HELP Needed for the ol hippie

[old hippie]

Man, I don't know how to describe my prob, but here goes. Comp is a Dell other shit is irrelavant since the sob won't go into my desktop. Boots slowly then get XP logo. Then a white screen comes up and says window will open in 30 sec. Now here's the weird shit. A page comes up and roughly here's a description. There is an "official" DOJ Department of the FBI emblem in top left corner. It proceeds to tell ya there is illegal software being used on this computer. Quoting the law and penalty involved. They then proceed to instruct you how get a Green Dot card for $200 US dollars(not in this century)! I found a fix, but the screen will not go away, thus the comp is locked out. The comp is not mine but it's a good friend of mine and like everybody today he's broke. I found the instructions on how to remove it, but the damn thing getsto the FBI screen and locks the comp up. Any help would be appreciated. :bombabad:

the ol hippie.

 

[ThumperTM]

wow :O

Can you make screenshot please?

 

[alpha1911]

LOL, i just had someone call me with this very same prob, I EVEN THOUGHT THEY WERE JOKING AROUND, but needless to say "its a real virus" LOL

FBI Green Dot Moneypak Virus Symptoms:
FBI Green Dot Moneypak Virus launches itself when computer starts
Computer is completely locked
FBI Green Dot Moneypak Virus ask for fine to unlock
Cannot launch task manger or registry editor
Connects itself to the internet

Here are the removal instructions:

Remove FBI Green Dot Moneypak Virus manually
Posted on September 4, 2012

FBI Green Dot Moneypak Virus is another ransomware under FBI name. It is also known as FBI Moneypak virus. It is been observed when user download media player or free software from infected site this virus get into your machine. Most of these free stuffs providing site has adware or malware infection. When you provide your consent to download such application it just take over your machine. After installing in your machine FBI Green Dot Moneypak Virus changes registry settings and other system settings. It does not let you change registry or launch task manager. It is extremely difficult to remove this virus as it does not let you do anything. It just connects itself to internet and provides your computer information to remote site. There are many software available in the market that can remove this infections. But we believe most efficient way to remove it manually remove it. This virus must be remove immediately before it damage your PC permanently.

How to remove FBI Green Dot Moneypak Virus Steps:

Step 1:
Print out these instructions as you will need to shut down the computer in next step.

Step 2:
Now power down the FBI Green Dot Moneypak Virus infected computer and wait for 30 Seconds before you turn on.

Step 3:
Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU as shown below.

Step 4:
In the WINDOWS ADVANCED OPTIONS MENU, go down to the SAFE MODE WITH NETWORKING using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode. Safe Mode will cause the display and desktop icons to appear changed. This is normal. No need to Panic as it is due to FBI Green Dot Moneypak Virus.

Step 5:
This, FBI Green Dot Moneypak Virus, infection may change computer windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer. We will first need to fix this as we will need to download malware removal utilities. They are safe and very reputed in Computer Industry. Now hold down the WINDOWS key and then press the R key.

Step 6:
The RUN dialog box will appear. Type iexplore.exe In the RUN dialog and click OK button.

Step 7:
You will see Internet Explorer. On the top navigation click TOOLS then under the sub-menu of TOOLS choose INTERNET OPTIONS as shown below.

Step 8:
Now find the CONNECTIONS tab within the INTERNET OPTIONS dialog box and click on it. Then click the LAN SETTINGS button.

Step 9:
If there is a check-mark in the box named “Use a proxy server for your LAN”, under the PROXY SERVER section, then unchecked the box. If there is not a check mark located in the box then you can skip this step and move on to next step.

Step 10:
Now hit the OK button to close the LOCAL AREA NETWORK dialog box. Then press the OK button to close the INTERNET OPTIONS dialog box.

Step 11:
Now we must end all the processes that belong to FBI Green Dot Moneypak Virus so that it does not interfere with your ability clear your computer. Inspector-[random char].exe and Protector-[random char].exe are the processed that needs to be stopped. To do this we need to download Rkill, developed by Bleepingcomputer to help stop the computer process of FBI Green Dot Moneypak Virus. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box.

Step 12:
Now type “iexplore.exe http://www.fixpcyourself.com/rkill.com” and hit the OK button.

Step 13:
Save the Rkill.exe on your desktop. Double-click the Rkill icon and run Rkill.exe. You will see a black MS DOS dialog box. Now it will kill all the processes of FBI Green Dot Moneypak Virus. It will take several minute before a Notepad file containing log information on what Rkill found will open. You may review it and close notepad file.

Step 14:
Now you are ready to removal all the infection related to FBI Green Dot Moneypak Virus. For that you need to use Malwarebytes software. It is a very popular malware and spyware removal application. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box. Type “iexplore.exe http://www.fixpcyourself.com/mbam.exe” and hit the OK button.

Step 15:
Save the mbam.exe on your desktop. Double click the Malwarebytes icon and run mbam.exe. Now the SELECT SETUP LANGUAGE dialog box will appear. Select your preferred language and hit press OK button.

Step 16:
The Malwarebytes SETUP WIZARD will show blow screen Hit the NEXT button to continue.

Step 17:
Now the LICENSE AGREEMENT screen will appear as shown. Accept the agreement and hit NEXT button.

Step 18:
Now the Information screen will appear. Click on next button and continue following the steps.

Step 19:
SELECT DESTINATION LOCATION screen will appear now. You can choose the location where Malwarebytes can be installed. We recommend choosing the default location as shown then click NEXT button.

Step 20:
Now the SELECT START MENU FOLDER screen will appear. Let the default as it is and click NEXT button.

Step 21:
Now the SELECT ADDITIONAL TASKS screen will appear. If you want a Desktop Icon or Quick Launch icon then check appropriate boxes.

Step 22:
READY TO INSTALL screen will come next. Hit the INSTALL button to install Malwarebytes.

Step 23:
In this step let the UPDATE and LAUNCH checked as it is to update the application with latest malware definition to capture all the malwares then click FINISH button.

Step 24:
Once update is done then Scanner screen will launch. Make sure to select PERFORM FULL SCAN is selected to clean up FBI Green Dot Moneypak Virus infection. Click on SCAN button to start the scan.

Step 25:
Now choose the local drives that you want to scan from the dialog box and click SCAN button.

Step 26:
Be patient as the scan will take several minutes before it cleans up FBI Green Dot Moneypak Virus infection. Once the scan is finished, a message box saying the scan is complete will appear. Click OK button to close the box then click SHOW RESULTS button.

Step 27:
From results dialog box choose REMOVE SELECTED button to remove all the infections found. Malwarebytes will also delete all of the files and registry keys affected by FBI Green Dot Moneypak Virus and add them to the quarantine.

Step 28:
Malwarebytes may require you to reboot the PC to complete the removal of FBI Green Dot Moneypak Virus. After completion reboot your computer Malwarebytes will be relaunched, please follow the instructions on the screen and continue the removal process. Once everything is clean out a log will be open created by Malwarebytes. Please reviewed it and closed it. Now your computer should be free of FBI Green Dot Moneypak Virus. Enjoy.

Technical Details of FBI Green Dot Moneypak Virus files :

You may need to delete following FBI Green Dot Moneypak Virus files :

%UserProfile%\Desktop\FBI Green Dot Moneypak Virus.lnk
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%appdata%\[random].exe
%appdata%\[random].dat
%temp%\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Program Files%\FBI Green Dot Moneypak Virus
%CommonStartMenu%\Programs\FBI Green Dot Moneypak Virus.lnk
%Documents and Settings%\[UserName]\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\FBI Green Dot Moneypak Virus
%Documents and Settings%\All Users\Start Menu\Programs\FBI Green Dot Moneypak Virus

Also please check following FBI Green Dot Moneypak Virus registry file:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
HKEY_CURRENT_USER\Software\FBI Green Dot Moneypak Virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBI Green Dot Moneypak Virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe


As URL links are not permitted here, I would suggest you open up google and run a search for, "remove fbi green dot virus" if you wish to investigate this information for yourself - As you might see, your not alone, a few others have encountered this already)

Also as a side note, I would suggest staying away/clear-of using any wonder automatic "removal tools", and just drilling through the manual steps. (´cause god knows what else you might pick up from one of those)

Goodluck & Godspeed (If you run across a problem following the steps, feel free 2 hit me up on here)

Salutations,
Alpha1911

 

[ThumperTM]

Thanks alpha1911!