The FBI MoneyPak virus, also known as the FBI virus, is a dangerous malware categorized as ‘ransomware’ that has been used by cyber-criminals since early 2012 in an attempt to disguise themselves as the Federal Bureau of Investigation. Once the FBI MoneyPak virus infects a computer, it uses Trojan horses to gain access and lock computer systems.
The virus then practices a variety of unethical tactics to scare or persuade unsuspecting victims to pay unnecessary fines of up to $400 to unlock their systems by making fraudulent claims that the user has been involved in some sort of illegal activity (such as viewing pornography or downloading/distributing copyrighted material) which could result in legal action if the necessary fines are not paid in time. Depending on the region, the threat instructs users to send ‘ransom’ money via MoneyPak or uKash.
The removal of this virus is therefore essential to attain peace of mind (by not having to prove your innocence for a crime you didn’t really commit) and continue using your PC as you normally would.
Removal of FBI MoneyPak Virus
As given below, there are two alternative methods of removing the FBI MoneyPak virus:
Method 1: Restore Windows using System Restore
Windows System Restore creates restore points throughout usage at various intervals in order to allow users to revert their computer’s state to a previous point in time; such as prior to installation or before making certain changes in the system. This enables the user to restore the operating system’s critical files, settings and registry entries to their last normally-functioning condition.
Follow the procedure below to use system restore:
Step 1 – Enter Safe Mode
- Restart your computer
- As soon as you see the POST (Power-on Self-Test) screen, start tapping F8
- On the corresponding menu, select Safe Mode with Command Prompt
Step 2 – Starting System Restore
- A command prompt window will now appear.
- If you are a Windows XP user, type C:\Windows\System32\Restore\rstrui.exe
- If you are a Windows 7 or 8 user, type C:\Windows\System32\rstrui.exe
Step 3 – Restoring to a Previous Point
- In the System Restore Window, click Next
- Choose a restore point at the time when your computer was functioning normally
- Click Next followed by Finishto start the System Restore process.
Note: You cannot interrupt the restore process once it starts; the computer will restart and upon logging in to Windows, a notification stating ‘System Restore was completed successfully’ will appear.
Method 2: Manually Remove FBI MoneyPak Virus
Step 1 – Start Windows in Safe Mode and End Processes
- Upon powering-up the computer, gently start tapping F8to open up the boot menu
- Select Safe Mode with Networking to start Windows in Safe Mode
- Once Windows is loaded, right-click on the Taskbarand click Start Task Manager
- Click on the Processes tab, and End the following processes:
- Tpl_0_c.exe
- ch810.exe
- 0_0u_l.exe
- [random].exe
- Jork_0_typ_col.exe
- Vsdsrv32.exe
Step 2 – Clean the Registry
- Click Start, in the search box, type regedit and press enter
- Navigate to the following directories and delete all entries as follows:
- HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
- HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
- HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
- HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
- HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
Step 3 – Delete The Malware Files
To rid yourself of harmful malware, delete all files in the following directories:
- %AppData%\Protector-[rnd].exe
- %AppData%\Inspector-[rnd].exe
- %appdata%\[random].exe
- %AppData%\result.db
- %AppData%\jork_0_typ_col.exe
- %AppData%\vsdsrv32.exe
Step 4 – Scan Your System Using Anti-Spyware
Whichever method you opt for, you must thoroughly scan your system post successful completion of the removal process; experts recommend using a highly effective anti-spyware scanner that not only allows you to confirm the complete removal of the FBI MoneyPak virus, but also detects any other prevailing infections that might be plaguing your system.