Home Malware Programs Ransomware FBI Cybercrime Division MoneyPak Ransomware

FBI Cybercrime Division MoneyPak Ransomware

Posted: February 10, 2013

FBI Cybercrime Division MoneyPak Ransomware Screenshot 1Although most Reveton family-based ransomware Trojans confine themselves to Europe, the FBI Cybercrime Division Virus is one of several members of that family that attack the United States. The FBI Cybercrime Division Virus's fake pop-up alert demands a heavy MoneyPak fee as compensation for such common crimes as copyright violation, but, naturally, the FBI Cybercrime Division Virus isn't affiliated with the real FBI. Like all Reveton Trojans that SpywareRemove.com malware experts have analyzed, the FBI Cybercrime Division Virus will block most applications on your PC, and should be considered to be a danger until you can remove the FBI Cybercrime Division Virus with suitable security software.

Why Landing in the Slammer Isn't What You Need to Worry About with an FBI Cybercrime Division Virus

The FBI Cybercrime Division Virus, like other Reveton-based ransomware, most likely is distributed via spam e-mail and social network-based spam that abuses Trojan droppers or links to exploit kit-hosting websites. After the FBI Cybercrime Division Virus is installed by one means or another, the FBI Cybercrime Division Virus displays a warning pop-up upon a reboot. This alert blocks your desktop and looks like a real alert from the FBI – although SpywareRemove.com malware analysts can confirm that it's just another HTML pop-up with the border removed.

Besides accusing you of trafficking in online pornography, the FBI Cybercrime Division Virus threatens you with a minimum of four years of imprisonment if you fail to pay its MoneyPak fee. Of course, since the FBI Cybercrime Division Virus isn't linked to any type of lawful authority and can't detect the crimes that the FBI Cybercrime Division Virus claims to have associated with your PC, SpywareRemove.com malware experts can't recommend paying the FBI Cybercrime Division Virus's ransom. Instead, you should delete the FBI Cybercrime Division Virus with anti-malware products, just the same as you would treat any other type of Trojan.

Why the FBI Cybercrime Division Virus's Old Scam Still Has Teeth

While the FBI Cybercrime Division Virus may seem like a relatively unbelievable scam, this isn't the first time that Reveton Trojans have targeted the US – nor even the first time they've used FBI-themed messages to do so. Closely-related ransomware Trojans include Police Central e-crime Unit (PCEU) ransomware, Poliisi, Tietoverkkorikos Tutkinnan Yksikkö Ransomware, 'Metropolitan Police Total Policing' Ransomware, Votre ordinateur est bloqué Gendarmerie Ransomware, the United Kingdom Police Ukash Virus, the 'I Suoi Archivi Sono Stati Cifrati' Trojan and the Scotlands Yard Ukash Virus.

Part of the FBI Cybercrime Division Virus's efficacy can be attributed to related attacks that may make PC users panic from how effectively the FBI Cybercrime Division Virus disrupts your normal computer usage. Side effects of an FBI Cybercrime Division Virus infection can include:

  • Being unable to access most of the Windows interface, including your desktop, shortcuts and various applications.
  • Having security-related programs and features blocked (even if they're set to launch automatically).
  • Browser hijacks that redirect your browser to unusual error pages.
  • Finally, the FBI Cybercrime Division Virus also may install other malware onto your PC, although its dominant payload remains its pop-up and associated program-blocking behavior.

Ransomware like the FBI Cybercrime Division Virus usually must be disabled before they can be deleted. SpywareRemove.com malware analysts recommend that you first attempt to deactivate the FBI Cybercrime Division Virus's startup exploit by booting your PC with the Safe Mode feature for Windows. If Safe Mode doesn't disable the FBI Cybercrime Division Virus, you should load a recovery OS onto a removable drive. Regardless of which method you prefer to use, anti-malware software is strongly recommended for removing the FBI Cybercrime Division Virus.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to FBI Cybercrime Division MoneyPak Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\skype.dat File name: %AppData%\skype.dat
File type: Data file
Mime Type: unknown/dat

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,%AppData%\skype.dat"

Additional Information

The following messages's were detected:
# Message
1FBI CYBERCRIME DIVISION
International Cyber Security Protection Alliance
ATTENTION! Your PC is blocked due at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America.
Article 2, Section I, Clause 2 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been...
Article 2, Section 1, Clause 8 of the Criminal Code provides for a fine of up to 5200,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 2, Section 1, Clause 1 of the Criminal Code provides for a fine of up to 5200,000 and/or deprivation of liberty for 4 to 9 years.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 2, Section 1, Clause 2 of the Criminal Code provides for a fine of up to 5500,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned Article 2, Section 1, Clause 1 of the Criminal Code of United States of America.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of United States of America of February 05, 2013, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours! To unblock the computer you must pay the fine through MoneyPak of $300. When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State's account.
Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.