How to Remove FBI MoneyPak Virus?


FBI MoneyPak virus will lock the computer allegedly due to involvement in illicit activities. It reports that you are downloading or distributing copyrighted material and other adult content. To be able to unlock the PC, FBI MoneyPak demands you to pay a penalty ranging from $100 to as high as $200 within 72 hours. This ransom program only accepts MoneyPak payment methods that you can purchase from selected convenience and retail stores. MoneyPak is very similar to credit cards, however, it has a pre-loaded amount of money that you can use to buy things and purchase online.

If the FBI MoneyPak virus infiltrates your computer, it denies your access instantly. Suffering from a locked PC denotes that the virus has already altered some of your system settings particularly the registry. Apart from that, expect that harmful files be already dropped on the various spots of your hard drive. With some components hidden on the system, there is no easy way to remove the FBI MoneyPak virus.

The best approach to uninstall the FBI MoneyPak virus is by using a removal tool in the presence of anti-malware software. If you will only follow the guide below, you can get rid of this ransom Trojan without paying the fee. Regain control of your computer once more after completing the removal process.

What are the Symptoms of FBI MoneyPak Virus Infection?

FBI MoneyPak Virus will not allow you to use the computer until you pay for the fine, which costs $100 to $200. Once payment has been made, you will receive the unlock code that you can use to regain access.

FBI MoneyPak Virus

The fake FBI (Federal Bureau of Investigation) fake warning page, as shown above, will contain accusations of illegal acts observed on your computer. Here are some excerpts.

All activity of this computer has been recorded.
Of you use a webcam, videos and pictures were saved for identification.
You can be clearly identified by resolving your IP address and associated hostname.
Your Computer has been locked!
Illegally downloaded material (MP3?s, Movies or Software) has been located on your computer?

Update: August 22, 2012

A new version of FBI MoneyPak is in the wild. This time, it added a new payment scheme called Ultimate Game Card by PaybyCash.com. Here is the screenshot image.

FBI - Ultimate Gane Card

Updated: October 13, 2012

The new version of the FBI MoneyPak virus exhibits a new layout. It is named Green Dot Moneypak Virus. Everything remains the same. See the image below for reference.

FBI MoneyPak Virus Image 3

Updated: September 20, 2021

Though the original intention of the FBI MoneyPak virus is still the same, with time, it has taken various forms to spread itself. Here are some versions of the FBI MoneyPak virus that are widely spreading:

Decrypt Protect

Decrypt Protect virus is tagged as ransomware, which hostage the victims’ system and displayed MBL Block Off screen. It stated there that you have lost control over your computer, all files have been locked and encrypted. Decrypt Protect gives you only 48 hours to enter the payment which needs to be done via Green Dot MoneyPak.


FBI Department of Defense

In this version, the victims are presented with a screen in which they are scared by stating that “you have broken the law of the United States of America”. In reality, it is just another version of the FBI MoneyPak virus that utilizes the name of FBI to scam victims. The payment method is also changed and now the attacker takes ransom in the form of cryptocurrencies as they are untraceable.


FBI Anti Piracy Warning

It is another form of Ransomware that takes the name of the FBI to infect computers. It creates a fake message warning victims that their PC has been locked because several illegal activities have been detected on their device.


Threat Summary

Threat Name: FBI MoneyPak
Type: RansomLock
Brief Description: This type of malware locks the computer or desktop making it unusable.
Detected as: Trojan.Ransomlock.G

Description

FBI MoneyPak virus will lock the computer allegedly due to involvement in illicit activities. It reports that you are downloading or distributing copyrighted material and other adult content. To be able to unlock the PC, FBI MoneyPak demands you to pay a penalty ranging from $100 to as high as $200 within 72 hours. This ransom program only accepts MoneyPak payment methods that you can purchase from selected convenience and retail stores. MoneyPak is very similar to credit cards, however, it has a pre-loaded amount of money that you can use to buy things and purchase online.

If the FBI MoneyPak virus infiltrates your computer, it denies your access instantly. Suffering from a locked PC denotes that the virus has already altered some of your system settings particularly the registry. Apart from that, expect that harmful files be already dropped on the various spots of your hard drive. With some components hidden on the system, there is no easy way to remove the FBI MoneyPak virus.

The best approach to uninstall the FBI MoneyPak virus is by using a removal tool in the presence of anti-malware software. If you will only follow the guide below, you can get rid of this ransom Trojan without paying the fee. Regain control of your computer once more after completing the removal process.

What are the Symptoms of FBI MoneyPak Virus Infection?

FBI MoneyPak Virus will not allow you to use the computer until you pay for the fine, which costs $100 to $200. Once payment has been made, you will receive the unlock code that you can use to regain access.

FBI MoneyPak Virus

The fake FBI (Federal Bureau of Investigation) fake warning page, as shown above, will contain accusations of illegal acts observed on your computer. Here are some excerpts.

All activity of this computer has been recorded.
Of you use a webcam, videos and pictures were saved for identification.
You can be clearly identified by resolving your IP address and associated hostname.
Your Computer has been locked!
Illegally downloaded material (MP3?s, Movies or Software) has been located on your computer?

Update: August 22, 2012

A new version of FBI MoneyPak is in the wild. This time, it added a new payment scheme called Ultimate Game Card by PaybyCash.com. Here is the screenshot image.

FBI - Ultimate Gane Card

Updated: October 13, 2012

The new version of the FBI MoneyPak virus exhibits a new layout. It is named Green Dot Moneypak Virus. Everything remains the same. See the image below for reference.

FBI MoneyPak Virus Image 3

Updated: September 20, 2021

Though the original intention of the FBI MoneyPak virus is still the same, with time, it has taken various forms to spread itself. Here are some versions of the FBI MoneyPak virus that are widely spreading:

Decrypt Protect

Decrypt Protect virus is tagged as ransomware, which hostage the victims’ system and displayed MBL Block Off screen. It stated there that you have lost control over your computer, all files have been locked and encrypted. Decrypt Protect gives you only 48 hours to enter the payment which needs to be done via Green Dot MoneyPak.


FBI Department of Defense

In this version, the victims are presented with a screen in which they are scared by stating that “you have broken the law of the United States of America”. In reality, it is just another version of the FBI MoneyPak virus that utilizes the name of FBI to scam victims. The payment method is also changed and now the attacker takes ransom in the form of cryptocurrencies as they are untraceable.


FBI Anti Piracy Warning

It is another form of Ransomware that takes the name of the FBI to infect computers. It creates a fake message warning victims that their PC has been locked because several illegal activities have been detected on their device.


Procedures to Remove FBI MoneyPak

Download FREE Removal Tool

Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.

Create a USB Bootable Device

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains FBI MoneyPak remover.

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove FBI MoneyPak

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing FBI MoneyPak, you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

5 thoughts on “How to Remove FBI MoneyPak Virus?”

  1. Yeah.. im a Victum to this little damn virus.. and Ummm.. I just unlocked it with a very easy way.. See what i did was i had open programs that was.. Well already opened and so i went to turn off my computer and then simply canceled it. Now the mailwear is still in the computer but at least it unlocks your screen free of charge.

  2. I did exactly as explained here.. But after selecting that the computer boot from the usb the screen stops at a blank black screen.. I think that the usb is not booting.. is there a way to fix this

  3. All the steps followed from this website, last step taking tons of time… hopefully it will remove this damn virus. Thanks to the author!!

  4. Blank screen after selecting GUI option from main menu took a long time to load up. Wait for it. Once loaded, run the terminal executable to scan and clean the registry then the rescue program, update defs., and scan all as described. Ransom virus found numerous times in local profile path on “C” drive. Hopefully this fixes it. You used to be able to bring up PC in safe mode and kill the process and manually obliterate it. Seems this virus has evolved and these sneaky little b**rds disabled the CTRL-ALT-Delete option for task manager and now you can’t get into it. The only way to blow this virus away is using some outside force other than the Windows OS that’s installed. Crazy! Never seen anything like it :-)

Leave a Comment