Questions?
Toll Free: (866) 240-9755
11 Dec

How to Remove the FBI Moneypak Virus

Posted by Dan Steiner on Dec 11, 2012

FBI Moneypak

The “FBI virus” (Citadel Reveton) disguises itself as a message from the FBI. It uses trojans Trojan.Ransomlock.R to lock the victim’s computer, to which it then displays a message stating that you have been involved in cybercrime activities and may face jail time if the user does not pay a fine (usually between $100 – $200 but sometimes as much as $500) within 48-72 hours via Green Dot Moneypak cards, Ultimate Game Cards, or another form of payment. These cards can be purchased at Walmart, CVS, Walgreens, and more (in some instances, the lock screen informs you at various places you can purchase the cards). Currently, there are five different variants of the FBI ransomware malware:

FBI Moneypak: The most popular form of the FBI scam virus. The screen is filled with Moneypak and FBI logos, a webcam, and an alert that informs the victim that they are being accused for a variety of cybercrimes such as viewing/distributing pornography and/or copyrighted material, infecting people with malware, or other illegal activities must purchase a Moneypak card (usually in the amount of $100 or more), to which they must use their voucher code in the form on the lock screen.

Webcam Note: If you do not have a webcam connected to your video screen, the webcam screen on the page will appear blank yet will still state that you are being recorded. Be aware the FBI virus is capable of recording you through your webcam. If possible, unplug your webcam from your computer.

FBI Green Dot Moneypak Virus: This screen is nearly identical to the FBI Moneypak sam screen, except that it also displays McAfee logos. Much like the FBI Moneypak screen, the FBI Green Dot Moneypak malware claims that the FBI has locked your computer on the account that you have been downloading illegal and/or copyrighted content. The victim is then informed that they must pay a certain amount of money via a Green Dot Moneypak voucher code to which their computer will be unlocked.

FBI Audio Virus: Also known as the FBI song, FBI audio virus, Black screen virus, FBI sound virus, Black audio virus, and so on, this variant displays only a black screen that streams audio, informing the victim that the computer has been locked by the FBI.

FBI Green Dot Moneypak Virus: This screen is nearly identical to the FBI Moneypak sam screen, except that it also displays McAfee logos. Much like the FBI Moneypak screen, the FBI Green Dot Moneypak malware claims that the FBI has locked your computer on the account that you have been downloading illegal and/or copyrighted content. The victim is then informed that they must pay a certain amount of money via a Green Dot Moneypak voucher code to which their computer will be unlocked.

FBI Online Agent: The latest variant in the FBI ransomware virus instructs the victim to pay a fine via moneypak card, however it lists in detail the cybercrimes the victim has supposedly broken and the maximum prison sentence associated with each crime. Unlike other variants of the virus, this one lists the victim’s supposed case number, the amount of time the FBI has been tracking the computer, the agent responsible for tracking the computer, and the address where the investigation originated. Additionally, it also displays supposed illegal files found in the victim’s computer, such as “My_sex156.avi,” and other picture files.

Questions Regarding the FBI/MoneyPak Virus

Is fine@fbi.gov $100 or $200 FBI Moneypak fine legit? NO, this is a virus trying to steal your money.

Can the FBI lock your computer? Technically – Yes, technically, but they will NEVER demand money.

Will the FBI block my IP address? It’s possible, but they will NEVER demand money.

My computer is blocked by the FBI MoneyPak virus, is this real? NO.

An FBI online agent has blocked my computer for security reasons? This is a fake virus.

My PC is blocked with the child porn FBI Moneypak virus. Your computer is infected and should be cleaned.

The FBI and wants me to send $100 to them via Moneypak. Do not send any money. Get your computer cleaned.

How can I unlock my computer and get rid of the fake FBI Green dot Moneypak virus scam? Use the removal guide below, or contact an expert.

What can I do when my computer is locked by the FBI Piracy Warning Virus? Use the removal guide below, or contact an expert.

I have the FBI Virus from watching porn, is it a scam? Yes, it should be promptly removed.

Will the FBI charge $100 or $200 to unlock your computer? NO. The FBI will never demand money from you.

How to get rid of fake pop up from FBI? Use the removal guide below, or contact an expert.

How to unlock my computer from the FBI Moneypak Virus Scam Screen? Use the removal guide below, or contact an expert.

How to unlock the FBI lock of your computer scam? Use the removal guide below, or contact an expert.

Will the FBI use my webcam or IP address to track me? The FBI might, but if your computer is blocked – it is FAKE and only used to scare you.

Removal Options for the FBI Virus

The FBI ransomware malware attacks its victims in a variety of different ways. For some victims, they are able to access the Internet and their desktops by booting into “Safe Mode;” for others, they do not have Internet access nor can they access their desktop via “Safe Mode.” But never fear: no matter if you have Internet access or can’t access your desktop, this guide will remove any variant of the FBI virus that may be installed on your PC.

Method 1: Boot into Safe Mode with Networking

In some instances, the FBI virus will give users the opportunity to start their PC in Safe Mode with Networking without displaying the lock screen. While it depends solely on the variant of the FBI Virus, this method will work for some people. Moreover, this method is also the easiest way to get into Windows if you do not own (or would rather not use) a USB flash drive. Follow the steps below to attempt to boot into Windows via Safe Mode with Networking.

  1. Prepare Your Computer

    If you have any floppy disks, CDs, DVDs, or USB flash drive inserted into your computer, remove them from the system. (They can sometimes make this more difficult!)

  2. Enter Safe Mode with Networking

    Restart your computer. Continuously tap the F8 key as soon as your computer begins to restart. Within a few seconds, you will be presented with the Advanced Boot Options screen. You can also turn the computer off, power it back up, then start tapping the F8 key.

  3. safemodebootup

  4. Enter Safe Mode with Networking

    Using the arrow keys on your keyboard, highlight Safe Mode with Networking and press Enter. If this method is successful, your PC will successfully log into Windows. For Windows XP Users, your system may crash and reboot. If this is the case, try to select Directory Services Restore Mode instead.

  5. Run Cleanup

    If you’ve been able to successfully boot into Safe Mode with Networking, you can Continue Below with the Cleanup Process. If this method did not work for you, try another method below.


Method 2: System Restore to Previous Date

If your attempt to boot into Windows using the method above was not successful (i.e. the FBI virus lockscreen still appeared) don’t worry! Instead, use the next method to make your way into Windows so you can scan and ultimately remove the FBI virus. Following this method is just as simple as the first method, so there’s no need to feel overwhelmed.

  1. Restart Your Computer

    Restart your computer. Continue to tap the F8 key as soon as your PC begins to restart. Within a few seconds, you will see the Advanced Boot Options screen.

  2. Boot into Safe Mode with Command Prompt

    Using the arrow keys on your keyboard, select, Safe Mode with Command Prompt, then select Enter.

  3. command_prompt_sm

  4. Login and View Command Prompt

    You may already see the Command Prompt open, if not, you may need to enter your password and login.

  5. Start System Restore via Command Prompt

    To do this, simply type in the following commands:

    Windows XP Users: Type in C:\Windows\System32\restore\rstrui.exe then press Enter
    Windows Vista/Windows 7 Users: Type in rstrui.exe then press Enter

    rstrui_open

  6. Select Restore Point

    The System Restore utility will start, to which you will need to select a restore point prior to the infection. If you want to see a few more restore points other than those listed in the utility, select the Show More restore points checkbox, then select the appropriate restore point.

    This process will not wipe your system out or cause you to lose saved data. This will only revert the registry, which will allow us to boot the computer up to finish the cleanup process.

    This interface may look slightly different depending on the operating system. You will want to select a restore point that was at least a day before you had the virus.

  7. system_restore_window

  8. Start System Restore Process

    Select Next and Finish to allow the System Restore utility to restore your PC to a previous save state. If this method worked, you will be able to successfully boot into Windows and remove the FBI virus once and for all. If your system does not have System Restore turned on, you will need to try the next method below!

  9. Run Cleanup

    Once the System Restore finishes, it is still necessary to run virus removal software. Skip below to the Cleanup Process to finish cleaning up your system.

Method 3: Remove the FBI Virus With HitmanPro Kickstart

If the previous methods did not work for you, there’s still no need to worry, as HitmanPro Kickstart is available for you. In order for this ingenious program to save the day however, you must have a USB flash drive on-hand. If you do not have one, simply borrow one from a friend or family member (ensure the flash drive does not contain data they need), or better yet, go buy a flash drive for yourself (seriously, USB flash drives are only a few dollars now and are incredibly handy to have by your side).

In addition, you will need to have access to a non-infected computer as well as you will need to download HitmanPro Kickstart to your USB flash drive. Again, contact a friend or family member if you do not have access to a non-infected computer at your home. If you have to, assure them this process is perfectly safe (and if you have to, tell them we told you so).

  1. Download Removal Software

    Open a web browser on the Clean Computer. (Chrome, Mozilla Firefox, Internet Explorer, etc.) and navigate to the HitmanPro Kickstart homepage, or download the software below.

    [hitman]

  2. Install and Run HitmanPro Kickstart

    Open HitmanPro Kickstart once the download is complete and run it like you would any normal program.

  3. Insert USB Flash Drive

    Insert your USB flash drive into the non-infected PC. Please Note: This process will erase your flash drive. Please backup your data before continuing!

  4. Create Bootable USB

    Click on the icon of the guy kicking to open the Kickstart interface. (Screenshot below)

  5. hitman_screen

  6. Install Kickstart to USB

    Select your USB Flash Drive, then click Install Kickstart

  7. install_kickstart_usb

  8. Allow Kickstart to Erase USB

    Click Yes on the window that states the USB flash drive with by reformatted before installing HitmanPro Kickstart. You will see the progress of the installation of HitmanPro Kickstart at the bottom of the window.

  9. Eject and Insert Flash Drive into Infected Computer

    Remove the USB flash drive from the clean computer, then insert the USB flash drive into the infected computer.

  10. insert_usb

  11. Open Boot Menu

    Power on the infected computer and continuously tap the F11 key (or, in some instances, the F10 or F12 key). You will know you have been successful when the Boot Menu is displayed. You may need to boot into the BIOS to force your computer to boot from the USB Flash Drive. This part may take some time, and possibly even some patience.

  12. Boot from USB Flash Drive

    When prompted, select your USB Flash Drive / External USB to start the bootup process. This will load the virus removal software on the USB flash drive and configure it to open.

  13. Select Boot Options for HitmanPro Kickstart

    Select Option 1 to boot into Windows first, then press Enter. In some cases, option 1 may not work and you’ll need to select 2 or 3.

  14. This video does a great job explaining the HitmanPro Kickstart process.

  15. Run Cleanup

    Even if HitmanPro Kickstart finds and removes the virus, it is still very important to finish the Cleanup Process.

Cleanup Process: Removing the FBI Virus and its Malicious Files

The following steps are still necessary, even if your computer seems to be running normally after the previous methods. This particular virus takes a few more steps to ensure the system is completely clean. If you fail to finish the cleanup process, the virus may re-install!

  1. Download RogueKiller

    This program works fantastic to check for hijacked registry keys, processes, and other common areas that viruses infect. It’s available completely free and will take only a few minutes to run. You can download Rogue Killer directly from the authors website here, or simply click on the download button below.

    Rogue Killer

    • FREE (32Bit / 64Bit)
    • Tigzy (Website)

  2. Launch and Run Scan with Rogue Killer

    Once you’ve downloaded Rogue Killer and saved it to a location on you computer, double click it to launch the application. Give it a few moments to load, then click Accept on the prompt to agree to the EULA statement. Then click the Scan button to start the scan process.

  3. Rogue Killer Virus Removal

  4. Delete Malicious Detections

    Once the scan has finished, you may notice several detections. If not, that’s great! The most common problems with the FBI Virus are the MBR (Master Boot Record), Hosts, Registry, and Files. Once you’ve looked through each tab, go ahead and click the Delete button on the right. For detailing information on each tab, follow the Rogue Killer Tutorial.

    It’s common for the FBI Virus to include other infections such as: TDSS, Rans.Gen, and others. Rogue Killer is excellent at removing these infections.

    After you’ve finished deleting with Rogue Killer, go ahead and close the program to continue with the guide.

  5. Download Malwarebytes Anti-Malware

    The easiest way to remove the remaining FBI Virus files is with Malwarebytes Anti-Malware. This is hands down the easiest and most effective tools available for malware removal. Install the free or paid version of Malwarebytes Anti-Malware. Malwarebytes Pro includes protection from future attacks like this, while the free version is a one time scanner. If you can afford the $25, it’s worth every penny.

    Malwarebytes Anti-Malware

    • FREE / $24.95 USD (Lifetime)
    • Malware Scanner Utility (No Protection)
    • Malware Scanner + System Protection
  6. Install MalwareBytes Anti-Malware

    Install MalwareBytes Anti-Malware as you would any other program. Once the installation process begins, the software may download new definitions and update the program, so give it a few minutes and allow it to update appropriately. Once the updates are completely and you are viewing the following screen below, you are ready to use it:

  7. mb_fullscan_selected

  8. Run a Full Scan with MalwareBytes

    Select the Full Scan box, then select Scan to begin the scanning for malware. Ensure drive C: is selected, then select Scan once more.

  9. mb_scanning

  10. Look at the Infected Files

    Once the scan is finished, select OK to look at the files then select Show Results.

  11. mb_objects_detected

    mb_scan_completed

  12. Remove the Infected Files via MalwareBytes

    You will now notice a variety of infected files and registry keys. Ensure the detected objects are selected, then select Remove Selected.

  13. mb_infections

  14. Reboot Your PC

    MalwareBytes Anti-Malware will inform you that you must reboot. This is perfectly normal, and will provide the software with the opportunity to remove the infected files.

  15. mb_reboot_window

  16. Boot Back into Windows

    Your PC will now boot up as normally without the virus infected your machine. Open a few of your regularly-used software and ensure everything is working as normally.

  17. Patch System and Clean Registry

    It is recommended that you follow every method listed below, as each method will fix the security “holes” responsible for the FBI virus infecting your computer, as well as ensure that your computer is running optimally.

  18. Install and Run Glary Utilities

    To clean up the registry, temporary files, and other residual junk from your computer, download Glary Utilities. It’s available completely free directory from the Glarysoft Website, or by using the Download below.

    [glary]

  19. Scan with Glary Utilities

    Ensure the 1-Click Maintenance tab is selected. Next, click Scan for Issues to allow Glary Utilities to find and repair your registry, remove spyware and adware, delete your temporary files, and so on. It’s a great way to ensure that your computer is running at its best, all the while making absolute sure that any of the remnants of the FBI virus that may still be in your computer are removed from your PC.

  20. glary_problems

  21. Install an Effective Anti-Virus Solution

    It may seem silly that we’re mentioning this in our removal guide, but many people have outdated, ineffective, or zero virus protection running!

    Download and install anti-virus software you can depend upon. There are multiple incredible anti-virus programs that we recommend, so take your pick, download the anti-virus software of your choice from our Downloads page, run the setup file once it finishes downloading, and follow the on-screen instructions.

    If you already have anti-virus software, ensure it’s still fully functional, then run a full scan. You should do the same even if you just downloaded a new anti-virus solution.

  22. Update Outdated Plugins that are Exploitable

    Viruses commonly use exploits in outdated software, commonly Java and Adobe products. It’s very important to update these plugins to prevent the same attack from happening again. To do this, simply visit the Java Website and the Adobe Website to download the latest drivers and plugins.

    We recommend updating Java, Adobe Flash, Adobe Reader, Adobe Air, and Adobe Shockwave.

  23. All Finished!

    We hope this guide helped you, and if it did, please take a moment to click one of our social share buttons or post a comment to say thanks.

!
Thank the Author!

Dan Steiner is an IT from San Luis Obispo, California. He has helped thousands of people with virus removal and other computer related issues.

Posted 11.12.2012

Send the Author a Coffee

Thanks for supporting our work!

Was This Guide Helpful
How to Remove the FBI Moneypak Virus
7 votes, 5.00 avg. rating (99% score)

Comments

13 comments

Thanks for the guide!

This guide has been updated to include the latest and most effective methods for removing the FBI MoneyPak virus. (Updated 5-2-2013)

    I imagine the ransomware is adapting. Followed these instructions to no avail. Still locked out. No idea what to do next. Guess I’ll keep looking for a more current solution. Liked what I saw here, just wish it worked.

      Dayton, can you give me some more information about your specific situation? I might be able to provide you with some additional guidance.

Hello Dan, Thank you so much. You are very kind! Keep up the good work. God Bless.

I am not computer savvy at all, and I hate technology in general. I’m rather young, and I don’t know much about these computer systems, but with your help, it appears that I was able to save my computer from a ronsomware. Thank you and thank God.

*ransomware

Thank you!

I just want to say thanks! I was able to follow the directions and save my laptop!

Thank You so much Mr.Dan, may the god guide you …

Thank you so much! Additionally, if you have more than one profile on a computer; you can switch to one that is unaffected, download all of the aforementioned software etc. , and relaunch the infected profile and it will be good as new.

Thank you so much I was able to save my computer and didn’t cost me a penny!

This information was really useful. Very user friendly and worked just great for me. It is great to know there are some great people out there willing to help out someone in need. Thank you kindly!

i got a messgae that i got this virus. I powered down my machine and them powered it up everthing was working fine. I had acess to all files. Do i have the virus? Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>