Ransomware.FBI Moneypak

Ransomware.FBI Moneypak Description

Ransomware.FBI Moneypak Screenshot 1FBI Moneypak ransomware is ransomware that displays a fraudulent FBI warning as part of its attempt to steal money from the victim via MoneyPak. As a close relative of the Gema ‘Access to your computer was denied’ Virus, Police Central e-crime Unit (PCEU) ransomware, and Buma Stemra Virus, FBI Moneypak Ransomware can be deleted safely by the same anti-malware programs that can remove the so-called Gema Virus, which employs similar tactics, albeit for German rather than US legal jurisdictions. Although the FBI Moneypak ransomware’s pop-up alert proclaims that your PC has been locked in connection with intellectual property-based crimes (such as downloading illegal mp3s), SpywareRemove.com malware experts place heavy emphasis on FBI Moneypak ransomware being completely disassociated from the FBI and all supplementary legal enforcement agency. FBI Moneypak ransomware will attempt to block all major programs while FBI Moneypak ransomware is open, but an alternate boot method combined with an exacting anti-malware scan can remove FBI Moneypak ransomware, and with it, the blockade that FBI Moneypak ransomware causes.

Why You Shouldn’t Hand Over Your Cash When FBI Moneypak Ransomware Comes A-Knocking

FBI Moneypak ransomware and similar PC threats are sometimes distributed by spam e-mail campaigns, as well as by malicious sites (which may use browser exploits to install FBI Moneypak ransomware directly, or include FBI Moneypak ransomware as a mislabeled download link). No matter how FBI Moneypak ransomware climbs onto your PC, its presence is always extremely noticeable, since FBI Moneypak ransomware’s primary act of sabotage is to display a warning message that blocks your entire desktop (similar to the prolific ransomware Trojans known as Trojan:Win32/Reveton.A and Trojan:Win32/Ransom.DU). FBI Moneypak ransomware’s pop-up alert claims that your PC has been locked for its association with IP crimes, such as illegal file-trafficking activities, and even makes the additional (and highly dubious) claim that your activities are being video-recorded.

The end to FBI Moneypak ransomware’s hoax is identical to that of the Gema ‘Access to your computer was denied’ Virus: like its forebear, FBI Moneypak ransomware will ask you to send the money via MoneyPak, and even provides a few suggestions for retailers that support this service.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Although FBI Moneypak ransomware informs its victims that this will end the blockade, SpywareRemove.com malware experts discourage handing money over to the FBI Moneypak ransomware’s criminal friends, since this isn’t guaranteed to save your PC and is unnecessary for removing FBI Moneypak ransomware safely.

Banishing This Fake Man in Black with Every Dollar Intact

If you’re faced with an FBI Moneypak ransomware warning message at every login, SpywareRemove.com malware research team recommends that you use typical anti-malware strategies and software to remove FBI Moneypak ransomware without any need to pay its fraudulent fine. Deactivating FBI Moneypak ransomware should be considered a necessary step before you attempt to disinfect your PC, due to FBI Moneypak ransomware’s ability to block unrelated programs. This can be accomplished by:
  • Booting your computer from a wireless drive or removable hard drive to avoid triggering malicious Registry entries.
  • If necessary, Safe Mode can also be used to minimize the potential of PC threats like FBI Moneypak ransomware that can launch with Windows.
  • Scanning your computer with dedicated anti-malware software that can remove all of FBI Moneypak ransomware’s components safely and for free.

The FBI MonkeyPak Ransomware uses the following ransom note to scare PC users:
Federal Bureau of Investigation

Location: Your Country Here
IPS: Your ISP Here

Your PC is blocked due to at least one of the reasons specified below.

You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.

Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.

Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.

Pursuant to the amendment to the Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.

Fines may be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!

To unblock the computer, you must pay the fine through MoneyPak of 100$.

Ransomware.FBI Moneypak Automatic Detection Tool (Recommended)

Is your PC infected with Ransomware.FBI Moneypak? To safely & quickly detect Ransomware.FBI Moneypak we highly recommend you run the malware scanner listed below.

Visual & GUI Characteristics

System Progressive Protection Screenshot 2System Progressive Protection Screenshot 3

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Related Posts

Posted: June 25, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (39 votes, average: 3.59 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 7/10
Detection Count: 3,302
Home Malware ProgramsMalware Ransomware.FBI Moneypak


  • mik says:

    ok first i got this on my computer the other day and fell for it i guess i am stupid for that. my stepdaughter actually got it to come up. anyways it is now fixed the bastard got our money he should rot in a whole somewhere….. and daryl what the hell you used to look at child porn (zoophilia) you are sick. and why would you write that on here.

  • LD McCabe says:

    Bill’s instructions are great EXCEPT that the Task Scheduler cannot be accessed in Safe Mode and must be done after everything else from RRegular Mode.

  • kira says:

    this helped a lot thanks! it totally scared the shit out of me and I hope the real fbi gets these fuckers!!

  • Geovanni says:

    Helper says:
    December 14, 2012 at 9:04 am

    You can fix this malware by restoring your system to an earlier date:
    Bootup in safe mode (f8) command prompt
    at command prompt type –> cd restore
    then type –> rstrui.exe
    go back to a previous backup and restart system


  • Brandy says:

    Please help I also havr the fbi scam but I am not able to get into anything on my computer what so ever so how do I fix this? Please help lost without my computer…

  • Mike says:

    Download Windows defender offline 32 or 64 bit (check your OS) onto Flash Drive.Boot to USB run scan follow directions.Defender has the latest definitions that should find and remove this stupid virus.

  • maggie says:

    hope whoever created this virus gets no money but lots of jail time instead!!! bastards!!!

  • HHS says:

    This virus infected the computer of a friend and he called me over. I never saw a page lock-up where that Task Mgr couldn’t be used to delete. Lucky for him, he had set-up a Guest page and when switching the log in to Guest, I had full access to his system and used Restore to dump this criminal program. I’m setting up a Guest access tonight.

  • randy says:

    I can’t get on my computer so I can’t get your service I can only get on my home unit

  • Keith says:

    Hello all. Regarding the FBI moneypak virus. Has anyone run into a problem not being able to get to safe mode? When I constantly hit the F8 key during bootup, the Windows boot manager in XP only gives me the option to boot into Windows XP SP3. No other options, like safe mode are available. Any thoughts?

  • Erin says:


  • Diana A says:

    I, too, am having the same problem Henry had, and am hoping someone has the answer for us.

    The MoneyPak virus blocks anytying from starting – my desktop, my run command – or anythnig from launching when I turn on the computer in safe mode, any suggestions? I also did a system restore about a month ago, when I did not initially get the FBI message; my computer just kept shutting down. Not sure if that info helps. Any help would be appreciated. Thanks!

  • Mike says:

    Easy fix for MoneyPack scam:

    Boot system in safe command mode (depress f8 while booting begins)
    At command prompt type –> cd restore
    Type –> rstrui.exe
    Go back to a previous system backup
    Restart system

  • Helper says:

    You can fix this malware by restoring your system to an earlier date:
    Bootup in safe mode (f8) command prompt
    at command prompt type –> cd restore
    then type –> rstrui.exe
    go back to a previous backup and restart system

  • Robert Johnson says:

    I know a lot about computers but I followed Bill,s advice and it worked great.
    Thanks BILL ENERSEN for your help.
    Robert Johnson

  • brian says:

    thank you Bill for the post. that seems to have done the trick!

  • help says:

    plz help stop this! it happened to me aslo and whoever is doing it deserves to ror in jail.

  • tony says:

    Please report to Moneypak’s customer service as much as possible to stop this scammer from stealing people’s money.

  • Dan Bryant says:

    I restarted the computer in the "safe mode" and then did a system restore to a prior date and the computer is running OK now, but I don’t know if the spyware is still active and may need to be removed.

  • Sha4n says:

    A big thanks to Bill Enersen!!! 😉
    Worked perfect!
    I suggest you should follow Bill Enersen’s instructions 😎

  • Jake says:


    1) download this to a USB drive

    2) turn on the infected computer (safe mode might be required if the virus keeps popping up)

    3) Install & run the scan


  • Diana says:

    I have WinXP. After booting in Safe-mode,I couldn’t find the files that Bill Enersen referenced, so I went to the start-up menu using MSCONFIG. There, I found the files. I unchecked and rebooted to normal windows. I’m using my antivirus to clean the hard drive. Whew! I feel better now!

  • Melissa says:

    Did a system restore and that got rid of it. Checked my taskmgr and saw there was no ransom file. Thank fucking god. Whomever invented that virus needs to die in a fire. I’m running my virus scan and spyware SD to make sure the little bastard is gone. Will be more careful in the future about what websites I look at.

  • Casey says:

    This scared the crap out of me…luckily I miss said what it was called so the guy at Walgreens didnt know what it was. Now I am trying to figure out how to fix it….

  • Amanda Reish says:

    HELP!! I was reading Bill Emersons post and I dont know what regedit is…can someone please help me step by step so i cn fx my computer!! PLEASE!

  • Tom says:

    From a malware scan, I had two files under ransomware.com. Following Bill’s instructions, at Step 3, I found one of them…VZWDQXLCARUSNTH, deleted it, and FBI Green Dot Moneypak screen was gone on start-up and back to normal again. A "BIG THANKS" to you Bill.

  • lonnie says:

    I was looking up some material for work and this damn think popped up, scared the hell out of me until I thought a minute. Had to get the company IT involved because I didn’t have admin rights. Hope this doesn’t get my job.

  • mg kly says:

    This virus poped up on my laptop and I cant do ANYTHING. IT COVERS THE WHOLE PAGE AND i CANT GET TO ANYTHING. what now?

  • Steve says:

    THX BILL ENERSON!! Works beautifully again!

  • Justin says:

    Thanks Bill Enersen for your help with this malware removal. I greatly appreciate it.

  • John says:

    Surfing net and this FBI warning came up. Each time I shut computer down the FBI warning comes up before I can get to my desk top page or click into anything else….how do I fix this? Unfortunately we were scammed and need to get rid of this virus.

  • Marian says:

    Thank you. The info from Bill Enersen was very helpful. Mom’s laptop is back up and running. Thank you Bill!!!!

  • Pissy Monkey says:

    I got this thing yesterday and I literally have no goddamn idea how.
    It scared the shit out of me, I thought some hacker used my computer as a proxy or some shit- That was before I actually read the charges and had my brother look up "MoneyPak" on Google. Then laughed as I saw this as the first result. I ended up just turning my computer off for a day, turned it back on today, installed the latest AVG, did a scan, and now I seem to be fine.

    Final thing before I go:
    Fuck you whoever made this virus. I hope the real FBI shows up at your place.
    Or at the very least you get hit by a random car. :-)

  • Henry says:

    The MoneyPak virus block my desktop from launching when I turn on the computer in safe mode, any suggestion? this is the 2nd time it attacks my comp, last time I just did a system restore and solved the problem, but this time, I cannot because I can’t get to the desktop page to do the system restore.

  • Randy says:

    This popped up while I was web surfing, but downloading nothing. I, too, tried to restart several times, but to no avail. Then, successfully opened in safe mode, and used system restore to go to an earlier point. Then, I did a full system scan and removal with Norton 360. Seems to have worked.

  • Michael says:

    Removing the hands of the terrorists that created this virus/malware would be a mild punishment. I hope, Walmart, Walgreens, 7-11, rite aid and the rest of the false sponsors go after these chumps. They imply that they support this type of behavior.

  • Charly says:

    THX THX THX omg i’m like sooooooo happy!
    I recommend Bill Enersen’s post. =D

  • Brandon says:

    I just restarted my computer and it hasent shown up since, but when it did show up it made me laugh more than anything ive seen in like a month.

  • Bill Enersen says:

    To help remove:
    1) Boot into Safe mode (No network)
    2) open Regedit
    3) browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    note: this is a list of items that bootup with your machine. you do not need most of these items. However some keyboards and other items will need to be here. Look at the list and if you see anything pointing to c:\users\%username%\APPDATA….. delete it. (%username is replaced with your logon name)
    4) do the same as in step 3 but in regedit browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    5) click start orb (Win7) or start button and browse to START UP folder and remove any files there.
    6) Access control panel \ Administrative tools \TASK SCHEDULER (XP is at root of Control panel) – In here click on "Task Scheduler Library" and remove all items.
    7)browse to c:\users\%Username%\AppData\Roaming\ delete any EXE files
    Note: you must enable viewing hidden files\folders inorder to see AppData. (Control Panel "Folder options")


  • jesse says:

    im trying to delete the hard drive to se if this works

  • chuck says:

    this popped up on my comp. yesterday, I turned off my comp. and when i went to get back on the internet that come right back up i cant ever get on the internet, what do i do ? this seem to have taken over my whole comp.

  • daryl says:

    i just got this and called the police befoe anything. they said it is a virus. my pc usualy get rid of a virus if you wait a long time. this scared me cause i actualy used to look at zoophilia and realized i still have some on my pc after a year. i tough i was gonna die. it made me suicidal too. thank god i called the police first huh.

  • Rick says:

    I had to pull the drive from the system and do a file search, for the files above, on the drive with another computer. I removed the files and then did a AVG anti-virus scan of the drive. That did the trick, a hassle but effective, to get rid of it. I am installing a clean, second boot-able drive and leaving it unconnected just for this sort of thing. If I have a problem like this in the future i will disconnect the infected drove and hook up the second boot-able drive to take care of it.

  • Dan C says:

    How do I get my computer back from this green dot money pak scam? My computer will not respond to safe mode with or without network. It just goes to a wait screen and never responds.

  • jaybam says:

    got this crap by accidentally opening spam instead of deleting got rid of it by restoring system to the day before

  • maria says:

    run malewares and then delete the trojan; then go into taskmgr and look for ransom.exe files and stop them. Reboot into safe mode with networking and download and run Combo Fix. After, scan again with Malewares in safe mode and your computer will be clean.

  • Harold says:

    I have run anvisoft 2 times. Once in safe mode networking and once in safe mode. It’s still here.

  • Josh Harkin says:

    what does it mean to have this set as your bome page. Tried changing but it goes right back to this fake fbi site page. What gives??? How can I fix this????

  • Sonny says:

    Does it mean I have this infection when my IE browser’s home page keeps getting changed to some fake FBI site? Otherwise, I am able to surf the net just fine. Just I cannot change my home page back to google.com without it changing the next time I load IE.

  • kari says:

    I was using google to search hulu and other free tv episode sites n my computer now has this virus what should i do to get rid of it.

1 2

Leave a Reply

What is 5 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)