How to Remove Fake FBI Block Virus (MoneyPak Ransomware)

“Your operating system is locked due to the violation of the federal laws of the United States of America…”

This message welcomes you to fake FBI locked computer virus screen. Then, it explains you why FBI locked your computer and asks you to pay a fine. Otherwise, a criminal case will be filed against you. Months in a jail and $240,000 sum are scary as compared to hundred or two dollars asked to be paid for a fine within next hours. Some people do pay, but nothing changes. The locked computer is still locked, and FBI has nothing to do with the message sent by cyber criminals over email. Fear – it is what the fake FBI block ransomware is about. And the target of this scam is your money that wouldn’t help you to unlock the infected computer. If paying ransom cannot help to unlock your computer, then how would you get rid of the fake FBI block virus? Read on to find out how can you remove Fake FBI Block virus and unlock your computer without paying money to cyber criminals.

 

Fake FBI Block virus Removal Guide

 

  1. Remove Fake FBI Block virus manually
  2. Fake FBI Block Virus Removal Tool
  3. Complete Fake FBI Block virus removal

What is Fake FBI Block virus?

 

Fake FBI Block virus with this particular screen, sometimes called FBI Black Screen of Deat, is another sample of ransomware from FBI series wide spread over United States and European countries. It alleges a user of an infected system in some criminal activity on the Internet and asks for a fine of $100 or $200 paid either with MoneyPak or Green Dot cards.

 

Fake FBI Block virus ransomware

 

The scam with Fake FBI Block virus is similar to other like ransomware scams such as Ukash and Reveton viruses. All of these ransomware variations come with Trojans from infected websites involved in activities that left some room for speculations about the legal matters. As an example it might be website that offers copyrighted video and music content for free or a porno site. Very often Fake FBI Block virus is spread with email. This email messages have a link that points to the Trojan located on some host.

Cyber criminals expect that there is no way to easily find out if the law was violated or not, and a locked computer cannot help to find more information. Moreover, such an allegation, supposedly coming from a powerful law enforcement agency is scary. The shock and pressure that come with Fake FBI Lock virus might make a user to believe that FBI can lock computers for such a minor law violation and ask for a fine paid with MoneyPak or like pre-paid card within the next 48 or 72 hours. Neither of these is true, and this fine is just a disguise for a ransom.

Do not pay a ransom to cyber criminals for removing Fake FBI Block virus. Do not waste your money since this payment will not help you to unlock your computer, and it is up to 20 times as expensive as the removal tool that can help you. Use the following guide instead to remove Fake FBI Block virus.

 

Fake FBI Block virus Removal Tool

 

Some users are not able to remove Fake FBI Block virus manually, and the virus design might change with a time and make guides for a manual removal outdated and ineffective. Removal tools, as compared to guides, are constantly maintained by the vendors that trace the malware development and make needed corrections in the removal procedures.

 

DownloadDownload Removal Tool

 

Remove Fake FBI Block virus manually

 

It is possible to remove Fake FBI Block virus using System Restore on a computer that is boot in a Safe Mode with Command Prompt. Please, read how you can do that and give it a try. It is the easiest way of removal that any user can handle.

* On Windows XP type  C:\windows\system32\restore\rstrui.exe and press Enter
* On Windows Vista and 7 type C:\windows\system32\rstrui.exe and press Enter

Note: Type it quickly. Otherwise Fake FBI Block virus will block typing. Alternatively, you can type explorer, and when it starts follow the path and double click the file rstrui.exe.

If you system restore is set to automatically save images of your system when it changes, then you can find a restore point close to the date before your system was infected with Fake FBI Block virus and revert malicious changes by restoring your computer to previous state.

The next way is removing Fake FBI Block virus from the Windows startup list . For this you need to disconnect your network and start your system in a “Safe Mode with Command Prompt”. At the prompt, type regedit.exe and hit Enter.

In the Registry Editor window expand the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Examine the list of files set to run automatically on your computer located in the right pane and find the one with a name that might belong to a virus.

Note: Malicious program can use system file names, but these malicious files are not placed in the system folder. So you can find it out by looking at the path.

Write the path down and delete this subkey by right clicking on it and clicking Delete in the pop-up menu.

Now you need to remove the program that automatically starts Fake FBI Block virus from the Startup program list. For this you need to type msconfig at the command prompt, find ctfmon.lnk in the opened window and remove the line with a path that this file belongs to. Now you can restart your system as normal and continue with the removal.

 

Delete Fake FBI Block virus files: 

%Temp%\tpl_0_c.exe
%Temp%\0_0u_l.exe
%Temp%\V.class
%Temp%\cconf.txt.enc
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\[random]
%CommonStartMenu%\Programs\[random].lnk
%UserProfile%\Desktop\[random].lnk

How to Show Hidden Files

 

Remove Fake FBI Block virus entries from system registry: 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

How to Edit Windows Registry

 

Note: If the manual removal process is confusing to you, then it is better to use removal tools to get rid of Fake FBI Block virus. You can use help guides to learn more on procedures that you need to perform and the system tools you need to use. Be careful while working with Registry Editor since errors in the registry might be fatal to your system. With removal tools you can uninstall Fake FBI Block virus without excessive effort.

 

DownloadDownload Removal Tool

 

Complete Fake FBI Block virus removal

 

Before you connect your network back reset proxy settings to prevent malicious redirect to the site that might reinstall Fake FBI Block virus back onto your PC.

Threats like Fake FBI Block virus might come bundled with other infections. After you remove it, update your antivirus program and run a full system scan to remove other malicious programs. You also might need to use antispyware software to see if there is any spyware left on your computer.

Find more about computer system protection against malicious programs.

 

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

REMOVAL TOOL

Spy Hunter 4

Download SpyHunter and let it scan your computer for malicious and other unwanted programs, spyware and tracking cookies.

Learn More About Spy Hunter 4

SpyHunter protects your computer against viruses, spyware, browser hijackers, pop-up ads, and other malicious programs.
SpyHunter's help desk guarantees your success in removing even most complicated malware infection.

Help for Manual Removal

How to start computer in a Safe Mode

Malware programs often block antivirus programs, Windows system tools needed for

How to Unregister DLL file

Sometimes, malicious programs use Dynamic Link Libraries (DLLs), especially if

How to use Windows System Restore

System Restore is a powerful Windows OS utility that can restore all the importa

How to Check Internet Explorer Proxy Settings

There is no doubt that any malicious program such as fake antivirus will change

How to Reset your Internet Explorer Settings

Malicious programs and some still legal intimidating adware often manipulate bro

How to Edit Hosts File

Windows Hosts file is commonly used for blocking and redirecting websites to mal

How to Show Hidden Files

Some operating system and custom data files are hidden. This is made to protect

How to Change Windows Startup Options

Any malicious program need to place itself in the list of processes started on

How To Unblock Registry Editor Blocked by Malicious Programs

It is less likely that your will need to unblock Registry Editor blocked by the

How to Stop Malicious Process with your Task Manager

Usually, it is easy to start Task Manager with “Ctrl+Alt+Delete” key combination

How to Unblock Task Manager

Why you might need to unblock Task Manager?  This Windows utility helps to monit

How to Edit Windows Registry

Malicious programs might block this Windows utility. If you need to unblock it,

Anti-Malware Protection

Try Spy Hunter 4

Free scanner, easy virus removal, friendly support, and reliable anti-malware protection for your security and privacy.

Download FREE Scanner

Download Spy Hunter 4

  • Best Spyware & Malware Remover
  • Total Security with Realtime Protection
  • Keep your system free of malware

Awards and Partners

Awards and Partners