"Guys, please help! My laptop is totally locked by FBI now and it says that I have violated some laws and needs to pay a release fee of $200 to unlock my laptop."
If your computer encountered the similar situation, it means your computer is affected by FBI MoneyPak Virus. The FBI virus, also referred to as the FBI Moneypak virus, Citadel Reveton, and other terms is dangerous malware categorized as ransomware we discovered in 2012 that cyber criminals use in attempt to disguise themselves as the FBI.
The FBI MoneyPak virus will lock you out of your computer and applications, and display a bogus notification that pretends to be from the FBI and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content. You need to pad a penalty fine of $100, $200, $300, or more unlock the computer system within the allotted time of 48 to 72 hours by use of MoneyPak cards.
Seeing this type of message most people will get afraid as they do not want to get arrested or to have long legal battle with FBI. So they end up paying so called fine to cyber criminals. However, the claims made by the FBI virus are fraudulent information that is in no way associated with the government of the United States. And after paying, your computer is still infected and need to be cure. Thus, here I will show you how to remove FBI MoneyPak Virus from laptop.
How to Unlock a Computer Locked by FBI MoneyPak Virus?
The FBI MoneyPak virus is distributed through several means such as malicious websites, spam email containing infected attachments or links to malicious websites. To unlock a computer locked by FBI MoneyPak virus, you need to remove FBI MoneyPak Virus from your computer first.
You can manually remove this FBI MoneyPak virus. And before you make any changes, please do a system backup with backup tool such as Windows Boot Genius beforehand in case any unpredictable results occur.
- Step1. Reboot your infected computer and keep pressing F8 key on your keyboard and next use the arrow keys to select "Safe Mode with Networking" and press E/Enter.
- Step2. Press Ctrl+Alt+Del at the same time or right click on the Task Bar to open the Windows Task Manager. Then end the process [FBI Moneypak].exe.
- Step3. Open Control Panel from Start menu. And find Folder Options and under View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) then click OK.
- Step 4. Open Windows Start Menu and type %appdata% into the search field and press Enter. And navigate to: Microsoft\Windows\Start Menu\Programs\Startup.
- Step 5. Remove ctfmon (ctfmon.lnk if in dos) – this is what's calling the virus on start up. This is notctfmon.exe.
- Step 6. Open Windows Start Menu and type %userprofile% into the search field and press enter. Navigate to: Appdata\Local\Temp and remove rool0_pk.exe and V.class.
- Step 7. To ensure FBI Moneypak is completely removed via manually, delete all given files if located. The files listed below are a collection of what causes FBI Moneypak to function.
- Step 8. Open Registry Editor by pressing Windows+R keys and typing "regedit" in the Run box.
Step 9. Find out and remove all these associating registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\"Shell" = "random"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
Reboot your computer and get into normal mode when the above steps are done. Your computer should now be free of the FBI MoneyPak infection. Note that steps above only apply to computer locked by FBI MoneyPak virus. If you want to Unlock a Password-Protected Computer, click here for details.