FBI Cybercrime Division "Your PC is Blocked" (MoneyPak or MoneyGram Virus) - how to remove?
FBI Cybercrime Division message which blocks computer user's screen and states that this block was applied for illegally downloading music and video files is a scam - it's a ransomware infections developed by Cyber criminals. In reality neither FBI nor International Cyber Security Protection Alliance has nothing to do with this message, computer users should realize that none of authorities around the world are using such messages (which locks computer's screen) to collect fines for any law violations. FBI Cybercrime Division ransomware is asking to pay a fine of $300 to unlock one's PC, notice that paying this fine equals to sending your money to Cyber criminals - there is no guarantees that you computer will be unlocked.
This particular screen locker originates from a family called Urausy and is targeted at PC users from USA, notice that are many other versions of this ransomware which targets other countries. For example if a computer users from Australia would get his PC infected with this ransomware, it would appear as it came from Australian Federal Police (Cyber criminals exploits the names and graphics of local authorities). Such ransomware localisation is possible by determining the IP address of the computer that is being infiltrated. If you see a message from FBI Cybercrime Division blocking your computer's screen you can be sure that your PC is infected with a ransomware infection.
Update April 29, 2013: A new ransomware virus was discovered exploiting the names of FBI Cybercrime Division and ICSPA ("Your computer has been locked and all your data were encrypted"):
FBI Cybercrime Division scam is being distributed using drive-by downloads and Trojans - notice that there is a delay between the actual infection and the time when computer user's screen gets blocked (about 5 minutes), this makes it more complicated to determine what actually caused this infection. To protect one's PC from such ransomware infections users should keep their operating system and all of the installed software up-to-date, furthermore one should always use legitimate antivirus and anti-spyware software. If your computer is already infiltrated with FBI Cybercrime Division ransomware - use this removal guide to eliminate this scam from your PC.
Fake message shown in FBI Cybercrime Division (PC blocked) MoneyPak virus:
ATTENTION! Your PC is blocked due at least one of the reasons specified below. You have been violating Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America. Article 2, Section I, Clause 2 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been...
Article 2, Section 1, Clause 8 of the Criminal Code provides for a fine of up to 5200,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 2, Section 1, Clause 1 of the Criminal Code provides for a fine of up to 5200,000 and/or deprivation of liberty for 4 to 9 years.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 2, Section 1, Clause 2 of the Criminal Code provides for a fine of up to 5500,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned Article 2, Section 1, Clause 1 of the Criminal Code of United States of America.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of United States of America of February 05, 2013, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours! To unblock the computer you must pay the fine through MoneyPak of $300. When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State's account.
Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.
FBI Cybercrime Division (PC blocked) MoneyPak virus removal:
Step 1
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Step 2
Log in to the account that is infected with FBI Cybercrime Division (PC blocked) MoneyPak virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
remover for FBI Cybercrime Division (PC blocked) MoneyPak virus
Can't boot in Safe Mode with Networking? (FBI Cybercrime Division (PC blocked) MoneyPak virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove FBI "Your computer has been locked" ransomware).
If FBI Cybercrime Division (PC blocked) MoneyPak scam also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
4. Finnaly enter this line: shutdown -r and press ENTER.
5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the ransomware infection and you will be able to download and install recommended anti-spyware software to eliminate this virus from your computer.
6. Download and install recommended anti-spyware software to eliminate this ransomware infection from your computer:
remover for FBI Cybercrime Division (PC blocked) MoneyPak virus
If the newly created user account is also affected by the ransomware infection try doing a System Restore:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of FBI Cybercrime Division (PC blocked) MoneyPak ransomware.
Other methods which can be used to eliminate this ransomware infection from your PC:
Remove FBI Cybercrime Division ransomware using a Rescue Disk.
Manual FBI Cybercrime Division scam removal:
If you were unable to remove FBI Cybercrime Division scam using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these FBI Cybercrime Division virus processes:
random.exe
Delete these FBI Cybercrime Division virus files:
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk
Comments
Agreed. I almost threw it out the window aymnd told my husband someone stole it! God damn! Then I found the steps :) yes!