FBI virus removal for Windows XP

 The FBI Moneypak virus will disable the Windows desktop and replace it with a full screen message that demands money. The message also indicates that you’ve been caught surfing websites that were deemed inappropriate. The alleged fine for surfing inappropriate sites is in the amount of $100 or $200.

FBI Online Agent virus belongs to what we call ‘MoneyPak virus’ which contains FBI virus, Department of Justice virus, United State Cyber Security virus and the Firewall of the United States. ‘FBI Online Agent Has Blocked Your Computer for Security Reason’ warning message demands a $200 MoneyPak payment as a ransom for actions violating laws on copyrighted material to be put on the state’s account, claiming which will unblock the sealed screen in 1 to 48 hours.

If you want expert Virus Removal help, visit us at isupport365

Here are a few ways to get rid of the FBI virus on Windows XP

Method 1: System Restore in Safe Mode with Command Prompt

1.Unplug your network cable and manually turn your computer off.Reboot your computer is “Safe Mode with Command Prompt”. As the computer is booting tap the “F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.

2. Make sure you log in to an account with administrative privileges (login as admin).

3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 2-3 seconds, the FBI virus will take over and will not let you type anymore.

4. If you managed to bring up Windows Explorer you can now browse into:

  • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter

Method 2:System Restore in Safe Mode:

1. Power off and restart your computer. As the computer is booting tap the “F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key.

Once in there, go to Start menu and search for “system restore”. Or you can browse into the Windows Restore folder and run System Restore utility from there:

  • Win XP:C:\windows\system32\restore\rstrui.exe double-click or press Enter

Select Restore to an earlier time or Restore system files… and continue until you get into the System Restore utility.

4. Select a restore point from well before the FBI virus appeared, two weeks should be enough.

5. Restore it. Please note, it can take a long time, so be patient.

6. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).

Method 3: Using MSConfig in Safe Mode:

1. Power off and restart your computer. As the computer is booting tap the “F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key.

Once in there, go to Start menu and search for “msconfig”. Launch the application. If you’re using Windows XP, go to Start then select Run…. Type in “msconfig" and click OK.

3. Select Startup tab. Expand Command column and look for a startup entry that launches randomly named file from %AppData% or %Temp% folders using rundll32.exe. See example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

4. Disable the malicious entry and click OK to save changes.

5. Restart your computer. This time Start Windows normally. Hopefully, you won’t be prompted with a fake FBI screen.

Method 4: Manual removal,Safe Mode (requires registry editing)

1. Unplug your network cable and manually turn your computer off. Reboot your computer in “Safe Mode”. As the computer is booting tap the “F8 key" continuously which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press Enter key.

2. When Windows loads, open up Windows Registry Editor.

Windows XP/2000, go to StartRun… Type “regedit" and hit enter.

In the Registry Editor, click the [+] button to expand the selection. Expand:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Look on the list to the right for any randomly named item. Write down the file location. Then right click the randomly named item and select Delete. Please note that in your case the file name might be different. Close Registry Editor.

Restart your computer into “Normal Mode" and scan the system with legitimate anti-malware software.