FBI Moneypak ransomware is a virus similar to Reveton and Central Police Unit malicious programs designed to extort money from computer users. When FBI Moneypak virus infects computer, it locks user access to the system and exposes a screen that looks like an allegation coming from FBI. This document accuses a user of infected system in a violation of copyright law or watching child pornography online. Locked computer and such a message from law enforcement agency definitely is a shocking experience to users that don’t have problems with ransomware before. Locked computer can’t help to find more information about this message and remove FBI Moneypak virus from computer instead of paying a fine of $100 or more. No government agency requires to use prepaid cards, such as Moneypak, for paying fines, but people not always know that. They got scared of a message about getting in jail unless the fine is paid in 72 hours and pay ransom to cyber criminals instead of deleting FBI Moneypak ransomware.
What is FBI Moneypak virus?
The FBI Moneypak is a ransomware screen locker program spread with Trojans over the internet. It locks infected computer and accuses a user in a violation of copyright law or seeing child pornography. It offers to pay a fine within 72 hours and requires use for the payment Moneypak prepaid card. It states that a user will get in jail unless payment is made. ransomware Trojans easily infect systems. FBI Moneypak virus blocks or disrupts antivirus software and system utility programs that help to detect and remove FBI Moneypak ransomware. This infection is spread with some freeware programs, free games, free movies or music files. Usually people are tricked into downloading this malware from suspicious websites, and this fact allows criminals to accuse people in some illegal activity. FBI Moneypak ransomware might be morphing, and other similar viruses might use the same look for disguise. This can make the removal of lock screen virus that look like FBI Moneypak kind of tricky.
FBI Moneypak Removal Tool
FBI Moneypak ransomware siblings might complicate removal process, and it might require a lot of time to find out what the infection type it is and what the removal procedure should be used. Special removal tools and fresh antivirus scanners might help ti remove FBI Moneypak if you got an access to the internet. Security Stronghold offers a low cost FBI Moneypak Ransomware Removal Pack that consists of FBI Moneypak Ransomware Removal Tool and True Sword antivirus scanner. Technical support is provided in case of some problem with automated removal. The offer is backed by the money back guaranty. It is easy to try this tool and see if it finds infection on your PC.
How to manually Remove FBI Moneypak virus
There are different way that might help to remove FBI Moneypak Ransomware virus. One of the easiest ways is a use of Windows system restore with a system run in Safe Mode. Though, if you succeed with the removal using system restore, do not assume that your system is clean, update your antivirus software, and run full system scan since System Restore files might be infected by different viruses that come with FBI Moneypak.
If system restore doesn’t help to remove this virus, try different ways to manually remove FBI Moneypak. If infected computer is set for different users, then you can try to star it under different account that is not infected and look for FBI Moneypak files that have to be removed. Otherwise, start your system in Safe Mode and look for files that need to be removed.
First you need to prevent FBI Moneypak from automatic start. Press Start button and type msconfig in the input box at the bottom. In the msconfig program window press on Startup tab. Look for suspicious file listed below and uncheck them. Then try to restart your system as normal. If FBI Moneypak comes back, then repeat previous procedure and use Search utility to look for files with .MOF extension such as [random chars].mof and files named V.class. These files might restore FBI Moneypak EXE after it was removed. So, remove executable again and FBI Moneypak should be gone.
Kill FBI Moneypak virus malicious processes
Remove FBI Moneypak virus entries from system registry:
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
Note: Check for all the listed entries. Not necessarily all of them will be present in system registry, and not necessarily this list covers all the changes that should be made since the virus might change in design. A lot of less important registry keys are just impossible to list here. After you remove FBI Moneypak and scan your system with antivirus, run one more scan with a registry cleaner such as Revo Uninstaller to find and remove stray registry keys.
Delete FBI Moneypak virus files:
%Documents and Settings%\%UserName%\Application Data\[random chars].exe
%Documents and Settings%\%UserName%\Desktop\[random chars].lnk
Note: Look for FBI Moneypak executable file in listed above locations. Is has a hidden attribute and you need to enable displaying hidden files in your Explorer.
Note: If these procedures look complicated and lengthy, then it might be better to use removal tools for FBI Moneypak Ransomware removal. Otherwise, read help articles that describe basic steps and working with Windows utilities. Be careful while working with Registry Editor since errors in system registry might make your system inoperable. With removal tools you can uninstall FBI Moneypak virus without excessive effort and time waste.
Remove FBI Moneypak Ransomware completely
FBI Moneypak Ransomware might come in a bundle with other viruses and malicious programs, and you need to remove them to make your system clean and secure. After you get rid of screen locking virus, try to update your antivirus software and run full system scan that will find and remove malicious programs. If no problems are found, then use free scanners from different manufacturers to scan your system for the most recent threats.