The MoneyGram is a malicious application which works as screen locker and categorized as a notorious ransomware. It is a new variation of another popular ransomware which is known as the MoneyPack. Once installed on any computer the MoneyGram has the ability to lock your screen, and you will be informed through a message that you are involved in any online criminal activity due to which a law enforcement agency has locked your computer. You are asked to pay the $200 to unlock your system. In reality this is a trap to target innocent users. This is a multipurpose trap which is designed not only to take the money of the users, but also record your personal information that you have provided while paying the ransom amount. This information may include credit card or bank details, name, emails, passwords, and other confidential details.
Manual Removal Method of MoneyGram
When you detect this notorious ransomware application on your computer, you have to remove it immediately. To remove this malicious application from the infected computer you can get help from any automatic removal tool; however, if you want to get rid of this parasite manually, you have to follow the complicated steps of the manual removal method which are described as under:-
Start the Computer in Safe Mode
The manual removal method consists of killing the processes, removing files, and deleting registry entries, but first you have to restart the computer in the safe mode. You have to use F8 key while the computer is in restarting process, and select safe mode option from the boot options.
Delete the Malicious Processes
Once the infected system starts working in the safe mode, you need to start the windows task manager window through Ctrl+Alt+Delete keys, and then made a click on the processes tab. You have to delete the following related processes of MoneyGram:-
- %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Delete the Associated Files
As soon as the associated processes are removed, you have to find and delete the related files of this dangerous parasite. In this regard, you have to open the file explorer, and browse to the system files folder to remove the following files:-
- %Desktopdir%\MoneyGram Virus.lnk
- %Programs%\MoneyGram Virus\MoneyGram Virus.lnk
Delete Registry Entries
The most important step of manual removal process is cleaning the windows registry from the corrupt entries created by MoneyGram parasite. In this regard, you have to start the registry editor by executing the regedit command through run option available in the start menu. After opening the registry editor, you have to find and delete the following entries:-
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyGram Virus\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyGram Virus
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyGram Virus\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyGram Virus\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyGram Virus\DisplayName MoneyGram Virus
Close the registry editor window, and restart the system in the normal mode after terminating the safe mode. Run a complete system scan on your infected computer after updating your existing antivirus program.