FBI Moneypak is a rogue application that is totally illegal. Like many other ransomware, this malicious tool is also developed by the hackers whose main purpose is to get money from the users using fake methods. FBI Moneypak, after installing itself, works in the background and steals your personal information without you being aware of it. It shows a pop up message that FBI has locked your computer and you need to pay a fine of 100 dollars within the next 72 hours.

When the above message shows up, you cannot do anything unless you pay the ransom which is not a wise thing to do. Instead of paying the FBI Moneypak you should delete it instantly to prevent any harm.

Remove FBI Moneypak processes

  1. You need to open the Windows task manager to stop the FBI Moneypak processes.
  2. Press the short cut keys CTRL+ALT+DEL and find the tab ‘processes’ and click on it.
  3. From the alphabetically arranged processes find the FBI Moneypak process random.exe.
  4. Click on process then press the button ‘End process’ which is at the end of the windows task manager window.

Remove FBI Moneypak Registry key values

  1. Registry editor is mandatory to remove the FBI Moneypak registry entry values.
  2. Click on Start > Run.
  3. Type ‘regedit’ and press Ok.
  4. From the left section of the registry editor click on Edit then on find.
  5. Enter the values of registry entries one by one and press enter.
  6. Right click on the found result, select Modify and then click on Delete.

The FBI Moneypak registry entries that you need to find are:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd] HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe

HKEY_LOCAL_MACHINE\SOFTWARE\FBI Moneypak Virus

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0

HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0

HKEY_CURRENT_USER\Software\FBI Moneypak Virus

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Moneypak Virus

HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

Remove FBI Moneypak other files

  1. Go to Start button > ‘all programs’.
  2. Select the option ‘Accessories’ then ‘command prompt’ and click on it.
  3. Write down the path of the file name along with the directory name.
  4. When the file opens type ‘regsvr32 /u Sample File Name.dll’ and replace the Sample File Name.dll with the FBI Moneypak following file names which are under:

%Program Files%\FBI Moneypak Virus

%AppData%\Protector-[rnd].exe

%AppData%\Inspector-[rnd].exe

%AppData%\vsdsrv32.exe

%AppData%\result.db

%AppData%\jork_0_typ_col.exe

%appdata%\[random].exe

%Windows%\system32\[random].exe

%Documents and Settings%\[UserName]\Application Data\[random].exe

%Documents and Settings%\[UserName]\Desktop\[random].lnk

%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus

%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk

%Temp%\0_0u_l.exe

%Temp%\[RANDOM].exe

%StartupFolder%\wpbt0.dll

%StartupFolder%\ctfmon.lnk

%StartupFolder%\ch810.exe

%UserProfile%\Desktop\FBI Moneypak Virus.lnk

WARNING.txt

V.class

cconf.txt.enc

tpl_0_c.exe

 

How to remove FBI Moneypak?
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>