cancel
Showing results for 
Search instead for 
Did you mean: 

FBI Moneypak Removal

Guys, my observations lately show that FBI Moneypak is one of the computer infections with which many many users have problems. This is why I want to give you some tips on how to remove this virus from your PC if you happen to be infected with it. I really hope it will help, because this virus has already attacker two of my friends` PCs and it causer  real dismay and problems.

So, first of all do not panick and do not pay, then follow these steps:

1. Go into SafeMode with Command Prompt . To do that, press F8 key continuously

2. Press Enter to load Windows in Safe Mode and see the Command Prompt Window

3. In it type explorer.exe to see your desktop without the FBI notification

4. Open the Start menu and type rstrui in the Search bar to open the System Restore feature

5. Now you can restore your system to a previous date before the infection has entered and infected your PC

Then you have to really clean your system, because otherwise FBI Moneypak will still stay on your system and continue stealing your details.

This can be done in two different ways. The first option you have is to remove it manually and to do that you have to edit your computer registry and also remove these files:

For Win XP:

C:\Documents and Settings\{Your User Name}\Start Menu\Programs\Startup\ctfmon.exe

C:\Windows\[Random.exe](eg. Pmfjyiaj.exe)

C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random.exe]

C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random]

For Vista:

C:\Program Data\csrss.exe

C:\Users\{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe

C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\[Random]\ [Random.exe]

C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\ [Random]

C:\Program Data\lsass.exe

C:\Program Data\[Random.exe]

The second option you have is to use an automated removal tool like http://www.malwarebytes.org/ or you can also follow the instructions here http://www.americanpendulum.com/2012/10/02/fbi-moneypak-scam-dangerous-malware-making-millions-of/

Good luck! Hope I have been helpful to you.

Message was edited by: peterchill on 10/31/12 4:49:21 AM CDT
21 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 22

Re: FBI Moneypak Removal

Thanks for posting peterchill, that's basically what I would start out telling people to do too.   Hope it helps someone.

Re: FBI Moneypak Removal

Yeah, this infection is really bad, I really hope it`ll stop threatening computers soon ...

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 22

Re: FBI Moneypak Removal

It would help if the authorities in the countries where these malware makers appear to thrive had some good laws about this sort of thing, and enforced them.   As it is now they seem not to care at all about it.   Most of this stuff originates in the old Eastern Communist Bloc countries.

Re: FBI Moneypak Removal

I can't run rstrui.exe; I get an error saying it has to close and do I want to notify MS.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 22

Re: FBI Moneypak Removal

Can you start it in Safe Mode?  What operasting system and service pack (if applicable) is this

Re: FBI Moneypak Removal

Windows XP SP3. I can get into Safe Mode with Command Prompt. Everything else goes toa white page too quickly. I copied rstrui.exe from another machine onto the infected one but it also crashes. I'm currently running a McAfee scan.

Message was edited by: damascus2 on 5/7/13 6:01:25 PM CDT

Message was edited by: damascus2 on 5/7/13 6:04:46 PM CDT
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 8 of 22

Re: FBI Moneypak Removal

You need access to the rstrui that's in XP as that's the restore mechanism for that particular system.

You can start it in Safe Mode with Command Prompt as follows:

Type C:\windows\system32\restore\rstrui.exe and press Enter.

That's assuming your XP drive is C:, alter it to whatever it is if not.

If you can't start it then try running Hijackthis and post its log as instructed lower down the last link in my signature below.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 9 of 22

Re: FBI Moneypak Removal

By the way, I doubt McAfee will detect it as most antiviruses aren't equipped for these money scams.   It's up to you but I would stop the scan and go ahead and try the command prompt restore.

Re: FBI Moneypak Removal

Thanks. I noticed something similar in another post I read while waiting and got it to run. When my computer booted up, CHKDSK ran and deleted many corrupt record segments, orphan segments., and an index entry. Now it won't boot up. The screen stays black after the Windows logo goes off and you would expect the blue Welcome screen.

Also can't boot into any safe mode. The instructions say to fix registry, but what to fix?

Message was edited by: damascus2 on 5/7/13 6:29:45 PM CDT

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community