How To Remove The FBI Moneypak Virus

by | Sep 7, 2020 | Ransomware Viruses | 0 comments

The FBI MoneyPak virus, also known as the FBI virus, is a dangerous malware categorized as ‘ransomware’ that has been used by cyber-criminals since early 2012 in an attempt to disguise themselves as the Federal Bureau of Investigation. Once the FBI MoneyPak virus infects a computer, it uses Trojan horses to gain access and lock computer systems.

The virus then practices a variety of unethical tactics to scare or persuade unsuspecting victims to pay unnecessary fines of up to $400 to unlock their systems by making fraudulent claims that the user has been involved in some sort of illegal activity (such as viewing pornography or downloading/distributing copyrighted material) which could result in legal action if the necessary fines are not paid in time. Depending on the region, the threat instructs users to send ‘ransom’ money via MoneyPak or uKash.

The removal of this virus is therefore essential to attain peace of mind (by not having to prove your innocence for a crime you didn’t really commit) and continue using your PC as you normally would.

Removal of FBI MoneyPak Virus

As given below, there are two alternative methods of removing the FBI MoneyPak virus:

Method 1: Restore Windows using System Restore

Windows System Restore creates restore points throughout usage at various intervals in order to allow users to revert their computer’s state to a previous point in time; such as prior to installation or before making certain changes in the system.  This enables the user to restore the operating system’s critical files, settings and registry entries to their last normally-functioning condition.

Follow the procedure below to use system restore:

Step 1 – Enter Safe Mode

  1. Restart your computer
  2. As soon as you see the POST (Power-on Self-Test) screen, start tapping F8
  3. On the corresponding menu, select Safe Mode with Command Prompt

Step 2 – Starting System Restore

  1. A command prompt window will now appear.
  2. If you are a Windows XP user, type C:\Windows\System32\Restore\rstrui.exe
  3. If you are a Windows 7 or 8 user, type C:\Windows\System32\rstrui.exe

Step 3 – Restoring to a Previous Point

  1. In the System Restore Window, click Next
  2. Choose a restore point at the time when your computer was functioning normally
  3. Click Next followed by Finishto start the System Restore process.

Note: You cannot interrupt the restore process once it starts; the computer will restart and upon logging in to Windows, a notification stating ‘System Restore was completed successfully’ will appear. 

Method 2: Manually Remove FBI MoneyPak Virus

Step 1 – Start Windows in Safe Mode and End Processes

  1. Upon powering-up the computer, gently start tapping F8to open up the boot menu
  2. Select Safe Mode with Networking to start Windows in Safe Mode
  3. Once Windows is loaded, right-click on the Taskbarand click Start Task Manager
  4. Click on the Processes tab, and End the following processes:
  5. Tpl_0_c.exe
  6. ch810.exe
  7. 0_0u_l.exe
  8. [random].exe
  9. Jork_0_typ_col.exe
  10. Vsdsrv32.exe

Step 2 – Clean the Registry

  1. Click Start, in the search box, type regedit and press enter
  2. Navigate to the following directories and delete               all entries as follows:
  3. HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
  4. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
  5. HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
  6. HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
  7. HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
  8. HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0

Step 3 – Delete The Malware Files

To rid yourself of harmful malware, delete all files in the following directories:

  • %AppData%\Protector-[rnd].exe
  • %AppData%\Inspector-[rnd].exe
  • %appdata%\[random].exe
  • %AppData%\result.db
  • %AppData%\jork_0_typ_col.exe
  • %AppData%\vsdsrv32.exe


Step 4 – Scan Your System Using Anti-Spyware

Whichever method you opt for, you must thoroughly scan your system post successful completion of the removal process; experts recommend using a highly effective anti-spyware scanner that not only allows you to confirm the complete removal of the FBI MoneyPak virus, but also detects any other prevailing infections that might be plaguing your system.

Download Protection Against Viruses and Malware Infections

Malware and Virus Threats may compromise your online privacy, they can also affect the performance of your computer. If you wish to protect your computer from threats, download a reliable malware protection tool. 

Protect Your Privacy Online

When you surf the internet, your IP adress may help third parties from identifying you. The best way to protect yourself against breaches of privacy is to use a VPN (Virtual Private Network). A VPN essentially lets you surf the internet through another computer so that the digital footprint of your computer may remain hidden.