1 2 3 Previous Next 21 Replies Latest reply on May 10, 2013 3:28 PM by exbrit

    FBI Moneypak Removal

      Guys, my observations lately show that FBI Moneypak is one of the computer infections with which many many users have problems. This is why I want to give you some tips on how to remove this virus from your PC if you happen to be infected with it. I really hope it will help, because this virus has already attacker two of my friends` PCs and it causer  real dismay and problems.


      So, first of all do not panick and do not pay, then follow these steps:


      1. Go into SafeMode with Command Prompt . To do that, press F8 key continuously

      2. Press Enter to load Windows in Safe Mode and see the Command Prompt Window

      3. In it type explorer.exe to see your desktop without the FBI notification

      4. Open the Start menu and type rstrui in the Search bar to open the System Restore feature

      5. Now you can restore your system to a previous date before the infection has entered and infected your PC


      Then you have to really clean your system, because otherwise FBI Moneypak will still stay on your system and continue stealing your details.


      This can be done in two different ways. The first option you have is to remove it manually and to do that you have to edit your computer registry and also remove these files:


      For Win XP:

      C:\Documents and Settings\{Your User Name}\Start Menu\Programs\Startup\ctfmon.exe

      C:\Windows\[Random.exe](eg. Pmfjyiaj.exe)

      C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random.exe]

      C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows\[Random]


      For Vista:

      C:\Program Data\csrss.exe

      C:\Users\{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe

      C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\[Random]\ [Random.exe]

      C:\Users\{User Profile}\AppData\Local\Microsoft\Windows\ [Random]

      C:\Program Data\lsass.exe

      C:\Program Data\[Random.exe]


      The second option you have is to use an automated removal tool like http://www.malwarebytes.org/ or you can also follow the instructions here http://www.americanpendulum.com/2012/10/02/fbi-moneypak-scam-dangerous-malware-m aking-millions-of/


      Good luck! Hope I have been helpful to you.


      Message was edited by: peterchill on 10/31/12 4:49:21 AM CDT
        • 1. Re: FBI Moneypak Removal

          Thanks for posting peterchill, that's basically what I would start out telling people to do too.   Hope it helps someone.

          • 2. Re: FBI Moneypak Removal

            Yeah, this infection is really bad, I really hope it`ll stop threatening computers soon ...

            • 3. Re: FBI Moneypak Removal

              It would help if the authorities in the countries where these malware makers appear to thrive had some good laws about this sort of thing, and enforced them.   As it is now they seem not to care at all about it.   Most of this stuff originates in the old Eastern Communist Bloc countries.

              • 4. Re: FBI Moneypak Removal

                I can't run rstrui.exe; I get an error saying it has to close and do I want to notify MS.

                • 5. Re: FBI Moneypak Removal

                  Can you start it in Safe Mode?  What operasting system and service pack (if applicable) is this

                  • 6. Re: FBI Moneypak Removal

                    Windows XP SP3. I can get into Safe Mode with Command Prompt. Everything else goes toa white page too quickly. I copied rstrui.exe from another machine onto the infected one but it also crashes. I'm currently running a McAfee scan.


                    Message was edited by: damascus2 on 5/7/13 6:01:25 PM CDT


                    Message was edited by: damascus2 on 5/7/13 6:04:46 PM CDT
                    • 7. Re: FBI Moneypak Removal

                      You need access to the rstrui that's in XP as that's the restore mechanism for that particular system.


                      You can start it in Safe Mode with Command Prompt as follows:


                      Type C:\windows\system32\restore\rstrui.exe and press Enter.


                      That's assuming your XP drive is C:, alter it to whatever it is if not.


                      If you can't start it then try running Hijackthis and post its log as instructed lower down the last link in my signature below.

                      • 8. Re: FBI Moneypak Removal

                        By the way, I doubt McAfee will detect it as most antiviruses aren't equipped for these money scams.   It's up to you but I would stop the scan and go ahead and try the command prompt restore.

                        • 9. Re: FBI Moneypak Removal

                          Thanks. I noticed something similar in another post I read while waiting and got it to run. When my computer booted up, CHKDSK ran and deleted many corrupt record segments, orphan segments., and an index entry. Now it won't boot up. The screen stays black after the Windows logo goes off and you would expect the blue Welcome screen.


                          Also can't boot into any safe mode. The instructions say to fix registry, but what to fix?


                          Message was edited by: damascus2 on 5/7/13 6:29:45 PM CDT
                          1 2 3 Previous Next