FBI MoneyPak Virus Screen

Share on Twitter Share on Stumble Upon Share on Digg Share on Delicious

Providing cost-effective local computer repair and network support in the middle Tennessee area

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries

The FBI MoneyPak virus, also known as Citadel Reveton, can be acquired from visiting compromised websites, opening malicious spam e-mail messages and also by unintentionally opening infected files from miscellaneous sources. And just like the majority of Ransomware that is in circulation online, it displays threatening messages and locks the computers that it has compromised down - disabling access to all applications and also the Windows Task Manager. There have been several variations of the original FBI MoneyPak virus released since it was first discovered.

Some versions of the virus can be removed easily by simply restarting the computers in "Safe Mode", restoring the systems back to a previous state by utilizing "System Restore" and then afterwards, executing a complete scan of the infected systems with an Anti-malware utility such as Malwarebytes to remove any remaining traces of the ransomware. Unfortunately, with the new variations of the FBI MoneyPak virus, it takes a little more effort to remove the virus completely today. And with that in mind, we'll be instructing you on how to remove the worst variations of this particular virus, just in case. The removal techniques listed below should aid you in removing the majority of FBI MoneyPak virus variations that you may come across.

Since variations of this particular virus will most likely hinder your attempts at removing it, it will be best to download a few needed removal utilities on a known clean computer and then transfer them to the infected computer. You can do this by utilizing a flash drive, a cd or some other media that is compatible with the clean and also with the infected computer.

Applications that you'll need to download to assist in removing the virus

  1. rKill
  2. TFC (Temp File Cleaner)
  3. Combofix
  4. Emsisoft Anti-Malware

How to remove the FBI MoneyPak virus step by step:

  1. First you'll need to restart the system into "Safe Mode with Command Prompt" by pressing the "Function F8" key during the system start up, before the "Microsoft Windows" logo appears.

  1. Once the login screen appears, log into an account with administrative rights. If you're unsure which account has administrator rights, just select the account that was being used when the virus first infected the system.
  2. After you log into Windows, the command prompt will appear. If you haven't done so already, insert the flash drive or cd with the utilities that you downloaded on the other clean system into the infected system that you are now working on.
  1. Now at the command prompt you'll need to navigate to the drive where the virus removal utilities are located. If you burned the files to a cd then the drive letter will probably either be "D" or possibly "E". So, with that in mind you'll type either "D:" or "E:" without the quotations at the command prompt. to make sure you're working on the right drive type "Dir" without the quotations at the command prompt to display the contents of the drive that you have selected. You should see the files and/or folders that you copied or burned on the disk. If you created a folder and then downloaded the files into that folder, type "CD {Your Folder's Name} at the command prompt. You should now be in the directory where your needed files are located.

  1. Next, the first utility that you need to execute is rKill. It will attempt to terminate any malicious processes that are running on your computer. And by doing so it will make removing the FBI MoneyPak virus a lot easier, since it's files won't be in use. To do this just type "rkill.exe" at the command prompt while in the proper directory.

  1. Next, execute the copy of "TFC' that you downloaded and copied by typing "TFC.exe" at the command prompt. It will clean out your temporary files, which is where many virus executables may be hiding.

  1. Once "TFC" has finished, make sure that any previously installed anti-virus utilities are not running currently by typing "Explorer" at the command prompt and disabling the real time scanning features of the installed anti-virus utilities with point and click access. If you don't currently have a installed anti-virus, avoid starting "Windows Explorer".
  2. Next, execute the copy of Combofix that you downloaded and copied. If the "Windows Explorer" is running and your desktop is up, just proceed to "My Computer' and then the external drive with the files and then execute "Combofix from there. If you never started "Windows Explorer", because you don't have an anti-virus installed, type "Combofix.exe" at the command prompt while in the proper directory of the external drive or cd. Combofix will make a backup of your registry and commence it's scan of your system. It will take 10 minutes or more for it to complete. It just depends on your system's hardware and the amount of infected files that you have.

  1. After "Combofix" has completed it's scan and removal, execute the copy of "Emsisoft Anti-malware' by typing the complete executable's name at the command prompt. Run a complete system scan and quarantine anything that it detects as malicious. The complete system scan will take a while so be patient.

After the scan, restart your computer normally. Log into your account and check for any signs of the FBI MoneyPak virus. If it hasn't been removed properly, it should pop up fairly quickly. If if doesn't pop up, open a web browser and check for Internet connectivity by browsing a few websites. If you have net access and the virus hasn't come back up, it's removal should now be complete. If it does pop back up though, you'll need to contact a professional virus removal specialist to eradicate the ransomware.

Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.

Revision 1.1

©Smithtechres.com 2013 All Rights Reserved. Website Privacy Policy. Site Map

Microsoft Windows Advanced Options Menu Microsoft Windows Command Prompt Microsoft Windows Command Prompt rKill Execution Example Microsoft Windows Command Prompt Utility Execution Example Microsoft Windows Command Prompt Combofix Execution Example Microsoft Windows Command Prompt Emsisoft Anti-Malware Execution Example

You may also be interested in the following tutorials:

FBI Moneypak Virus Removal Tutorial