Call 800 860 8467

FBI Moneypak virus removal

The FBI Green Dot Moneypak Virus is an extremely dangerous cyber infection that claims some sort of connection with the governmental organization FBI. This virus displays an alert that locks the computer down and disables programs and files. Logging on to your PC will directly take you to the Green Dot Moneypak screen.

The FBI MoneyPak message states that the only way to unlock the computer is to pay a $100-$200 fine through MoneyPak within 72 hours. The amount varies from message to message. MoneyPak is a reloadable money card that can be purchased and used to pay merchants that accept MoneyPak. Some versions of the message include information that a MoneyPak card can be purchased at retail stores including 7-Eleven, Riteaid, CVS/Pharmacy, Kmart and others.

The messages always threaten that if the fine is not paid, a criminal case would be initiated. FBI MoneyPak virus locks the computer screen on the startup. It displays a white window saying "Page is loading, please wait. This may take up to 30 seconds". Then a new screen appears with the FBI warning that computer has been locked due to some illegal activities such as viewing illegal material, sending unsolicited emails and information, which is under the prosecution of Federal Government according to the Copyright Act (Section 106), Criminal code (section 184 paragraph 3). It is pointed that person should pay the fine of $200 to MoneyPak payment system in 72 hours. If payment is not preceded in the given time, the confiscation of the computer, as well as sentencing is threatened.

The FBI Green Dot Moneypak Virus is downloaded with other programs or files without any permission asked. This could be through fake video codecs, Flash updates or other freeware from the source that is not official. Right after infiltration, the FBI Green Dot Moneypak Virus replaces the desktop’s background with an alert which seems to be sent by a governmental agency belonging to the United States Department of Justice.

Since this virus is intricate and needs to be carefully dealt with, a manual removal of the FBI Green Dot Moneypak virus would be recommended, and can be done by following these steps:

Read more about FBI Virus Removal»

1. Reboot the video and launch the Safe Mode with Networking.

2. Hit Alt+Ctrl+Del to launch the task manager. Look at the processes the commuter is currently running.

Find the application which is made of random letters .exe and End Process. The applications which need to be terminated:

  • tpl_0_c.exe
  • ch810.exe
  • 0_0u_l.exe
  • [random].exe
  • jork_0_typ_col.exe
  • vsdsrv32.exe
  • Protector-[rnd].exe
  • Inspector-[rnd].exe

3. Remove the Virus files:

Go to My Computer

Find to Folder options and click View tab
Select Show hidden files, folders, and drives and click Apply

Go to

C:\Users\Your profile\AppData\Local\Temp

The temp folder should contain many folders with letters and numbers. Please find the following and delete the .exe files:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Random.exe
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Random.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

Also the infected files can be removed using RegEdit software which finds and removes the Registry entries. You should get rid of those values:

  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0
  • HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0
  • HKEY_CURRENT_USER\Software\FBI Moneypak Virus
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

Now search for the following files and if you find them, please delete:

  • %Program Files%\FBI Moneypak Virus
  • %AppData%\Protector-[rnd].exe
  • %AppData%\Inspector-[rnd].exe
  • %AppData%\vsdsrv32.exe
  • %AppData%\result.db
  • %AppData%\jork_0_typ_col.exe
  • %appdata%\[random].exe
  • %Windows%\system32\[random].exe
  • %Documents and Settings%\[UserName]\Application Data\[random].exe
  • %Documents and Settings%\[UserName]\Desktop\[random].lnk
  • %Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
  • %CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
  • %Temp%\0_0u_l.exe
  • %Temp%\[random].exe
  • %StartupFolder%\wpbt0.dll
  • %StartupFolder%\ctfmon.lnk
  • %StartupFolder%\ch810.exe
  • %UserProfile%\Desktop\FBI Moneypak Virus.lnk
  • WARNING.txt
  • V.class
  • cconf.txt.enc
  • tpl_0_c.exe

The removal process is over. Reboot your computer ad you may try repeating the cleaning procedure in case some of infected files are still left and may result some strange behavior of the computer.

Remember to stay away from opening attachments from people you do not know or your friends whose emails are unnatural. Always let the anti-virus software be active and scan the computer for Trojans, as that may cause such viruses as FBI MoneyPak virus scam.

Manually removing the virus can cause a few stumbling blocks along the way. If you are stuck with any impediments during the manual removal process, do not hesitate to contact online technical experts who specialize in virus removal, such as SuperTechMan. For just $29, you will be completely virus and stress free.

800 860 8467
  • SuperTechman provides remote technical software, hardware and peripheral services. Our affiliation with third party organizations implies no bearing of affiliation or responsibility with the third party unless expressly specified. Any third party software, hardware and peripheral warranties must be dealt with the relevant third party. PLEASE READ THE FULL DISCLAIMER.
  • Free Diagnostics

    Get to the bottom of the problem with a

    Call 1 800 860 8467 with our support engineers NOW!

    It's as simple as 1-2-3!

    When you call or click:

    1. You're connected with a Tech Expert
      who will...
    2. Identify and diagnose the problem
      remotely and will...
    3. Recommend a solution
  • Speak to
    a Certified Technician

    • Alex Online

      Top Rated

      2409 cases

Real user reviews Top Rated

I had the hardest time finding easy and affordable services. Without a car, I was stranded until I discovered SupertechMan who saved me a run for my money.

See Testimonials »
Super Tech Man in News