MoneyPak Virus Removal


 
What is the MoneyPak Virus?

The Moneypak Virus, also referred to as the FBI Virus, GreenDot Virus, GameCash Virus, etc is a term for a specific type of ransomware that was discovered in 2012. Cyber criminals use this ransomeware in attempt to disguise themselves as the FBI. or other Governmental agency. The Moneypak virus utilizes Trojan horses in order to lock computer systems and extort money from you. The Moneypak virus applies a variety of unethical tactics, including social engineering in attempt to persuade unsuspecting victims to pay an unnecessary fine by making fraudulent claims that the computer has been involved in illegal activity such as downloading or distributing copyrighted material or viewing child pornography, etc. The ransomware demands a penalty fine of $100, $200, $300, or more to be paid in order to unlock the computer system within a certain time period by use of Moneypak cards. The FBI Moneypak ransomware virus also states on the fake FBI screen that you may see jail time if the fine is not paid in time. Do NOT BUY A MONEYPAK CARD!!! I have had several people come to me stating, "I bought a moneypak card and entered the number but the computer is still locked. Should I buy another one?" NO! You just helped fund organized cyber crime.




.
.
Please remember, this is the symptom of dangerous malware called ransomware. The claims made by the FBI MoneyPak virus on the fake FBI page are not real. You are not in trouble with the FBI or Government, paying the fine using vouchers and Moneypak cards will not rid this particular malware from your computer, and using an activation number to remove the FBI MoneyPak virus will likely initiate a response and lead to further complications.

Phishing: Fake phone calls

In some reported instances, victims have received phone calls from criminals claiming to be Microsoft employees (etc.) informing them that their computer systems has been infected with malware, etc. These phone calls are in relation to this particular type of malware. If you receive any calls like this, keep in mind these are not Microsoft employees (nor any other legitimate organization), and contact the proper law enforcement depending on your geographic location. These phone calls are defined as "phishing" schemes and may or may not be related to the FBI Moneypak virus.

What happens if the FBI virus is not removed?

If you are infected with ransomware such as the FBI Moneypak virus, your personal data and computer system functionality is already at a very high risk. If the infected computer is powered ON and connected to the internet, Trojans horses may have complete control of the computer system and access to every piece of stored data.

The main purpose of this ransomware is to target and scare unsuspecting victims into believing they are in trouble with a department of authority in order to willingly pay the fine stated on the prompted “alert page”, but that does not mean the infection will not hibernate (remain undetected) on an infected system in order to exploit vulnerabilities utilizing other malicious practices aside from locking the system. It has been reported that the FBI moneypak virus may collect private information while remaining in the background.


How To Remove the MoneyPak Virus

There are many different variants of the MoneyPak viruses, but in almost all cases, they only effect a single user on the computer. If you are able to login as another user, it is much easier to remove. The basic steps to remove the virus are as follows:


Step 1: Login as a Different User
If you have multiple accounts on the computer, simply login as a user that is not affected and run your antivirus software.

If you are unable to login as a different user, see Step 2 (Create a New User).

If your antivirus software is unable to remove the MoneyPak Virus, see Step 3 (Manual Removal).


Step 2: Create a New User

--Restart your computer and press F8 during the boot process.
--Select "Safe Mode with Command Prompt"
--At command prompt type "control userpasswords2"
--Click the "Add..." button
--Enter a name and password then click Next
--Click Next
--Click Finish
--Reboot
--Login as new user
--Run antivirus software. If antivirus software does not remove the MoneyPak virus, see Step 3 (Manual Removal).

Step 3: Manual Removal (Optional)

If your antivirus software is unable to remove the MoneyPak virus, you may also remove the virus manually by deleting the files:
%appdata%\microsoft\windows\start menu\programs\startup\cftmon.exe
and
%/userprofile%\appdata\local\temp\rool0_pk.exe

**Do not worry if you do not see cftmon.exe listed above it is not in every variant of the MoneyPak Virus.
**The file rool0_pk.exe may have different names, but they should be similar in structure. It may also be accompanied by [random].mof file.

Other file names that have been know to be associated with the MoneyPak Virus include, but are not limited to:
%Program Files%\FBI Moneypak Virus
%Appdata%\skype.dat
%Appdata%\skype.ini
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%AppData%\vsdsrv32.exe
%AppData%\result.db
%AppData%\jork_0_typ_col.exe
%appdata%\[random].exe
%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\All Users\Application Data\FBI Moneypak Virus
%CommonStartMenu%\Programs\FBI Moneypak Virus.lnk
%Temp%\0_0u_l.exe
%Temp%\[RANDOM].exe
%StartupFolder%\wpbt0.dll
%StartupFolder%\ctfmon.lnk
%StartupFolder%\ch810.exe
%UserProfile%\Desktop\FBI Moneypak Virus.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe
irb700.exe
dtresfflsceez.exe
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe


Helpful Utilities

Sometimes none of the above steps work on a particular variant of the MoneyPak Virus. If you find yourself in this situation, utilize free utilities that are available to remove the moneypak virus from your computer. These utilities do require some knowledge of burning CDs, building bootable usb drives, and changing enabling your computer to boot from these types of media.

    Windows Defender Offline:
    http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

    Kapersky Rescue Disk:
    http://www.kaspersky.com/virus-scanner

    Sophos Bootable:
    http://www.sophos.com/en-us/support/knowledgebase/52053.aspx

Fast Track your Website! $7.99 .CO or .COM domains
That's a Smart Move! Economy Hosting for $1.99/mo.
That's a Smart Move! Economy Hosting for $1.99/mo.
Drive Your Message to the Web with a $5.99 .COM from GoDaddy.com
Fast Track your Website! $7.99 .CO or .COM domains
 

Website Builder