The FBI Moneypak virus has many aliases like the FBI virus, FBI Green Dot Moneypak virus, Citadel and Reveton. It is similar to a ransom-ware Trojan that locks up an infected user’s computer.
http://www.isupport365.com/services/fbi-virus-removal.html
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Fbi virus removal isupport365
1. Call 1 8 00 8 33 008 9 o r
FREE
DIAGNOS TICS
Home
Services
Subscriptions
How it works
NO FIX
NO PAY
What we fix
MONEY B ACK
GUARANTEE
About us
Chat Online
THE HIGHES T RATED
Te c h S upport Com pa ny In Am e ric a !
Contact us
We can solve
all your computer problems
Instantly with no risk and a money-back guarantee! See for
yourself how we are setting new standards in the tech
support industry.
iSuppo rt365.co m > iSuppo rt Services > FBI Virus Remo val
FBI Virus Removal
Only
$29.99
The FBI Moneypak virus has many aliases like the FBI virus, FBI Green Dot Moneypak virus, Citadel
and Reveton. It is similar to a ransom-ware Trojan that locks up an infected user’s computer. This
malware is delivered by the Blackhole exploit kit and displays a ransom-ware page while claiming to be
a legal action page from the U.S. Federal Bureau of Investigation (FBI). The malware locks up the
machine and demands payment of $100 or $200 to unlock it. It also disables task manager and the
registry editor. The page states that the machine is violating copyright and related laws such as video,
music, software and illegally using or distributing copyright content, viewing or distributing prohibited
pornographic content and that the machine is infected with malware and demands a payment of
$100 or $200 through an untraceable money transfer. This is yet another example of ransom-ware or
ISUPPORT365 IS AN INDEPENDENT SERVICE
PROVIDER OF REMOTE TECH SUPPORT FOR
THIRD PARTY PRODUCTS. ISUPPORT365
HEREBY DISCLAIMS ANY SPONSORSHIP OR
AFFILIATION FROM USE OF SUCH THIRD PARTY
PRODUCTS, TRADEMARKS, PRODUCTS AND
SERVICES. ISUPPORT365 RECOMMENDS THE
FOLLOWING DISCLAIMER BE READ.
FREE DIAGNOSTICS
social engineering tactics to exploit Windows users.
Get to the bo tto m o f the pro blem with a
FREE DIAGNOSTICS!
The fraudulent FBI page shows fake claims such as follows:
Call 1 8 00 8 33 008 9 o r Click here to chat with
o ur suppo rt engineers NOW!
Attention! Your PC is blocked due to at least one of the reasons specified below:
It's as simple as 1-2-3!
You have been violating Copyright and related rights Law (Video, Music,Software) and illegally
When yo u call o r click:
using or distributing copyrighted content, thus infringing Article I, Section 8, clause 8, also
known as the Copyright of the Criminal Code of United States of America.
You have been viewing or distributing prohibited pornographic content (Child
Pornography/Zoofilia). Thus violating article 202 of the Criminal Code of United States of
America. Article 202 of the criminal provides for deprivation of liberty for two or twelve yours.
1. Yo u're co nnected with a Tech Expert
who will...
2. Identify and diagno se the pro blem
remo tely and will...
3. Reco mmend a so lutio n
Illegal access to computer data has been initiated from your PC,or you have been. Article 210
of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for
four to nine years.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the
possibility to pay the fine expires, and a criminal case is initiated against you automatically
within the next 72 hours!
Here is another example:
All activity of this computer has been recorded.
If you use a webcam, videos and pictures were saved for identification.You can be clearly
identified by resolving your IP address and the associated hostname.Your computer has been
locked! Illegally downloaded materials (MP3’s, Movies or Software) have been located on your
computer.By downloading, those were reproduced, thereby involving a criminal offense under
Section 106 of the Copyright Act.
The downloading of copyrighted material via the Internet or music-sharing networks is illegal
and is in accordance with Section 106 of the Copyright Act subject to a fine of imprisonment
for a penalty of up to 3 years.
Furthermore, possession of illegally downloaded material is punishable under Section 184
paragraph 3 of the Criminal Code and may also lead to the confiscation of the computer, with
SPEAK TO
A CERTIFIED TECHNICIAN
ALEX
24 09 cases
2. which the files were downloaded.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a
release fee of $200. Payable through GreenDot Moneypak. After successful payment, your
computer will be automatically unlocked. Failure to adhere to this request could involve criminal
charges and possible imprisonment. To perform the payment, enter the acquired GreenDot
Moneypak code in the designated payment field and press the “Submit” button.
The ransom-ware instructs victims to pay their “fine” with a MoneyPak card, which can be purchased
from any of the following well-known U.S. retail chain stores such as Rite Aid, Walmart, Walgreens,
CVS/Pharmacy, Kmart, and 7-Eleven. MoneyPak is a payment system that allows users to “replenish”
the card by paying at an approved partner site and then use it to pay other merchants.
Processes created by FBI Moneypak virus
The following malicious processes are started:
tpl_0_c.exe
ch810.exe
0_0u_l.exe
[random].exe
jork_0_typ_col.exe
vsdsrv32.exe
Protector-[rnd].exe
Inspector-[rnd].exe
The following registry values are created:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun[random].exe
HKEY_LOCAL_MACHINESOFTWAREFBI Moneypak
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
‘DisableRegistryTools’ = 0
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
‘EnableLUA’ = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings
‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
‘DisableRegedit’= 0
HKEY_CURRENT_USERSoftwareFBI Moneypak
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ‘Inspector’
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFBI
Moneypak
HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
‘DisableTaskMgr’ = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunInspector
%AppData%Protector-[rnd].exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet
SettingsWarnOnHTTPSToHTTPRedirect 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsID 4
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsUID [rnd]
KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsnet [date of
installation]
KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
“DisableRegistryTools” = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
“DisableTaskMgr” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
“ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
“ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
“EnableLUA” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File
Execution Options_avp32.exeDebugger svchost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File
3. Execution Options_avpcc.exeDebugger svchost.exe
… and numerous more Image File Execution Options entries to block execution of executable files and
legitimate security software.
DLLs registered by FBI Moneypak virus:
The following DLLs are registered:
wpbt0.dll
Files and folders created by FBI Moneypak virus:
The following files and folders are created in the filesystem:
%Program Files%FBI Moneypak
%AppData%Protector-[rnd].exe
%AppData%Inspector-[rnd].exe
%AppData%vsdsrv32.exe
%AppData%result.db
%AppData%jork_0_typ_col.exe
%appdata%[random].exe
%Windows%system32[random].exe
%Documents and Settings%[UserName]Application Data[random].exe
%Documents and Settings%[UserName]Desktop[random].lnk
%Documents and Settings%All UsersApplication DataFBI Moneypak
%CommonStartMenu%ProgramsFBI Moneypak.lnk
%Temp%0_0u_l.exe
%Temp%[random].exe
%StartupFolder%wpbt0.dll
%StartupFolder%ctfmon.lnk
%StartupFolder%ch810.exe
%UserProfile%DesktopFBI Moneypak.lnk
WARNING.txt
V.class
cconf.txt.enc
tpl_0_c.exe
Removal steps
If the infected PC has multiple user accounts and if one such account has administrator privileges,
then you can launch an anti-virus or anti-malware program to scan and remove the FBI Moneypak
virus.
1. Open Windows Start Menu, and enter %appdata% into the search field, then click “Enter”.
2. Go to “MicrosoftWindowsStart MenuProgramsStartup”
3. Remove ctfmon.lnk (this is not same as ctfmon.exe, which is a legitimate system file).
4. Again open Windows Start Menu, and enter %userprofile% into the search field, then click “Enter”.
5. Go to “AppdataLocalTemp” and remove “rool0_pk.exe”
6. Also delete “[random characters].mof” and “V.class” files.
7. Run a full system scan with an updated version of your anti-virus or anti-malwre program to
remove any remaining entries related to the FBI Moneypak virus.
If the above steps do not work or are not allowed by the malware, then try the following steps
described below:
1. Restart the infected PC and press F8 while it is restarting.
2. Choose safe mode with networking.
3. Launch “MSConfig” by opening Windows start menu and entering “msconfig” in the search filed.
4. Disable startup items launched by rundll32 from Application Data folder.
5. Restart the PC and scan with your updated anti-virus or anti-malware program.
These steps are a sure way to rid your PC of the FBI Moneypak virus. Although simple, it can
sometimes cause unexpected hurdles during the process, which can be cleared by professional
experts. Remote technicians like iSupport365 are here to assist you 24/7 with any virus removal
issues you may need help with, within a price range you can afford.