FBI Your PC is Blocked scam (Moneypak or REloadit) Virus

How to unblock your computer after FBI - "Your PC is blocked" (MoneyPak)?

The message from FBI that blocks computer user's screen and ask to pay a fine of $200 (or $300) for copyright violations is a scam released by Cyber criminals. In reality it's a ransomware infection which originates from a family of fake screen lockers called Malex (other screenshots shows ransomware from Urausy and Uremtoo families). As all of the simmilar ransomware infections this scam uses a name of an authority (FBI), this is done to make the message presented in this scam appear more legitimate. You should realize that none of the authorities are collecting fines for copyright violations (or any other violations) using such methods (locking user's PC).

For money transactions this scam is using MoneyPak (MoneyPak works as a ‘cash top-up card’, it's used to reload prepaid cards, add money to a PayPal account without using a bank account etc). Your computer could have got infected with this rogue screen locker while you visited a bogus website or while you were using P2P networks. Most commonly such ransomware infections are distributed using Trojans - the best way to keep your PC safe from such security infections is using a legitimate antivirus and antispyware programs. Moreover you should also keep your operating system and all of your installed programs up to date.

Previously seen variants of ransomware which exploited the name of FBI were named FBI your computer has been locked scam and The FBI Federal Bureau of Investigation Screen locker. Note that these ransomware infections originates from different rogue families, this means that there are several groups of Cyber criminals who are making money from unsuspecting PC users who falls for the trickery of such scams. Don't pay this imaginary fine for copyright violations and use this removal guide to help you eliminate this screen locker from your PC.

Fake message shown in FBI - Your computer is blocked ransomware:

F.B.I
Federal Bureau of Investigation
You PC is blocked due to at least one of the reasons specified below.
ATTENTION!
You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted contents, thus
infringing Article 1, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 8, Cause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two
to eight years.
You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoophilla and etc). Thus violating article 202 of the Criminal Code of United States of America, Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or deprivation of liberty for four to nine years.
Pursuant to the amendment to Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine of the States.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal
case is initiated against your automatically within the next 72 hours!
To unlock the computer, you must pay the fine through Moneypak of 200$.
How do I unlock computer using MoneyPak?
1. Find a retail location near you.
2. Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash. A service fee of up to $4,95 will apply.
3. To pay fine, you should enter the digits MoneyPak resulting code in the payment form and press Pay MoneyPak.
When you pay the fine, your PC will get unlocked in 1 to 48 hours after the money is put into the State account. In case an error occurs, you'll have to sens the code by email This e-mail address is being protected from spambots. You need JavaScript enabled to view it (Do not forget to specify IP address)

Other fake message presented in different variant of FBI virus (REloadit):

You have been subjected to violation of Copyright and Related Rights Law (Video. Music, Software) and illegally using or distributing copyrighted contents (files were found in ...). thus infringing Article 1, Section 8. Clause 8. also known as the Copyright of the Criminal Code of United States of America. Article 1. Section 8. Cause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. 2. You have been viewing or distributing prohibited Pornographic contents: (Child Porno photos and etc were found in ...). Thus violating article 202 of the Criminal Codes of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. 3. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the lemon Neglectful Use of Personal Computer. Article 210 of the Criminal Codes provides for a fine of up to $100.000 and or deprivation of liberty for four to nine years. Pursuant to the amendment to Criminal Code of United States of America of May 28, 2011, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine of the States. To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of $300. Payable through REloadit Pack you have to purchase REloadit Pack card and enter the code). Reloadit is available at thousands of locations. including Safeway, Save Mart, and Albertsons. Find a location near you now. How do I add money to my prepaid account using REloadit? Visit the Prepaid Product Section of a REloadit Pack retailer location near you. Purchase a REloadit Pack at the register with cash for the amount you want to load A $3.85 fee will be added to your purchase. When you pay the fine. your PC will be unblocked in 3 to 08 hours after the money is put into the State's account. Please note: Fines may only be paid within 72 hours. As soon as 72 hours elapse, the possibility to pay the fine expires. All you PC data will be detained and criminals procedures will be initiated against you if the fine is not paid!

FBI - Your computer is blocked ransomware removal:

Step 1

Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Log in to the account that is infected with FBI - Your computer is blocked ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.

remover for FBI - Your computer is blocked ransomware

Can't boot in Safe Mode with Networking? (FBI - Your computer is blocked virus blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove FBI - Your computer is blocked ransomware).

If FBI - Your computer is blocked virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:

1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.

3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.

4. Finnaly enter this line: shutdown -r and press ENTER.

5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the ransomware infection and you will be able to download and install recommended anti-spyware software to eliminate this virus from your computer.

6. Download and install recommended anti-spyware software to eliminate this ransomware infection from your computer:

remover for FBI - Your computer is blocked virus

If the newly created user account is also affected by the ransomware infection try doing a System Restore:

1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. When command prompt mode loads enter the following line: cd restore and press ENTER.

3. Next type this line: rstrui.exe and press ENTER.

4. In the opened window click "Next".

5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).

6. In the opened window click "Yes".

7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of FBI virus.

Alternative FBI - Your computer is blocked ransomware removal guide:

If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.

1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.

3. In the command prompt type regedit and press Enter. This will open the registry editor window.

4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of FBI - Your computer is blocked ransomware.

remover for FBI - Your computer is blocked ransomware

If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing FBI - Your computer is blocked ransomware from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.

Anti-spyware programs known to detect and remove FBI - Your computer is blocked ransomware:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.

Manual FBI - Your computer is blocked ransomware removal:

If you were unable to remove FBI - Your computer is blocked ransomware using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these FBI - Your computer is blocked ransomware processes:

random.exe

Delete these FBI - Your computer is blocked ransomware files:

%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk