The FBI CyberCrime Division MoneyPak ransom is a computer virus, which locks your computer and displays a notification from theFederal Bureau of Investigation which states that you have been associated with child pornography sites or other illegal online activity, and demands the payment of a $300 fine in the form of a MoneyPak voucher.
The FBI CyberCrime Division virus is described as drive-by malware because unlike many viruses, which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of United States of America law, thus rendering the computer unusable.
The bogus message goes on to say that the user’s Internet address was identified by the FBI CyberCrime Division as having been associated with child pornography sites, using unlicensed software, or sharing copyrighted files.
To unlock their machines, users are required to pay a fine of $300 using a MoneyPak card service within 48 hours to gain access to your computer again. Paying the “fine” will not necessarily return your computer to a usable state, so this is not advisable.
If your computer is infected with FBI CyberCrime Division virus, you’ll see the following lock screen:
The text of the FBI CyberCrime Division alert is:
FBI CyberCrime Division
ATTENTION! Your PC is blocked due at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years. You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc).
Thus violating Article 2, Section 1, Clause 2 of the Criminal Code of United States of America. Article 2, Section I, Clause 2 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been…
Article 2, Section 1, Clause 8 of the Criminal Code provides for a fine of up to 5200,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 2, Section 1, Clause 1 of the Criminal Code provides for a fine of up to 5200,000 and/or deprivation of liberty for 4 to 9 years. Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware. Article 2, Section 1, Clause 2 of the Criminal Code provides for a fine of up to 5500,000 and a deprivation of liberty of up to 6 years. I
n case this activity has been effected without your knowledge, you fall under the above mentioned Article 2, Section 1, Clause 1 of the Criminal Code of United States of America.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of United States of America of May 05, 2013, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State. Fines may only be paid within 72 hours after the infringement.
As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!
To unblock the computer you must pay the fine through MoneyPak of $300.
When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State’s account. Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.
It is important to remember that this is a computer infection and not an actual alert from the FBI CyberCrime Division. Therefore, ignore anything it displays and instead use the removal guide below to remove the FBI CyberCrime Division ransomware from your computer.
FBI CyberCrime Division – Virus Removal Guide
The FBI CyberCrime Division MoneyPak virus can be removed by using either System Restore from Safe Mode with Command Prompt (Option 1), or if this infection will not allow you to start your computer in Safe Mode, then we can use HitmanPro KickStart (Option 2).
OPTION 1: Remove FBI CyberCrime Division virus with System Restore
The FBI CyberCrime Division virus, will prevent you from starting your regular Windows session or boot into Safe Mode with Networking, however this trojan will allow not deliver its payload when booting into Safe Mode with Command Prompt.
STEP 1: Restore your computer to a previous date to remove FBI CyberCrime Division lock screen virus
In this first step, we will try to boot your computer in Safe Mode with Networking, and from there, we will perform restore your computer files and settings to a previous date.
- To get started with Safe Mode with Command Prompt, turn off your computer. As soon as you press the power button, begin tapping the F8 key multiple times to open the Boot Menu.
- Using your arrow keys, highlight Safe Mode with Command Prompt, and select Enter.
- Allow Windows time to load the necessary processes, and very soon you’ll see a full screen command prompt window as I showed you before.
If you are using Windows XP, you’ll need to enter %systemroot%\system32\restore\rstrui.exe and press Enter.
However, if your computer is Windows Vista,7 or 8, it’s a little bit easier. Simply type rstrui.exe and press Enter.
- System Restore will open and you’ll need to select a restore point prior to when your computer was infected with FBI CyberCrime Division virus.
STEP 2: Scan your computer for FBI CyberCrime Division virus
Even after performing a System Restore to a previous date, there might be some left over files from this FBI CyberCrime Division virus infection. Therefore, we will perform a system scan with Malwarebytes Anti-Malware and HitmanPro, to check for any infections that might be present on your machine.
Run a computer scan with Malwarebytes Anti-Malware to remove FBI CyberCrime Division virus
To remove the FBI CyberCrime Division malicious files we will be using Malwarebytes Anti-Malware Free, a powerful on-demand scanner which can detect and remove this infection.
- Download the latest official version of Malwarebytes Anti-Malware Free.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
- After you have downloaded Malwarebytes Anti-Malware,double click on mbam-setup.exe file to start the installation process and then follow the prompts to install this product. When the program has finished installing, make sure you leave both the Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware check, then click on the Finish button.
- On the Scanner tab, select Perform quick scan and then click on the Scanbutton to start scanning your computer for any possible infections.
- Malwarebytes’ Anti-Malware will now start scanning your computer for FBI CyberCrime Division malicious files as shown below.
- When the scan is finished a message box will appear, click OK to continue.
- You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has found on your computer.
Make sure all the infected objects are Checked (Ticked) for removal and then click on the Remove Selected button to remove them.
Run a computer scan with HitmanPro to remove FBI CyberCrime Division virus
HitmanPro is a cloud on-demand scanner, that uploads unknown files to the a scan sloud where are analyzed using the anti-virus programs of 5 different vendors (Bitdefender, Emsisoft, G-Data, IKARUS and Dr. Web).
- You can download the latest official version of HitmanPro from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
- Double click on the HitmanPro.exe file to start the HitmanPro and then follow the prompts to start a system scan with this program.
- HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take anywhere from 5 to 10 minutes.
- Once the scan is complete,a screen displaying all the malicious files that the program has found will be shown as seen in the image below.After reviewing each malicious object click Next.
- Click Activate free license to start the free 30 days trial and remove FBI CyberCrime Division virus.
- HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
OPTION 2: Remove FBI CyberCrime Division virus with HitmanPro KickStart
As the FBI CyberCrime Division Ransomware infection locks you out of your computer, you will need to create a bootable USB drive that contains the HitmanPro.Kickstart program. We will then boot your computer using this bootable USB drive and use it to clean the infection so that you are able to access Windows normally again.
You will also need a USB drive, which will have all of its data erased and will then be formatted. Therefore, only use a USB drive that does not contain any data that you need. This USB drive must also have a size of at least 32 MB.
- Download HitmanPro KickStart on a clean computer from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro KickStart)
- Once the USB drive is attached to your computer, double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows), then click on the little picture of the person performing a kick.
- In the next screen, select the USB drive that you would like to use and then click on the Install Kickstart button.
- Now remove the HitmanPro Kickstart USB drive and insert it into the infected computer.
- Once it is inserted, turn off the infected computer and then turn it on. As soon as you power it on, look for text on the screen that tells you how to access the boot menu. This text will typically contain a key that they want you to press on your keyboard in order select the device you wish to use to boot your computer. The keys that are commonly associated with enabling the boot menu are F8, F11 or F12.
Once you determine the proper key that you need to press to access the Boot Menu, restart your computer again and start immediately tapping that key. Once the boot menu appears, you can select the device you wish to boot your computer from. Select the USB drive that you have installed HitmanPro.Kickstart on and that is inserted into the infected computer.
- When your computer will load from the HitmanPro Kickstart USB, you will be presented with a screen asking you to select the USB boot options you wish to use.
At this screen, please press 1 (Bypass Master Boot Record) on your keyboard and you will see that Windows begins to start normally.
- When Windows starts, you should login as normal and you will once again see the FBI CyberCrime Division screen locker. After about 15-20 seconds, the HitmanPro window will appear on top of the FBI CyberCrime Division virus, and you’ll need to click on Next button to install this on-demand scanner.
- When HitmanPro has completed it’s scan, click on the Next button, then click on Activate free license to remove FBI CyberCrime Division virus.
The FBI CyberCrime Division virus should now be gone from your computer. Stay safe!