Home Malware Programs Malware Ransomware.FBI Moneypak

Ransomware.FBI Moneypak

Posted: June 25, 2012

Threat Metric

Threat Level: 7/10
Infected PCs: 5,471
First Seen: June 25, 2012
Last Seen: August 30, 2020
OS(es) Affected: Windows

Ransomware.FBI Moneypak Screenshot 1FBI Moneypak ransomware is ransomware that displays a fraudulent FBI warning as part of its attempt to steal money from the victim via MoneyPak. As a close relative of the Gema 'Access to your computer was denied' Virus, Police Central e-crime Unit (PCEU) ransomware, and Buma Stemra Virus, FBI Moneypak Ransomware can be deleted safely by the same anti-malware programs that can remove the so-called Gema Virus, which employs similar tactics, albeit for German rather than US legal jurisdictions. Although the FBI Moneypak ransomware's pop-up alert proclaims that your PC has been locked in connection with intellectual property-based crimes (such as downloading illegal mp3s), SpywareRemove.com malware experts place heavy emphasis on FBI Moneypak ransomware being completely disassociated from the FBI and all supplementary legal enforcement agency. FBI Moneypak ransomware will attempt to block all major programs while FBI Moneypak ransomware is open, but an alternate boot method combined with an exacting anti-malware scan can remove FBI Moneypak ransomware, and with it, the blockade that FBI Moneypak ransomware causes.

Why You Shouldn't Hand Over Your Cash When FBI Moneypak Ransomware Comes A-Knocking

FBI Moneypak ransomware and similar PC threats are sometimes distributed by spam e-mail campaigns, as well as by malicious sites (which may use browser exploits to install FBI Moneypak ransomware directly, or include FBI Moneypak ransomware as a mislabeled download link). No matter how FBI Moneypak ransomware climbs onto your PC, its presence is always extremely noticeable, since FBI Moneypak ransomware's primary act of sabotage is to display a warning message that blocks your entire desktop (similar to the prolific ransomware Trojans known as Trojan:Win32/Reveton.A and Trojan:Win32/Ransom.DU). FBI Moneypak ransomware's pop-up alert claims that your PC has been locked for its association with IP crimes, such as illegal file-trafficking activities, and even makes the additional (and highly dubious) claim that your activities are being video-recorded.

The end to FBI Moneypak ransomware's hoax is identical to that of the Gema 'Access to your computer was denied' Virus: like its forebear, FBI Moneypak ransomware will ask you to send the money via MoneyPak, and even provides a few suggestions for retailers that support this service. Although FBI Moneypak ransomware informs its victims that this will end the blockade, SpywareRemove.com malware experts discourage handing money over to the FBI Moneypak ransomware's criminal friends, since this isn't guaranteed to save your PC and is unnecessary for removing FBI Moneypak ransomware safely.

Banishing This Fake Man in Black with Every Dollar Intact

If you're faced with an FBI Moneypak ransomware warning message at every login, SpywareRemove.com malware research team recommends that you use typical anti-malware strategies and software to remove FBI Moneypak ransomware without any need to pay its fraudulent fine. Deactivating FBI Moneypak ransomware should be considered a necessary step before you attempt to disinfect your PC, due to FBI Moneypak ransomware's ability to block unrelated programs. This can be accomplished by:

  • Booting your computer from a wireless drive or removable hard drive to avoid triggering malicious Registry entries.
  • If necessary, Safe Mode can also be used to minimize the potential of PC threats like FBI Moneypak ransomware that can launch with Windows.
  • Scanning your computer with dedicated anti-malware software that can remove all of FBI Moneypak ransomware's components safely and for free.

The FBI MonkeyPak Ransomware uses the following ransom note to scare PC users:

The FBI
Federal Bureau of Investigation

ATTENTION!
IP: XXX.XXX.XXX
Location: Your Country Here
IPS: Your ISP Here

Your PC is blocked due to at least one of the reasons specified below.

You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.

Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.

Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.

Pursuant to the amendment to the Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine to the State.

Fines may be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!

To unblock the computer, you must pay the fine through MoneyPak of 100$.


System Progressive Protection Screenshot 2System Progressive Protection Screenshot 3

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 33.79 KB (33792 bytes)
MD5: 91ab1ef1099acf3a2dfdca83fdcb6c66
Detection count: 363
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: October 4, 2017
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 171.52 KB (171520 bytes)
MD5: fba7dd70535d62ccd54139f37eaf40af
Detection count: 241
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 46.59 KB (46592 bytes)
MD5: d62f1f029d1e28de682a78c5ec6d2330
Detection count: 241
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 171.52 KB (171520 bytes)
MD5: 9463b9b6aefb1efdc9217afbc4b9f817
Detection count: 237
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 31.74 KB (31744 bytes)
MD5: 382228538f35fe948cf87fc76504ead4
Detection count: 230
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 32.76 KB (32768 bytes)
MD5: 3170abea5566c89f2994138853bdf062
Detection count: 220
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: February 12, 2018
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 32.76 KB (32768 bytes)
MD5: 6c8b0f0b260afed47006fd1c3e2f9b3a
Detection count: 199
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: 029dc4f169104b486174ca3da1aa4d30
Detection count: 178
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: f60da09c81b3cfc500f399a6a46d5af3
Detection count: 169
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: bc3f57f5f9a69e89430c274f1b4006e2
Detection count: 138
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 33.28 KB (33280 bytes)
MD5: 671b7a7f2ea3d68d51c37aafc0168681
Detection count: 136
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: 5bb153fe5ffb682359116cc2dd9c6c0d
Detection count: 103
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: a5683de5a30f15d1107a9ef360e6ecf0
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: 93219ca71724c04e2f7a3bc57b945c10
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%appdata%\Microsoft\Windows\Templates\style.jpg File name: style.jpg
Size: 350.79 KB (350795 bytes)
MD5: 30c8ac2e6e077f1a7f88e5807285e2ba
Detection count: 72
Mime Type: unknown/jpg
Path: %appdata%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: January 16, 2018
%appdata%\Microsoft\Windows\Templates\style.bmp File name: style.bmp
Size: 2.25 MB (2250054 bytes)
MD5: 799eaf32967b1cec037546b5dc087510
Detection count: 53
Mime Type: unknown/bmp
Path: %appdata%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: January 16, 2018
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: b4b0a0133cc0d968f2e992214dcd0a37
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%WINDIR%\Fonts\2HMwR.com File name: 2HMwR.com
Size: 405.5 KB (405504 bytes)
MD5: e6be886e4733b8dd55fe61465479a1aa
Detection count: 35
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%\Fonts
Group: Malware file
Last Updated: December 4, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 161.28 KB (161280 bytes)
MD5: fd03a1e189eeac3e25306348f2819155
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 46.59 KB (46592 bytes)
MD5: 5af1b3a43c30dfe34aeb4f55a21bcb99
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 160.25 KB (160256 bytes)
MD5: 014c0413a5c7fdf37a0b14290391a059
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 32.76 KB (32768 bytes)
MD5: 6cfef1c7043c5a5bbfc3756209bead26
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates
Group: Malware file
Last Updated: November 29, 2013
%StartupFolder%\ctfmon.lnk File name: %StartupFolder%\ctfmon.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
WARNING.txt File name: WARNING.txt
Mime Type: unknown/txt
Group: Malware file
%Temp%\[RANDOM].exe File name: %Temp%\[RANDOM].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
cconf.txt.enc File name: cconf.txt.enc
Mime Type: unknown/enc
Group: Malware file
%AppData%\vsdsrv32.exe File name: %AppData%\vsdsrv32.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
tpl_0_c.exe File name: tpl_0_c.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartupFolder%\wpbt0.dll File name: %StartupFolder%\wpbt0.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
V.class File name: V.class
Mime Type: unknown/class
Group: Malware file
%StartupFolder%\ch810.exe File name: %StartupFolder%\ch810.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

77 Comments

  • kari says:

    I was using google to search hulu and other free tv episode sites n my computer now has this virus what should i do to get rid of it.

  • Sonny says:

    Does it mean I have this infection when my IE browserโ€™s home page keeps getting changed to some fake FBI site? Otherwise, I am able to surf the net just fine. Just I cannot change my home page back to google.com without it changing the next time I load IE.

  • Josh Harkin says:

    what does it mean to have this set as your bome page. Tried changing but it goes right back to this fake fbi site page. What gives??? How can I fix this????

  • Harold says:

    I have run anvisoft 2 times. Once in safe mode networking and once in safe mode. It's still here.

  • maria says:

    run malewares and then delete the trojan; then go into taskmgr and look for ransom.exe files and stop them. Reboot into safe mode with networking and download and run Combo Fix. After, scan again with Malewares in safe mode and your computer will be clean.

  • jaybam says:

    got this crap by accidentally opening spam instead of deleting got rid of it by restoring system to the day before

  • Dan C says:

    How do I get my computer back from this green dot money pak scam? My computer will not respond to safe mode with or without network. It just goes to a wait screen and never responds.

  • Rick says:

    I had to pull the drive from the system and do a file search, for the files above, on the drive with another computer. I removed the files and then did a AVG anti-virus scan of the drive. That did the trick, a hassle but effective, to get rid of it. I am installing a clean, second boot-able drive and leaving it unconnected just for this sort of thing. If I have a problem like this in the future i will disconnect the infected drove and hook up the second boot-able drive to take care of it.

  • daryl says:

    i just got this and called the police befoe anything. they said it is a virus. my pc usualy get rid of a virus if you wait a long time. this scared me cause i actualy used to look at zoophilia and realized i still have some on my pc after a year. i tough i was gonna die. it made me suicidal too. thank god i called the police first huh.

  • chuck says:

    this popped up on my comp. yesterday, I turned off my comp. and when i went to get back on the internet that come right back up i cant ever get on the internet, what do i do ? this seem to have taken over my whole comp.

  • jesse says:

    im trying to delete the hard drive to se if this works

  • Bill Enersen says:

    To help remove:
    1) Boot into Safe mode (No network)
    2) open Regedit
    3) browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    note: this is a list of items that bootup with your machine. you do not need most of these items. However some keyboards and other items will need to be here. Look at the list and if you see anything pointing to c:\users\%username%\APPDATA..... delete it. (%username is replaced with your logon name)
    4) do the same as in step 3 but in regedit browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    5) click start orb (Win7) or start button and browse to START UP folder and remove any files there.
    6) Access control panel \ Administrative tools \TASK SCHEDULER (XP is at root of Control panel) - In here click on "Task Scheduler Library" and remove all items.
    7)browse to c:\users\%Username%\AppData\Roaming\ delete any EXE files
    Note: you must enable viewing hidden files\folders inorder to see AppData. (Control Panel "Folder options")

    Reboot

  • Brandon says:

    I just restarted my computer and it hasent shown up since, but when it did show up it made me laugh more than anything ive seen in like a month.

  • Charly says:

    THX THX THX omg i'm like sooooooo happy!
    I recommend Bill Enersen's post. =D

  • Michael says:

    Removing the hands of the terrorists that created this virus/malware would be a mild punishment. I hope, Walmart, Walgreens, 7-11, rite aid and the rest of the false sponsors go after these chumps. They imply that they support this type of behavior.

  • Randy says:

    This popped up while I was web surfing, but downloading nothing. I, too, tried to restart several times, but to no avail. Then, successfully opened in safe mode, and used system restore to go to an earlier point. Then, I did a full system scan and removal with Norton 360. Seems to have worked.

  • Henry says:

    The MoneyPak virus block my desktop from launching when I turn on the computer in safe mode, any suggestion? this is the 2nd time it attacks my comp, last time I just did a system restore and solved the problem, but this time, I cannot because I can't get to the desktop page to do the system restore.

  • Pissy Monkey says:

    I got this thing yesterday and I literally have no goddamn idea how.
    It scared the shit out of me, I thought some hacker used my computer as a proxy or some shit- That was before I actually read the charges and had my brother look up "MoneyPak" on Google. Then laughed as I saw this as the first result. I ended up just turning my computer off for a day, turned it back on today, installed the latest AVG, did a scan, and now I seem to be fine.

    Final thing before I go:
    Fuck you whoever made this virus. I hope the real FBI shows up at your place.
    Or at the very least you get hit by a random car. ๐Ÿ™‚

  • Marian says:

    Thank you. The info from Bill Enersen was very helpful. Mom's laptop is back up and running. Thank you Bill!!!!

  • John says:

    Surfing net and this FBI warning came up. Each time I shut computer down the FBI warning comes up before I can get to my desk top page or click into anything else....how do I fix this? Unfortunately we were scammed and need to get rid of this virus.

  • Justin says:

    Thanks Bill Enersen for your help with this malware removal. I greatly appreciate it.

  • Steve says:

    THX BILL ENERSON!! Works beautifully again!

  • mg kly says:

    This virus poped up on my laptop and I cant do ANYTHING. IT COVERS THE WHOLE PAGE AND i CANT GET TO ANYTHING. what now?

  • lonnie says:

    I was looking up some material for work and this damn think popped up, scared the hell out of me until I thought a minute. Had to get the company IT involved because I didn't have admin rights. Hope this doesn't get my job.

  • Tom says:

    From a malware scan, I had two files under ransomware.com. Following Bill's instructions, at Step 3, I found one of them...VZWDQXLCARUSNTH, deleted it, and FBI Green Dot Moneypak screen was gone on start-up and back to normal again. A "BIG THANKS" to you Bill.

  • Amanda Reish says:

    HELP!! I was reading Bill Emersons post and I dont know what regedit is...can someone please help me step by step so i cn fx my computer!! PLEASE!

  • Casey says:

    This scared the crap out of me...luckily I miss said what it was called so the guy at Walgreens didnt know what it was. Now I am trying to figure out how to fix it....

  • Melissa says:

    Did a system restore and that got rid of it. Checked my taskmgr and saw there was no ransom file. Thank fucking god. Whomever invented that virus needs to die in a fire. I'm running my virus scan and spyware SD to make sure the little bastard is gone. Will be more careful in the future about what websites I look at.

  • Diana says:

    I have WinXP. After booting in Safe-mode,I couldn't find the files that Bill Enersen referenced, so I went to the start-up menu using MSCONFIG. There, I found the files. I unchecked and rebooted to normal windows. I'm using my antivirus to clean the hard drive. Whew! I feel better now!

  • Jake says:

    THANK YOU SO MUCH!!!

    1) download this to a USB drive

    2) turn on the infected computer (safe mode might be required if the virus keeps popping up)

    3) Install & run the scan

    Cheers!

  • Sha4n says:

    A big thanks to Bill Enersen!!! ๐Ÿ˜‰
    -------------------------------------------------------------------
    THANKS BILL
    -------------------------------------------------------------------
    Worked perfect!
    I suggest you should follow Bill Enersen's instructions ๐Ÿ˜Ž

  • Dan Bryant says:

    I restarted the computer in the "safe mode" and then did a system restore to a prior date and the computer is running OK now, but I don't know if the spyware is still active and may need to be removed.

  • tony says:

    Please report to Moneypak's customer service as much as possible to stop this scammer from stealing people's money.

  • help says:

    plz help stop this! it happened to me aslo and whoever is doing it deserves to ror in jail.

  • brian says:

    thank you Bill for the post. that seems to have done the trick!

  • Robert Johnson says:

    I know a lot about computers but I followed Bill,s advice and it worked great.
    Thanks BILL ENERSEN for your help.
    Robert Johnson

  • Helper says:

    You can fix this malware by restoring your system to an earlier date:
    Bootup in safe mode (f8) command prompt
    at command prompt type --> cd restore
    then type --> rstrui.exe
    go back to a previous backup and restart system

  • Mike says:

    Easy fix for MoneyPack scam:

    Boot system in safe command mode (depress f8 while booting begins)
    At command prompt type --> cd restore
    Type --> rstrui.exe
    Go back to a previous system backup
    Restart system

  • Diana A says:

    I, too, am having the same problem Henry had, and am hoping someone has the answer for us.

    The MoneyPak virus blocks anytying from starting - my desktop, my run command - or anythnig from launching when I turn on the computer in safe mode, any suggestions? I also did a system restore about a month ago, when I did not initially get the FBI message; my computer just kept shutting down. Not sure if that info helps. Any help would be appreciated. Thanks!

  • Erin says:

    EVERYONE LOOK AT BILL ENERSEN'S COMMENT. IT WORKS A HELL OF A LOT BETTER THAN ANY STRATEGIES I HAVE GOOGLED. THANKS BILL!

  • Keith says:

    Hello all. Regarding the FBI moneypak virus. Has anyone run into a problem not being able to get to safe mode? When I constantly hit the F8 key during bootup, the Windows boot manager in XP only gives me the option to boot into Windows XP SP3. No other options, like safe mode are available. Any thoughts?

  • randy says:

    I can't get on my computer so I can't get your service I can only get on my home unit

  • HHS says:

    This virus infected the computer of a friend and he called me over. I never saw a page lock-up where that Task Mgr couldn't be used to delete. Lucky for him, he had set-up a Guest page and when switching the log in to Guest, I had full access to his system and used Restore to dump this criminal program. I'm setting up a Guest access tonight.

  • maggie says:

    hope whoever created this virus gets no money but lots of jail time instead!!! bastards!!!

  • Mike says:

    Download Windows defender offline 32 or 64 bit (check your OS) onto Flash Drive.Boot to USB run scan follow directions.Defender has the latest definitions that should find and remove this stupid virus.

  • Brandy says:

    Please help I also havr the fbi scam but I am not able to get into anything on my computer what so ever so how do I fix this? Please help lost without my computer...

  • Geovanni says:

    Helper says:
    December 14, 2012 at 9:04 am

    You can fix this malware by restoring your system to an earlier date:
    Bootup in safe mode (f8) command prompt
    at command prompt type โ€“> cd restore
    then type โ€“> rstrui.exe
    go back to a previous backup and restart system

    TX HELPER YOU'RE THE BEST ___ THE M/F VIRUS IS GONE.

  • kira says:

    this helped a lot thanks! it totally scared the shit out of me and I hope the real fbi gets these fuckers!!

  • LD McCabe says:

    Bill's instructions are great EXCEPT that the Task Scheduler cannot be accessed in Safe Mode and must be done after everything else from RRegular Mode.

  • mik says:

    ok first i got this on my computer the other day and fell for it i guess i am stupid for that. my stepdaughter actually got it to come up. anyways it is now fixed the bastard got our money he should rot in a whole somewhere..... and daryl what the hell you used to look at child porn (zoophilia) you are sick. and why would you write that on here.

  • MiCHAEL says:

    Unbelievable! "Is this for real?" "You have got to be kidding me!" The FBI logo looks real, the message seemed authentic when you first look at it. I didn't sleep a wink all night...and that's the truth! Not one single minute! I must have read it 50 times and each time I got closer to thinking it was a scam. The top part of the message that was in English, all of a sudden turned into numbers, followed by empty squares outlined in red, large spaces in between each of these and then to top it all off.....CHINESE WRITING SYMBOLS ALL OVER THE PLACE!!! Then, When it said an extra fee of $4, 95 I knew it was not real. You cant really see it but there is supposed to be a dot after the 4, not a comma!!! Now what FBI agent is going to make that mistake? NONE!!! The letter was not addressed to anyone, meaning no name whatsoever was it directed to. Nor did anyone electronically sign it!!! The FBI is going to file all kinds of charges and they dont name the person involved and dont sign it either ? But it took me a while to catch on, I'll be honest. I did call two people at 8:00 am this morning just to make sure it was was I thought it was. These people should burn in hell for all eternity, no question about it. Think about what they did here. They impersonated the FBI. threatened criminal convictions, and tried to extort $200 from whomever bought into their money-making racket of a scam!!! If just 1 out of 10 or even 1 out of 50 for that matter bought this hook, line, and sinker at $200 a pop.....holy moses did they make out like bandits! All of it illegal too! They'll all get caught eventually...it just takes time. Should get life with no parole! Anyone disagree with this? I look forward to your responses! To God be the glory, and believe me God will have his say before it is all said and done. Could you imagine being these people when the day of judgment rolls around? Not me!!!

  • Jose Merino says:

    Thank you very much for your solution. Followed the steps and got out of the malware. I owe you now. I will buy the software.

  • andy says:

    how to get to safe mode.i do not know where to start ? help!help! help ! please!please!

  • Lilly says:

    Great common sense here. Wish I'd thguhot of that.

  • Luis says:

    I just got f***** out of 300 bucks I'm f***** pissed this is b****** I was freaking out! So I paid.

  • lee lee says:

    we got had on may 9 2013 I a gree with these other people who ever is doing this I hope the real f.B I gets the people got me for 200 dollars people like piss me off nothing to do but screw people over

  • Keenan says:

    I have an inspiron mini that has the "48 hour" virus. I can't figure out how to open in the safe mode can anyone help

  • John says:

    I just got hit on 16 May 2013 and I was freaking out too. So, I got on my phone and looked it up after thinking to myself if the was real it would have a phone to set a court date or something to that effect. I can't even got to anything on my computer safe mode does not work nothing. I don't know where to begin. I disconnected my main HDD from the computer hoping the slave drive is not infected. Now I am wait for windows to finish a start up repair. If the repair don't work what should do? Thank you

  • maryj says:

    Thanks for the information. The FBI virus are the very harmful virus and now the various versions of FBI virus are there like FBI cybercrime, FBI Moneypak Disease , child pornology etc.

  • allmosttricked says:

    I was almost tricked THANKS GUYS or I would have got scamed real modern day heros are like you!

  • PJ says:

    So far, every FBI virus removal suggestion applies to a windows operating system. I have a google operating system. Can anybody post a remedy for me?

  • Austin says:

    I am so thankful you got this off my computer I just wanted to get some music but I guess not lol

  • Ed says:

    Anyone know how to get the Green Dot Moneypak virus off of a Samsung Galaxy 10.1 tablet?

  • martatha says:

    Thank you. The info from Bill Enersen was very helpful. Momโ€™s laptop is back up and running. Thank you Bill

  • monti says:

    how do i get that FBI virus off my android phone?

  • jim says:

    Have this fbi scam on an android phone how can I get rid of it wont let me do anything

  • Vince says:

    Thanks Bill Enersen, works great. laptop up and running

  • ram din thang says:

    excuse me ,sir . my name is ram thang ,i brought it a new phone last week , now i have accept in " DEPARMENT OF JUSTICE FEDERAL BUREAU OF INVESTGATION FBI HEADQUARTERS, they said to make apanalties payment and the size of panalties is S 500 ,i do not what is panalties payment, what is moneypak , now i cant open my phone if i open phone show this latter only ,another line is cant show again now how to do i dont now, please help and what i do it , please hlep me again, .......... r

  • Denny says:

    I got the fbi virus i believe.it says im accused of watching and storing child porn.i cant do any thing on my computer which is a touch screen?laptp..vimicro brand.says i have to pay 300 in 24hrs...any one know how to fix?pease help

  • I am screweed says:

    It is BLOCKING ME FROM BOOTING UP IN SAFE MODE!!! HELP!

  • Lynn says:

    I got this FBI virus: It says I am accused of watching child porn. It will not let me do any thing on my computer. It says to pay $300n 48hrs. I saw this happened to Denny also. How do I get rid of?

  • shanna says:

    How do I get the fun virus off my smartphone. It won't let me do anything

  • dee jackson says:

    great info but how do you remove virus from an off brand tablet..And where there is no safe mode and not able to to turn the device on or off..i need help please.

  • Marc Bumstead says:

    Can anyone help ? This virus has screwed up my phone.....who thinks of this crap ?

  • john says:

    please help me with the number

  • angel says:

    i have a asus not and it got the fbi rasomware on it can not reboot in any mode can you please help thank you

  • Larry+ says:

    I have the FBI program hit my computer and I used a program that was supposed to rid my computer of viruses, but, instead the FBI Virus exe another program that will shut my computer off before it completes it loading. Sometimes I can hit F9, F10, F11 and it will partly come on and then freeze up, what do I need to do

Loading...