Ransomware.FBI Moneypak

Posted: June 25, 2012
Threat Metric
Threat Level: 7/10
Infected PCs 5,471

Ransomware.FBI Moneypak Description

Ransomware.FBI Moneypak Screenshot 1FBI Moneypak ransomware is ransomware that displays a fraudulent FBI warning as part of its attempt to steal money from the victim via MoneyPak. As a close relative of the Gema 'Access to your computer was denied' Virus, Police Central e-crime Unit (PCEU) ransomware, and Buma Stemra Virus, FBI Moneypak Ransomware can be deleted safely by the same anti-malware programs that can remove the so-called Gema Virus, which employs similar tactics, albeit for German rather than US legal jurisdictions. Although the FBI Moneypak ransomware's pop-up alert proclaims that your PC has been locked in connection with intellectual property-based crimes (such as downloading illegal mp3s), SpywareRemove.com malware experts place heavy emphasis on FBI Moneypak ransomware being completely disassociated from the FBI and all supplementary legal enforcement agency. FBI Moneypak ransomware will attempt to block all major programs while FBI Moneypak ransomware is open, but an alternate boot method combined with an exacting anti-malware scan can remove FBI Moneypak ransomware, and with it, the blockade that FBI Moneypak ransomware causes.

Why You Shouldn't Hand Over Your Cash When FBI Moneypak Ransomware Comes A-Knocking

FBI Moneypak ransomware and similar PC threats are sometimes distributed by spam e-mail campaigns, as well as by malicious sites (which may use browser exploits to install FBI Moneypak ransomware directly, or include FBI Moneypak ransomware as a mislabeled download link). No matter how FBI Moneypak ransomware climbs onto your PC, its presence is always extremely noticeable, since FBI Moneypak ransomware's primary act of sabotage is to display a warning message that blocks your entire desktop (similar to the prolific ransomware Trojans known as Trojan:Win32/Reveton.A and Trojan:Win32/Ransom.DU). FBI Moneypak ransomware's pop-up alert claims that your PC has been locked for its association with IP crimes, such as illegal file-trafficking activities, and even makes the additional (and highly dubious) claim that your activities are being video-recorded.

The end to FBI Moneypak ransomware's hoax is identical to that of the Gema 'Access to your computer was denied' Virus: like its forebear, FBI Moneypak ransomware will ask you to send the money via MoneyPak, and even provides a few suggestions for retailers that support this service. Although FBI Moneypak ransomware informs its victims that this will end the blockade, SpywareRemove.com malware experts discourage handing money over to the FBI Moneypak ransomware's criminal friends, since this isn't guaranteed to save your PC and is unnecessary for removing FBI Moneypak ransomware safely.

Banishing This Fake Man in Black with Every Dollar Intact

If you're faced with an FBI Moneypak ransomware warning message at every login, SpywareRemove.com malware research team recommends that you use typical anti-malware strategies and software to remove FBI Moneypak ransomware without any need to pay its fraudulent fine. Deactivating FBI Moneypak ransomware should be considered a necessary step before you attempt to disinfect your PC, due to FBI Moneypak ransomware's ability to block unrelated programs. This can be accomplished by:

  • Booting your computer from a wireless drive or removable hard drive to avoid triggering malicious Registry entries.
  • If necessary, Safe Mode can also be used to minimize the potential of PC threats like FBI Moneypak ransomware that can launch with Windows.
  • Scanning your computer with dedicated anti-malware software that can remove all of FBI Moneypak ransomware's components safely and for free.

The FBI MonkeyPak Ransomware uses the following ransom note to scare PC users:

Federal Bureau of Investigation

Location: Your Country Here
IPS: Your ISP Here

Your PC is blocked due to at least one of the reasons specified below.

You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.

Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.

Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.

Pursuant to the amendment to the Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine to the State.

Fines may be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!

To unblock the computer, you must pay the fine through MoneyPak of 100$.

System Progressive Protection Screenshot 2System Progressive Protection Screenshot 3

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ransomware.FBI Moneypak may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\Microsoft\Windows\Templates\DircxtX.exe File name: DircxtX.exe
Size: 46.59 KB (46592 bytes)
MD5: a87c6a29eeec8033148fbabce87a778b
Detection count: 206
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Templates\
Group: Malware file
Last Updated: November 27, 2013
%appdata%\Microsoft\Windows\Templates\style.jpg File name: style.jpg
Size: 350.79 KB (350795 bytes)
MD5: 30c8ac2e6e077f1a7f88e5807285e2ba
Detection count: 72
Mime Type: unknown/jpg
Path: %appdata%\Microsoft\Windows\Templates\
Group: Malware file
Last Updated: January 16, 2018
%appdata%\Microsoft\Windows\Templates\style.bmp File name: style.bmp
Size: 2.25 MB (2250054 bytes)
MD5: 799eaf32967b1cec037546b5dc087510
Detection count: 53
Mime Type: unknown/bmp
Path: %appdata%\Microsoft\Windows\Templates\
Group: Malware file
Last Updated: January 16, 2018
%WINDIR%\Fonts\2HMwR.com File name: 2HMwR.com
Size: 405.5 KB (405504 bytes)
MD5: e6be886e4733b8dd55fe61465479a1aa
Detection count: 35
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%\Fonts\
Group: Malware file
Last Updated: December 4, 2013
%StartupFolder%\ctfmon.lnk File name: %StartupFolder%\ctfmon.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
WARNING.txt File name: WARNING.txt
Mime Type: unknown/txt
Group: Malware file
%Temp%\[RANDOM].exe File name: %Temp%\[RANDOM].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
cconf.txt.enc File name: cconf.txt.enc
Mime Type: unknown/enc
Group: Malware file
%AppData%\vsdsrv32.exe File name: %AppData%\vsdsrv32.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
tpl_0_c.exe File name: tpl_0_c.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartupFolder%\wpbt0.dll File name: %StartupFolder%\wpbt0.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
V.class File name: V.class
Mime Type: unknown/class
Group: Malware file
%StartupFolder%\ch810.exe File name: %StartupFolder%\ch810.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

Home Malware Programs Malware Ransomware.FBI Moneypak


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.