We draw the attention of our users to the fact that ransomware type of computer infection is very severe today and thus attacks quite a large number of PCs in the world. The United States of America is nowadays being actively targeted by the infection that locks the desktop of the infected computer. It is called by some as FBI virus, but, of course, this Trojan is not associated with the Federal Bureau of Investigation. Nevertheless, this malware is very persistent and has already deceived the large number of US residents. We regret about this fact and want to urge others not to step into this trap made by online hackers and cyber fraudsters.
GreenDot is a good payment processing company, and MoneyPak is one of its excellent services. MoneyPak is a “cash top-up card”. As soon as you obtain it at a participating retailer with cash, you can use it to reload prepaid cards, add money to a PayPal or Serve accounts without using a bank account, or make same-day payments to major companies. Unfortunately, hackers use this method of payment for their own evil purposes. In fact, they actively integrate MoneyPak facility with the ransomware program they developed. Thus, when the scary ransomware message allegedly from FBI appears and locks the PC entirely, the fraudsters want users to pay certain amount of funds in their favor with application of MoneyPak service. Of course, this ransomware allegedly from FBI isn’t associated with FBI or GreenDot MoneyPak, but this is what users tend to believe in when then see such a scary notification on their computers. Without a doubt, this is a persistent and serious infection that keeps attacking thousands of computers primarily in the United States of America and Canada. You need to know the whole truth about this serious infection and how to deal with it.
In order to unlock the PC infected with FBI GreenDot MoneyPak virus you need to undertake certain manual steps first, before running our recommended software. By the way, there are several versions of this FBI Greendot MoneyPak infection, and you need to know how to deal with them in each specific case. Below please find the detailed information on how to resolve this problem.
Ransomware removal solution:
- Launch your PC in the safe mode with command prompt.
- Do the next commands:
- Run the registry editor regedit.exe
- In the registry editor:
- Now restart your PC. Enter the following combination shutdown -r -t 0 in the command line.
– reg delete hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f
– reg delete hklm\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f
remove the parameter NoDesktop from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
remove the parameter DisableTaskMgr from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Set the parameter 0 for HideIcons in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Set explorer.exe for Shell in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
remove the parameter Shell from HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
find the parameter with the random name in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and copy its name to the clipboard – and search in HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
If the parameter is found remove the full entry
remove the file, indicated in the parameter with the random name. To do this, enter the following combination del /f /q “parameter value” in the command line.
remove the parameter with the random name in the registry entries
If all above-stipulated steps are done the ransomware should be neutralized. Now it is a high time to check your PC for other malicious objects presence, because they can be hidden deeply in the system. Install GridinSoft Trojan Killer and run full scan with it. Make sure to update the program before you run it. Then, when the scan has been completed, remove all infections it finds and reboot your system. If you have difficulties deleting the viruses please contact us via support channels available at this site.