Removing the FBI MoneyPak Virus

The FBI MoneyPak virus is a form of ransomware that tricks unsuspecting victims into paying large sums of money ($200 at the time of this article's writing).



Method of Infection:

A major method of infection employed by this virus is through the cool exploit kit which utilizes flaws in the Java Virtual Machine in Windows in order to drop files onto the computer on which it is run.

Virus Payload:

This virus will lock your computer and display a payload similar to the following:

FBI MoneyPak Virus Payload

This payload will attempt to trick the victim into believing that they have broken one of the listed laws and will be arrested if they do not pay the fine.

First of all, if you ever do get a virus like this, DO NOT PAY THE FINE!  You haven't broken any laws and this is just a means for some low-life scum to make a quick buck rather than getting an actual job and benefiting society.

Removal of Virus:

The removal of this virus is pretty straightforward.  You will need to reboot your computer then repeatedly press F8.  If you cannot load the alternate boot menu in this way, unplug the computer when the screen goes black and the Windows XP logo is the only thing on screen while it is booting.  Once you are at the menu, select Safe Mode and let it complete the booting process.

Windows XP Alternate Boot Menu

After it finishes booting, the desktop should look like the following:

At this point there are two files to remove.  In order to do this, press the Windows key(the key with the flag on it) and press R at the same time. Type cmd and press enter.  After the command prompt has loaded, type the following into it:

cd %temp%

del wlsidten.dll

After this, close the command prompt and delete start->all programs->startup->ctfmon

Now you should be able to reboot your computer and use it normally.  I strongly recommend scanning your computer with some antivirus software after this to ensure that the virus did not cause any damage that I did not notice.