEP 2.
IF the FBI virus didn’t allow you to start the computer in Safe Mode with Command Prompt you’ll need to follow Method 4 to get rid of its screen lock.
Method 4: Remove FBI virus with HitmanPro Kickstart
IF you couldn’t boot into Safe Mode with Command Prompt or didn’t have a System Restore point on your machine, we can use HitmanPro Kickstart to bypass this infection, and access your computer to scan it for malware.
- We will need to create a HitmanPro Kickstart USB flash drive,so while you are using a “clean” (non-infected) computer, download HitmanPro from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro) - Insert your USB flash drive into your computer and follow the instructions from the below video:
- After you have create the HitmanPro Kickstart USB flash drive, you can insert this USB drive into the infected machine and start your computer.
- Once the computer starts, repeatedly tap the F11 key (on some machines its F10 or F2),which should bring up the Boot Menu, from there you can select to boot from your USB.
Next,you’ll need to perform a system scan with HitmanPro as see in the below video:
- After HitmanPro Kickstart has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
STEP 2: Remove FBI malicious files from your computer
Run a computer scan with Malwarebytes Anti-Malware Free
- You can download Malwarebytes Anti-Malware Free from the below link,then double click on it to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - When the installation begins, keep following the prompts in order to continue with the setup process.
DO NOT make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked,then click on the Finish button.
![[Image: Malwarebytes Anti-Malware final installation screen]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-installation.jpg "Malwarebytes Anti-Malware final installation screen")
- On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
![[Image: Malwarebytes Anti-Malware Quick Scan]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-quick-scan.jpg "Run a Quick Scan with Malwarebytes Anti-Malware")
- Malwarebytes’ Anti-Malware will now start scanning your computer for FBI virus as shown below.
![[Image: Malwarebytes Anti-Malware scanning for FBI virus]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-scan.jpg "Malwarebytes Anti-Malware scanning for FBI virus")
- When the Malwarebytes scan will be completed,click on Show Result.
![[Image: Malwarebytes Anti-Malware scan results]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-scan-results.jpg "Malwarebytes when the system scan has completed")
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
![[Image:Malwarebytes removing virus]](http://malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-virus-removal.jpg "Click on Remove Selected to get rid of FBI virus")
- After your computer will restart in Normal mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
Run a computer scan with HitmanPro
- Download HitmanPro from the below link,then double click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
- HitmanPro will start scanning your computer for FBI malicious files as seen in the image below.
- Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove these malicious files.
- Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
Thank you!!
It worked great.
Thank you. I appreciate you taking the time to create these instructions. They worked well and were easy to follow. Thanks again.
thank you guys i tried your step two and worked like a charm
thank you very much for this information. I followed the instructions, had to use method 2 and everything worked great. Thanks again!
Mine keeps going to the Windows Error Recovery screen and then tries to launch startup repair. It is a repeating cycle and won’t let me run the Hitman Pro program. This virus is bad and I’m so frustrated because I keep hitting a dead end. :(
Hello Amy,
You’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/anonymous-virus/ , on Method 2.
If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
Good Luck!
Here is a trick I use often in working on Virus infected machines. It worked for me recently when I found The FBI virus had blocked access to Safe mode with or without networking, Safe mode with command prompt still worked. Boot into safe mode with command prompt and enter “explorer” in the prompt and press enter. Explorer starts windows in safe mode at that point. Close the command prompt window, access the control panel->User Accounts. Add a new user with admin privledges and do a normal reboot. Use the new user Id to login and run a deep virus scan (I use Avast Boot scan) to clean up the virus. Works for most viruses I have found and it is simple.
I used the hitmanpro but it does not pick anything up (stays green) when restart virus still there HELP!
This virus asks for $300 – it seems more than what I’ve seen. Does that mean it is a newer more robust/not easily picked up variety?
Hello Bert,
Can you boot your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt. This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknonw entries (random numbers or letter, ctfmon.exe and other suspicious entries) and uncheck them from start-up. Next boot your computer in regular mode and perform a scan with HitmanPro and Malwarebytes as seen on the guide.
And then perform a scan with the following tools:
STEP 1: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 2: Run a scan with Emsisoft Emergency Kit.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
Thanks for the quick reply – I cannot get the pc to start with command prompt – it goes to a blue screen with lots of garbage and a message about physical memory dump.
Hello,
It sounds like you have a very nasty rootkit on this machine.Can you try to create a HitmanPro Kickstart USB as see on the guide?
If it still doesn’t work,you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/anonymous-virus/ , on Method 2.
If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
Good Luck!
I am attempting to create the HitmanPro.Kickstart USB flash drive from HitmanPro website and get an error message: “#112, copy”. I have clicked retry several times on two different flash drives. What am I doing wrong?
I was using 1G flashers. Worked like a charm when I got a bigger stick. Ooops.
You are very good. The other websites I went to often underestimated the power of the FBI virus, by treating it like an easy fix–as though the virus had not completely disabled everything–or else they suggested solutions that only a computer pro could have used. But I am no computer pro and the virus is horrible. I could not use the first two of your three methods to get rid of the lock screen. The virus would not let me go into safe mode (or maybe MS was too incompetent to) and I could not do a restore because my Windows has never let me set a restore point. The solution had to come from outside, and you knew when the others did not. HitmanPro really did the trick. Thanks a lot.
Thank you. My computer is up and running well once again. It’s pretty sad that you buy an anti-virus and it doesn’t run when you install the cd. After uninstalling the antivirus, WHAM, my computer has a virus. When I call tech support, they tell me they can fix my computer for a “reasonable” fee. Wrong answer. Thanks again for your help. I’ll be cheering on Barca to win the Copa Del Rey !!
You have been a life saver. Running the malwarebytes scan now. I’m so glad this is FREE another site tried to get $85 with me doing the work.
Thank you so much
I have been working all morning trying to fix virus. I downloaded the malware onto a thumbdrive and followed the steps of opening system in safe mode with command prompt, conducted cd restore and rstrui.exe, went back to reboot system in windows normal and before I could run a system scan, got a white screen. I am so sick of seeing this white screen. Please help if anyone can.
Flustrated! Yes I spelled it correctly….
Hello,
Start your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt. This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknonw entries (random numbers or letter, ctfmon.exe and other suspicious entries) and uncheck them from start-up. Next boot your computer in regular mode and perform a scan with HitmanPro and Malwarebytes as seen on the guide.
Good Luck!
The “virus” only seems to have infected one of the users on my computer. When I hit the F8 key upon re-starting my computer, the up and down keys do not move the highlighted area off of “open normally” or something like that. Since the other users are operating ok, can I download the Malwarebytes and/or Hitman Pro from one of them and go from there?
Hello Lynn,
Is any of them an Administrator account? Go ahead and perform the scan and see if they manage to remove the infection.
Your System Restore option worked successfully for a remote beginner windows user successfully. Instructions were provided by phone and worked perfectly! You totally rock!!!
Hey and thanks so much for your help.
I managed to get back in to my laptop using method two and I have norton so I ran a full scan, this revealed 33 tracking cookies but nothing else so I downloaded malwarebytes as you suggested but when I did a quick scan it didn’t find any objects so I did a full scan and still nothing found :-(
I’m now really worried that the malicious file is sat in my computer somewhere and I don’t know how I would find it as I don’t even know what I’m looking for. Please help!
Hello Jamie,
Can you please run a scan with the following tools:
STEP 1: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run again a scan with Malwarebytes and HitmanPro.
You saved me! Thank you so much. I called a computer repair company last night when this virus attacked, but at work today (where I could get back online) I found your blog. I’m so glad I still have all of my files. And I will be backing up promptly. The only bummer is that I didn’t find you sooner; the computer repair company that I called is charging me $50 for cancelling the appointment. DON’T ever call GeeksOnSite. But thank you so much for your free and relevant help. I really, really appreciate it.
Hi, WORKS FOR THE FBI/MONEY PAK RANSOM WARE….
Just wanted to let you (and anyone who is considering using this software and the methods shown here) know that it did work for me. I had to go with creating the boot-able flash drive using Hitman Pro as you directed. All the methods above that failed to work (I’m assuming due to the malware having been improved to overcome those methods). Just wanted to thank you for providing such a valuable service. Is is greatly appreciated. Thanks Again,
Oliver
Mobile, AL USA
Hey Mate,
I ran both the Malwarebytes and the Hitman Pro in safe mode. Both removed files the first time I ran them. But after restart the FBI virus still exists. I ran them each again and they tell me no threats found. Ideas?
Hello Adam,
Can you please run a scan with the following tools:
STEP 1: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run again a scan with Malwarebytes and HitmanPro.
works great bud thansk u are awesome
How much does it cost to download the software to remove FBI virus?
Hello Jim,
All the software that we recommend is FREE…….If it will cost you just 1 cent to remove this infection, we will give you 100$ back! :P
Helpful information!!Thanks!!
System Restore did the trick for me!Thank you
I have used HitmanPro KickStart and got rid of this nasty virus!
Thank you so much !
Thanks!
Thank you, I didn’t have any hope of recovering my photos,your guide works and was very easy to follow!
I downloaded the Kaspersky rescue disk but would not update so i ran it on the yellow display. All worked well. I am malware and virus free for the moment. What would you recommend as a antimalware, antivirus to purchase so to help avoid having these issues?
Thanks so much for posting this blog!!
AWESOME!THANK YOU!
Thank you!For a second I thought I have lost all my files!:)
Hi! I downloaded the Kapersky rescue disc, and after the scan (2 hours) i was looking for the light to turn green, but it turned yellow! then i restarted my computer and all the words off the icons are gone, and my icons won’t open…. the internet explorer, start menu, etc. just don’t do anything when i click… I can’t right click either. and when i press control alt delete, there are no words anywhere…. just symbols! what’s going on! please help! thanks!
Hello Abby,
You have a new version of this virus which has encrypted your files.Please run the following tool to recover your files; https://support.kaspersky.com/faq/?qid=208286527
http://majorgeeks.com/story.php?id=34161