How do i remove FBI Moneypak Virus

FBI Moneypak Virus is a cyber scam spyware on internet. Since it uses FBI’s name most people think it is original one. This virus ask user to pay $200 fine to unlock your computer since you download some copy write content from the internet.  It is very similar to Canadian Police virus.

It ask you to make payment in 48 hours to 72 hours. Seeing this type of message most people will get afraid as they do not want to get arrested or to have long legal battle with FBI. So they end up paying so called fine to cyber criminals.

Mostly this virus get into your machine if you illegally downloaded music or Video or could have visited adult sites. FBI Moneypak Virus work around your existing antivirus so it does not get detected. Once it is in your system it can disable the existing antivirus so you cannot do anything with your computer. Most frustrated people end up paying them and warning disappears after some times. But your computer is still infected and need to be cure. To free up your computer with this virus follow these easy steps.

Step 1 : Turn off the FBI Moneypak Virus infected computer and wait for 30 Seconds before you turn on.

Step 2 : Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU as shown below.

Step 3 : In the WINDOWS ADVANCED OPTIONS MENU, go down to the Directory Services Restore Mode, using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode. Safe Mode will cause the display and desktop icons to appear changed. This is normal. No need to Panic as it is due to FBI Moneypak Virus.

Step 3 : The infected files on FBI Moneypak Virus will be located inside the Temporary files on the computer. So first we need to remove all of the Temporary files from the computer. For that follow the steps…

  1. Open My ComputerPlease select the Tools menu and click Folder Options.
  2. After the new window appears select the View tab.
  3. Put a checkmark in the checkbox labeled Display the contents of system folders.
  4. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  5. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  6. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  7. After this please press the Apply button and then the OK

Now we will be able to see all the System Files and Hidden Files on the computer.

Step 4 : Now hold down the WINDOWS key and then press the R key. Now you will get a Run Window.

Step 5 : Inside that Run window type TEMP and press on Ok.  It will open one temp folder it’s location will be C:\WINDOWS\Temp. Now delete all of the files inside that Temp folder.  Delete as much as you can, There is a possibility that unable to delete some of the files associated with some applications and windows. Try to rename those files and delete others.

After that we have to delete all of the files inside the %TEMP% also. For that hold down the WINDOWS key and then press the R key. Now you will get a Run Window. Inside that Run window type %TEMP% and press on Ok.  It will open one temp folder it’s location will be

C:\Documents and Settings\{Your User Name}\Local Settings\Temp   (In Windows XP)

C:\Users\{Your User Name}\Appdata\Local\Temp   (In Windows Vista, Windows 7)

Now delete all of the files inside that Temp folder also.

Step 6 : There will be one infected files in the start up folder of the computer. To remove that one we need to go to the start up location. (%StartupFolder% – refers to the Startup folder in the Start Menu. )

C:\Documents and Settings\{Your User Name}\Start Menu\Programs\Startup (In Windows XP)

C:\Users\{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup  (In Windows Vista, Windows 7)

There you will be able to see one file called ctfmon.lnk. Delete that one from the start up. Now restart the computer…

 

THERE IS A CHANCES THAT IN SOME CASES THE FBI Moneypak Virus WILL NOT ALLOW AS TO BOOT THE COMPUTER INTO SAFE MODE, THE INFECTION WILL SEND YOU POP UP’s IN SAFE MODE ALSO . IN THAT CASE DO THE FOLLOWING STEPS.

Step 1 : Turn off the FBI Moneypak Virus infected computer and wait for 30 Seconds before you turn on.

Step 2 : Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU as shown below.

Step 3 : In the WINDOWS ADVANCED OPTIONS MENU, go down to the Safe mode with Command Prompt, using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode with a command prompt.

Step 4 : Now you will be able to see one command prompt window. Inside that Black Command prompt window you need to type the following command.

net user administrator /active:yes

This one will activate the hidden Administrative User account on your computer.

Step 5 : Turn Off the computer once again.

Step 6 : Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU. From that one select the Directory Services Restore Mode option and hit one Enter.  This time you will be able to see one more user account Administrator as shown below, Login to that one.

 Step 7 : After login to Administrator User account we need to go to all of this following locations manually and delete all of the files manually.  Delete all of the files inside TEMP Folder Manually.

  • C:\Documents and Settings\{Your User Name}\Local Settings\Temp   (In Windows XP)
  • C:\Documents and Settings\{Your User Name}\Start Menu\Programs\Startup (In Windows XP)
  • C:\Users\{Your User Name}\Appdata\Local\Temp   (In Windows Vista, Windows 7)
  • C:\Users\{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup  (In Windows Vista, Windows 7)

There you will be able to see one file called ctfmon.lnk. Delete that one from the start up. Now restart the computer…

 

*******************************************************

FBI MoneyPack Virus can be removed by following the below mentioned steps.

Delete the FBI MoneyPack Virus Files

  • Windows Vista/ 7
    C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\[Random]\ [Random.exe]C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\ [Random]C:\Program Data\lsass.exeC:\Program Data\[Random.exe]C:\Program Data\csrss.exe

    C:\Users\{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe

  • Windows Xp
    C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random.exe]C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random] 

    C:\Documents and Settings\{Your User Name}\Start Menu\Programs\Startup\ctfmon.exe

     

    C:\Windows\[Random.exe](eg. Pmfjyiaj.exe)

Delete the FBI Registry Keys

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Random.exe]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[Random.exe]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

To Delete the Keys Under Image File Execution Options

Open the Command Prompt with Administrator Privileges

 

  • Paste the command :  reg delete “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
  • Enter ‘Y’ and Press the Enter
  • Paste the command : reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
  • Enter ‘Y’ and Press the Enter

 

 MAINLY DON’T FORGOT TO DELETE ALL TEMP FILES ON THE COMPUTER. IT IS VERY VERY IMPORTANT……

 

In order to avoid all this type infections from the internet please remove the temporary files from the computer daily. 

Please use the following method to remove those temporary files.

1.      Press “Windows” and “R” keys simultaneously on your keyboard.

  1. In the text box in the Run window, type %Temp% and click OK. A folder full of files and other folders will appear.

All of the folders and files you see in this Temp folder are no longer being used by Windows and can safely be deleted.

  1. To remove individual folders or files, hold down your Ctrl key while left-clicking on each item you want delete. Release the Ctrl key when you’re finished.

To delete these items, hit your Delete key or choose File and then Delete from the menu.

  1. Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
  2. If you’d instead like to remove everything inside the Temp folder, choose Edit and then Select All from the menu.

Note: If you’re prompted that there are hidden files in this folder, just click on OK to bypass the message. A few hidden files hanging out in the Temp folder probably aren’t important enough to worry about.

  1. Now that all of the files and folders are selected, hit your Delete key or choose File and then Delete from the menu.
  2. Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
  3. After all of the files have been deleted you can close the window and empty your Recycle Bin, permanently removing the files from your PC.

Tips:

  1. You may receive a Error Deleting File or Folder message while the files are being deleted. This just means that one of the files is in use by a program right now. Click OK, close all open programs, and repeat the steps above. If you still receive the message, try restarting your PC and repeating the process again.


 

Feel free to ask if you have any more doubts…… We wish you all the best with your computer……

 

 

Kuttus

Kuttus is an IT professional and a part time blogger. He has started the 123seminarsonly to write his findings gained in daily work life. Kuttus writes articles which are mostly related to technology and Virus Removal. He has been interested in virus and Malware removal. He is working as a remote virus removal technician from the last 7 year.

More Posts - Website

1 comment to How to Remove FBI Moneypak Virus

  • WPY

    wow, I was fussing over the virus all week! Was going to do some complicated steps and submit my problem to a tech forum. Then I stumbled on this post. Thank you soooo much for helping me get rid of the horrible Trojan horse, and for your clear, simple instructions. You have my respect and appreciation. Thanks again!