FBI Moneypak Ransomware

By Domesticus in Ransomware

Translate To:

Threat Scorecard

Threat Level:	70 % (High)
Infected Computers:	2,336

First Seen:	June 25, 2012
Last Seen:	August 30, 2020
OS(es) Affected:	Windows

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam.

The FBI Moneypak ransomware scam will use a Winlocker, that is, a malware infection that locks down Windows, preventing the user from connecting to the infected computer. The FBI Moneypak ransomware message will claim that the FBI has blocked your computer because of the supposed criminal activities mentioned above and threatens to prosecute and block your access to your computer permanently unless you send them money through MoneyPack. It goes on to say that you only have 72 hours to pay before they initiate legal proceedings that could lead to huge fines and possible jail time.

This intrusive message blocks the whole screen and resembles an Internet Explorer window. The FBI Moneypak ransomware message is caused by a Trojan infection that also blocks access to the Windows Task Manager, Command Prompt, Desktop and other components that could potentially help you bypass this intrusive message. Fortunately, the FBI Moneypak ransomware scam is not particularly sophisticated or complicated to remove and, of course, FBI Moneypak ransomware has no relationship with the actual FBI (so you can relax about supposedly being in trouble with the law). The FBI Moneypak ransomware scam is a simple variant of a very common malware scam known as the Ukash Virus. The Ukash Virus mainly targets European computer systems. If you replace 'FBI' with European law enforcement agencies and 'MoneyPack' with Ukash or PaySafeCard, it is the same basic scam.

Table of Contents

Dealing with the FBI Moneypak Ransomware Scam

The FBI Moneypak ransomware is not difficult to remove. In fact, manual removal is simply a matter of removing its associated Windows Registry Entry and associated files. The main problem is gaining access to your computer system in the first place. To do this, ESG security researchers recommend either starting Windows in Safe Mode or from an external memory device. From there, most reliable anti-malware programs should be able to remove the FBI Moneypak ransomware infection with ease.

SpyHunter Detects & Remove FBI Moneypak Ransomware

File System Details

FBI Moneypak Ransomware may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	DircxtX.exe	91ab1ef1099acf3a2dfdca83fdcb6c66	155
Name: DircxtX.exe MD5: 91ab1ef1099acf3a2dfdca83fdcb6c66 Size: 33.79 KB (33792 bytes) Detections: 155 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: October 4, 2017
2.	DircxtX.exe	fba7dd70535d62ccd54139f37eaf40af	103
Name: DircxtX.exe MD5: fba7dd70535d62ccd54139f37eaf40af Size: 171.52 KB (171520 bytes) Detections: 103 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
3.	DircxtX.exe	d62f1f029d1e28de682a78c5ec6d2330	103
Name: DircxtX.exe MD5: d62f1f029d1e28de682a78c5ec6d2330 Size: 46.59 KB (46592 bytes) Detections: 103 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
4.	DircxtX.exe	9463b9b6aefb1efdc9217afbc4b9f817	101
Name: DircxtX.exe MD5: 9463b9b6aefb1efdc9217afbc4b9f817 Size: 171.52 KB (171520 bytes) Detections: 101 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
5.	DircxtX.exe	382228538f35fe948cf87fc76504ead4	98
Name: DircxtX.exe MD5: 382228538f35fe948cf87fc76504ead4 Size: 31.74 KB (31744 bytes) Detections: 98 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
6.	DircxtX.exe	3170abea5566c89f2994138853bdf062	94
Name: DircxtX.exe MD5: 3170abea5566c89f2994138853bdf062 Size: 32.76 KB (32768 bytes) Detections: 94 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: February 12, 2018
7.	DircxtX.exe	a87c6a29eeec8033148fbabce87a778b	88
Name: DircxtX.exe MD5: a87c6a29eeec8033148fbabce87a778b Size: 46.59 KB (46592 bytes) Detections: 88 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 27, 2013
8.	DircxtX.exe	6c8b0f0b260afed47006fd1c3e2f9b3a	85
Name: DircxtX.exe MD5: 6c8b0f0b260afed47006fd1c3e2f9b3a Size: 32.76 KB (32768 bytes) Detections: 85 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
9.	DircxtX.exe	029dc4f169104b486174ca3da1aa4d30	76
Name: DircxtX.exe MD5: 029dc4f169104b486174ca3da1aa4d30 Size: 161.28 KB (161280 bytes) Detections: 76 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
10.	DircxtX.exe	f60da09c81b3cfc500f399a6a46d5af3	72
Name: DircxtX.exe MD5: f60da09c81b3cfc500f399a6a46d5af3 Size: 161.28 KB (161280 bytes) Detections: 72 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
11.	DircxtX.exe	bc3f57f5f9a69e89430c274f1b4006e2	59
Name: DircxtX.exe MD5: bc3f57f5f9a69e89430c274f1b4006e2 Size: 161.28 KB (161280 bytes) Detections: 59 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
12.	DircxtX.exe	671b7a7f2ea3d68d51c37aafc0168681	58
Name: DircxtX.exe MD5: 671b7a7f2ea3d68d51c37aafc0168681 Size: 33.28 KB (33280 bytes) Detections: 58 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
13.	DircxtX.exe	5bb153fe5ffb682359116cc2dd9c6c0d	44
Name: DircxtX.exe MD5: 5bb153fe5ffb682359116cc2dd9c6c0d Size: 161.28 KB (161280 bytes) Detections: 44 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
14.	DircxtX.exe	1574b5ee351a8e8cb498dacdb9d00d2b	38
Name: DircxtX.exe MD5: 1574b5ee351a8e8cb498dacdb9d00d2b Size: 46.59 KB (46592 bytes) Detections: 38 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
15.	DircxtX.exe	a5683de5a30f15d1107a9ef360e6ecf0	36
Name: DircxtX.exe MD5: a5683de5a30f15d1107a9ef360e6ecf0 Size: 161.28 KB (161280 bytes) Detections: 36 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
16.	DircxtX.exe	93219ca71724c04e2f7a3bc57b945c10	36
Name: DircxtX.exe MD5: 93219ca71724c04e2f7a3bc57b945c10 Size: 161.28 KB (161280 bytes) Detections: 36 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
17.	DircxtX.exe	58ceb75f4fdafc5e15c2bb84a31849f7	29
Name: DircxtX.exe MD5: 58ceb75f4fdafc5e15c2bb84a31849f7 Size: 161.28 KB (161280 bytes) Detections: 29 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
18.	DircxtX.exe	4c6c31a825d94b0a43011fadbfe53323	28
Name: DircxtX.exe MD5: 4c6c31a825d94b0a43011fadbfe53323 Size: 32.76 KB (32768 bytes) Detections: 28 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
19.	DircxtX.exe	b4b0a0133cc0d968f2e992214dcd0a37	19
Name: DircxtX.exe MD5: b4b0a0133cc0d968f2e992214dcd0a37 Size: 161.28 KB (161280 bytes) Detections: 19 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
20.	DircxtX.exe	fd03a1e189eeac3e25306348f2819155	10
Name: DircxtX.exe MD5: fd03a1e189eeac3e25306348f2819155 Size: 161.28 KB (161280 bytes) Detections: 10 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
21.	DircxtX.exe	5af1b3a43c30dfe34aeb4f55a21bcb99	10
Name: DircxtX.exe MD5: 5af1b3a43c30dfe34aeb4f55a21bcb99 Size: 46.59 KB (46592 bytes) Detections: 10 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
22.	DircxtX.exe	18768d91b5fd19893922da79f6c08e69	10
Name: DircxtX.exe MD5: 18768d91b5fd19893922da79f6c08e69 Size: 32.76 KB (32768 bytes) Detections: 10 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
23.	DircxtX.exe	014c0413a5c7fdf37a0b14290391a059	6
Name: DircxtX.exe MD5: 014c0413a5c7fdf37a0b14290391a059 Size: 160.25 KB (160256 bytes) Detections: 6 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
24.	DircxtX.exe	6cfef1c7043c5a5bbfc3756209bead26	5
Name: DircxtX.exe MD5: 6cfef1c7043c5a5bbfc3756209bead26 Size: 32.76 KB (32768 bytes) Detections: 5 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Templates Group: Malware file Last Updated: November 29, 2013
25.	2HMwR.com	e6be886e4733b8dd55fe61465479a1aa	1
Name: 2HMwR.com MD5: e6be886e4733b8dd55fe61465479a1aa Size: 405.5 KB (405504 bytes) Detections: 1 Type: Command, executable file Path: %WINDIR%\Fonts Group: Malware file Last Updated: December 4, 2013
26.	%TEMP%\0_0u_l.exe
Name: %TEMP%\0_0u_l.exe Type: Executable File Group: Malware file
27.	%StartupFolder%\ch810.exe
Name: %StartupFolder%\ch810.exe Type: Executable File Group: Malware file
28.	%APPDATA%\jork_0_typ_col.exe
Name: %APPDATA%\jork_0_typ_col.exe Type: Executable File Group: Malware file
29.	tpl_0_c.exe
Name: tpl_0_c.exe Type: Executable File Group: Malware file
30.	%WINDIR%\system32\0_0u_l.exe
Name: %WINDIR%\system32\0_0u_l.exe Type: Executable File Group: Malware file
31.	%Temp%\[RANDOM].exe
Name: %Temp%\[RANDOM].exe Type: Executable File Group: Malware file
32.	%StartupFolder%\wpbt0.dll
Name: %StartupFolder%\wpbt0.dll Type: Dynamic link library Group: Malware file
33.	V.class
Name: V.class Group: Malware file
34.	WARNING.txt
Name: WARNING.txt Group: Malware file
35.	%StartupFolder%\ctfmon.lnk
Name: %StartupFolder%\ctfmon.lnk Type: Shortcut Group: Malware file
36.	style.bmp	799eaf32967b1cec037546b5dc087510	0
Name: style.bmp MD5: 799eaf32967b1cec037546b5dc087510 Size: 2.25 MB (2250054 bytes) Detections: 0 Path: %appdata%\Microsoft\Windows\Templates Group: Malware file Last Updated: January 16, 2018
37.	style.jpg	30c8ac2e6e077f1a7f88e5807285e2ba	0
Name: style.jpg MD5: 30c8ac2e6e077f1a7f88e5807285e2ba Size: 350.79 KB (350795 bytes) Detections: 0 Path: %appdata%\Microsoft\Windows\Templates Group: Malware file Last Updated: January 16, 2018

More files

Registry Details

FBI Moneypak Ransomware may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

cconf.txt.enc

%AppData%\vsdsrv32.exe

9 Comments

Chris Parsons 11 years ago Reply

Not a funny story, but I was threatend by the IRS once and this FBI warning seriously had my blood presure up. Glad to know it is a fake.

Tim Downey 11 years ago Reply

issue solved... the spyhunter detection scanner found several threats and trojans. after removing, my internet explorer no longer redirects to the fake fbi site. thanks guys. you rock.

Donny Dowes 11 years ago Reply

this FBI ransom thing is not allowing me to use IE for some sites. I think it has changed my IP settings. How do you change them back?

Barbara 8 years ago Reply

I have a FBI malware virus in my cell phone

Connor Dembrowicz 8 years ago Reply

It got on my Samsung Nook! what do i do to remove it?

Tiffany Paige 8 years ago Reply

FBI message on my galaxy tab 3

Alan Thompson 8 years ago Reply

I have been hit by ransomware on numerous occasions. My solution is to KILL the power by pressing and holding the power button or unplugging the computer. Do NOT shut down the computer using Windows shutdown process.

Robert harris 7 years ago Reply

I got a kindle fire model number D01400 and it has the fbi virus and I can find nothing to help get rid of it all the videos I seen to get rid of the virus it say to hold down vloume button but the kindle I have only has a power button on it I need help

Lonnie 6 years ago Reply

My fire popped up fbi locked tryed hard reboot with no luck help

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

FBI Moneypak Ransomware

Threat Scorecard

EnigmaSoft Threat Scorecard

Dealing with the FBI Moneypak Ransomware Scam

SpyHunter Detects & Remove FBI Moneypak Ransomware

File System Details

Registry Details

9 Comments

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen