Share via

ok so i have the FBI virus that is going around and need help getting it off my comp on my own cant afford to get help. can anybody help me.

Anonymous
2012-11-16T05:31:15+00:00

i am running windows 7 if this makes a difference. SOMEBODY PLEASE HELP!!!!!!

Windows for home | Previous Windows versions | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2012-11-16T13:37:59+00:00

    See this :

    http://123seminarsonly.com/Blog/how-to-remove-fbi-moneypak-virus

    To remove this infection you need to start the computer in safe mode.

    After that Delete the FBI MoneyPack Virus Files

    Windows Vista/ 7

    C:\Users{User Profile}\AppData\Local\Microsoft\Windows[Random]\ [Random.exe]

    C:\Users{User Profile}\AppData\Local\Microsoft\Windows\ [Random]

    C:\Program Data\lsass.exe

    C:\Program Data[Random.exe]

    C:\Program Data\csrss.exe

    C:\Users{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe

    Windows Xp

    C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows[Random.exe]

    C:\Documents and Settings\ {User Profile} \Local Settings\Application Data\Microsoft\Windows[Random]

    C:\Documents and Settings{Your User Name}\Start Menu\Programs\Startup\ctfmon.exe

    C:\Windows[Random.exe](eg. Pmfjyiaj.exe)

    MORE IMPORTANT THING DON'T FORGOT TO DELETE ALL THE TEMP FILES ON THE COMPUTER.

    In order to avoid all this type infections from the internet please remove the temporary files from the computer daily. 

    Please use the following method to remove those temporary files.

    1.      Press “Windows” and “R” keys simultaneously on your keyboard.

    1. In the text box in the Run window, type %Temp% and click OK. A folder full of files and other folders will appear.

    All of the folders and files you see in this Temp folder are no longer being used by Windows and can safely be deleted.

    1. To remove individual folders or files, hold down your Ctrl key while left-clicking on each item you want delete. Release the Ctrl key when you're finished.

    To delete these items, hit your Delete key or choose File and then Delete from the menu.

    1. Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
    2. If you'd instead like to remove everything inside the Temp folder, choose Edit and then Select All from the menu.

    Note: If you're prompted that there are hidden files in this folder, just click on OK to bypass the message. A few hidden files hanging out in the Temp folder probably aren't important enough to worry about.

    1. Now that all of the files and folders are selected, hit your Delete key or choose File and then Delete from the menu.
    2. Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
    3. After all of the files have been deleted you can close the window and empty your Recycle Bin, permanently removing the files from your PC.

    Tips:

    1. You may receive a Error Deleting File or Folder message while the files are being deleted. This just means that one of the files is in use by a program right now. Click OK, close all open programs, and repeat the steps above. If you still receive the message, try restarting your PC and repeating the process again.

    Find the step by step removal instructions here.....

    http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

    http://123seminarsonly.com/Blog/how-to-remove-fbi-moneypak-virus

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2012-11-16T12:42:30+00:00

    Hey mariebennettsimons,

    Here are instructions what should you do:

    1. Reboot your PC and when you see the initial screen of the BIOS (white letters on black backgroud) keep pressing (not just holding but press-release-press-release) F8 key on your keyboard.
    2. Pressing F8 continuously at this moment will show you Windows Advanced Startup menu.
    3. Using keyboard arrow key select “Safe Mode With Command Prompt” and press Enter.
    4. When Windows loads, you’ll see Command prompt Window.
    5. Type explorer.exe there and press Enter. This will show your Desktop.
    6. Click on Start, then choose Run, type rstrui and click OK button.
    7. This will open “System Restore” application to you. Please restore your computer’s settings to two or three days back when your computer was still not infected.
    8. When System Restore is finished, please restart your computer, and you should be able to see your Desktop now.
    9. Please, note that you did not remove FBI virus yet! So far you’ve just removed the startup entry of MoneyPak fraud so that it can’t load at startup.

    Now you need to remove its executable files and folders from your computer.

    Windows Vista/ 7

    C:\Program Data\csrss.exe

    C:\Users{Your User Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe

    C:\Users{User Profile}\AppData\Local\Microsoft\Windows[Random character file name]\ [Random character file name].exe

    C:\Users{User Profile}\AppData\Local\Microsoft\Windows\ [Random character file name]

    C:\Program Data\lsass.exe

    C:\Program Data[Random character file name].exe

    0 comments