Removing FBI Moneypak/Interpol/Mandiant/Cyber Security virus from your computer

This is a type of threat, known as ransomware, which displays alerts that keep asking you to send money to unlock your computer. A ransomware restricts access to the computer and demands a ransom to be paid to the creator of the threat to use the computer. The threat instructs the user to send money by Moneypak or uKash depending on the region.

These threats try to trick you into sending money by making you think that your computer is no longer accessible.

To remove these threats from your computer, perform the following steps.

STEP 1

Restart your computer in Safe Mode with Command Prompt

1. Restart the computer.
2. As soon as the computer starts, begin to tap the F8 key until the boot menu appears.
3. In the Advanced Boot Options menu, use the arrow keys on the keyboard to select Safe mode with Command Prompt.
4. Press Enter.
5. In the cmd.exe window, type in the following text, and then press Enter.
   net user norton norton /add
   This creates a new user profile norton with password norton.
6. Type in the following text in the next line, and then press Enter.
   net localgroup administrators norton /add
   This enables administrator access to the newly created profile norton.

STEP 2

Restart your computer in Safe mode with Networking

1. Restart the computer.
2. As soon as the computer starts, begin to tap the F8 key until the boot menu appears.
3. In the Advanced Boot Options menu, use the arrow keys on the keyboard to select Safe mode with Networking.
4. Press Enter.
   If you are prompted, log on as administrator created in Step 1.

STEP 3

Download and run Norton Power Eraser - Reputation Scan

1. Download Norton Power Eraser.
2. Click Save.
3. Select the location as Desktop, and then click Save.
4. To run Norton Power Eraser, double-click the NPE.exe file.
5. Read the license agreement, and click Accept.
6. In the Norton Power Eraser window, click the Advanced Options icon.
7. In the Advanced window, next to Reputation Scan, click Scan Now.
8. In the Select a scan type window, click Scan a Folder.
9. In the Browse for Folder window, depending on your version of Windows, do one of the following:
   • For Windows 8/7/Vista: Navigate to Computer > Local Disk (C:) and select the Users folder.
   • For Windows XP: Navigate to Computer > Local Disk (C:) > Documents and Settings and select Administrator and All Usersfolders.
     Perform the Reputation Scan for the Administrator folder and then for All Users folder.
10. Click OK to start the Reputation Scan.
11. In the Scan Complete window, click Fix Now to repair any detected files.
12. Restart the computer.

STEP 4

Restart your computer in Safe mode with Networking

1. As soon as the computer starts, begin to tap the F8 key until the boot menu appears.
2. In the Advanced Boot Options menu, use the arrow keys on the keyboard to select Safe mode with Networking.
3. Press Enter.
   If you are prompted, log on as administrator created in Step 1.

STEP 5

Run Norton Power Eraser Scan

1. Double-click the NPE.exe file.
2. Read the license agreement, and click Accept.
3. In the Norton Power Eraser window, click the Scan for Risks icon.
4. By default, Norton Power Eraser performs a Rootkit scan and requires a system restart. When you see a prompt to restart the computer, click Restart Now.
5. If you are prompted, log on as administrator created in Step 1.
6. The scan starts automatically.
   Wait for the scan to complete.
7. Follow the on-screen instructions to remove the bad files.
8. Restart the computer in normal mode.

STEP 6

Delete the user account

You can delete the user account created in Step 1, unless you want to continue using it.
1. Press the Windows + R keys to open the Run dialog box.
2. Type in the following text, and then press Enter.
   cmd
   If the User Account Control window appears, click Continue.
3. In the cmd.exe window, type in the following text, and then press Enter.
   net user test /delete
   This deletes the user profile TEST.
4. Restart the computer.