ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web


Updated on December 23, 2012

And they want $200 or else!!!!

Last Tuesday my computer stopped working. I was nearly finished with an article that took me nearly five hours to write and perfect when the word pad and web browser disappeared. For a moment all I saw was the desk top with the icons missing. Then the screen went white. And a few seconds later a message popped up which had the official FBI logo announcing that my computer has been locked because it contained illegally downloaded files. This was followed by my IP Address with the claim they used it to trace my computer. Then instructions telling me that there was a $200 fine for illegally downloading copyrighted material, and If I paid the fine by Pay Pal or via credit card then my computer would be unlocked. If I did not pay the fine then the F.B.I. would take further action, including the confiscation of my computer. I had 48 hours to pay the fine, otherwise the F.B.I. would initiate a full criminal case against me leading to imprisonment. This was then followed by instructions to take cash to a retail outlet that sold moneypaks and buy a $200 account, then submit the account code through a link on the block page.

There was a brief moment when I feared the message was legit, followed almost immediately by doubt, then on reflection realizing it was a hoax. A hoax that locked my computer, but could not be the F.B.I. Within minutes I was able to unblock the computer, something it turns out no one else has been able to do with this current Moneypak virus. I'll get to how I did that in a moment.

I did not have any pirated material in my computer the day the virus kicked in. There was nothing for the F.B.I. to scan. Sure, I had downloaded the odd file in the past. But I prefer owning the store bought original of any release, even buying out of print copies on EBay at some inflated price rather than burning a pirated download of the same quality. My computer has been clean of anything pirated for more than a year, probably longer. It is possible that some traces of pirated files still exist long after they were deleted, but nothing in my registry. Aside from that, I know that it is illegal for the F.B.I. or anyone else to scan my computer without my consent. If the F.B.I. wants to scan my computer then they would need a court order for a search warrant, and then would need to present it to me prior to performing the scan. And once they had the warrant they would most likely confiscate my computer and scan the entire hard drive rather than some remote scan.

Another legal issue. The F.B.I. can not legally hand out fines. They can arrest me, but I would need to then go before a judge, and only after being convicted would I be punished. If the F.B.I. demanded money for an alleged crime then that would be called a bribe and what they would be doing is extortion. Also, the F.B.I. would never alert a criminal that they knew he had evidence prior to an arrest. Lets say I did have pirated material. Once the F.B.I. informed me through the lock down screen that they detected illegal files through a remote scan, I would immediately either scrub or erase the entire hard drive, or remove it and have it destroyed. There goes their evidence. And they would not be accepting fines through Moneypak . You pay fines at a courthouse, not over the internet.

Realizing this was really some sort of virus, I immediately tried to unblock the computer. Nothing worked. could not access the task bar, or right click anything. There was nothing to X out. The only thing that worked was the manual power button. Once pressed the block vanished as the computer shut down. The word pad program I had been writing on also began to shut down and asked me if I wanted to save, which I did. Once the computer shut down I restarted it and immediately attempted to restore by hitting F8 on the restart. It turns out this is how past versions of the Moneypak virus were removed by others who got the infection. Instead I got a blue screen informing me the computer could not enter safe mode due to a virus. The programmers of this new virus were one step ahead.

I made a couple of unsuccessful attempts to open Windows and access the system restore before the block page came on, both times failure. Another attempt to use the Combofix failed. The virus had erased all the icons from my start up screen. I knew that I could still access the icons by hitting My Computer and then paging up when the screen appeared, but was still unable to get the Combofix to work before the block took effect. Knowing the block shut off when the computer was shutting down I attempted to access the system restore as the computer was shutting down, once again no luck. It all looked hopeless when I realized something. The word pad.

For those of you reading this article in the library or a friends computer, your PC at home now locked up, here are the steps for unblocking.
#1 Start the computer
#2 Immediately after the desk top window appears, access the task bar
#3 Hit the Word Pad icon, or at least any program you have that is similar
#4 Once the Word Pad comes on, type anything. Random characters or anything.
#5 Wait for the block page to appear.
#6 Press the power off button and wait.
#7 One by one the programs will shut off, first starting with the virus, eventually followed by the Word pad. All text programs have a fail safe in case you accidentally shut the computer down before saving. A menu pops up asking for one of three options: Save Text, Don't Save Text, or Cancel. The cancel option stops the computer from shutting down. Since the Moneypak virus initiates on start up and is now shut down, by hitting cancel you now once again have access to your computer.

Be warned. This new version of the virus permanently disables your system restore. It has also done a lot of other damage that currently is not repaired by Windows. McAfee and all the other anti-virus services are still stumped as to how to find and remove the virus. Their only solution, the system restore, is no longer an option. You are going to have to back up any files you do not want deleted and then scrub your entire computer and re-install Windows and anything else. Yep, that means going through a lot of re-installing all those updates from the windows website. You may decide to wait until your anti-virus company or Windows discovers a way to disinfect and fix the damage. But realize the hackers who infected your computer have made it vulnerable to any other virus or hacker. And no one is sure if the virus has any other side effects that can do worse damage the longer it remains in your computer.

EDIT: Since writing this article most if not all of the anti-virus services now block and remove the virus. But it is very possible that the hackers who designed it are still one step ahead with a new version that McAfee or the others can not detect or remove. If you have an anti-virus program installed and a moneypak virus still gets through then you know you were hit with a new version. Even if you successfully remove the virus using a disc there is still no easy program to fix the damage it does, and your computer is still left wide open to other hackers and malware should the virus take effect.

Be sure to save the following, your entire My Movies, My Pictures and My Music files as well as any files outside in your My Documents folder. Your Outlook Express or any other internal e-mail storage. Your SOL files for any stored video games like Line Rider. If you decide you have nothing worth saving, or have already backed up any file worth keeping then you may skip this step. But do not forget to make a list of and write down every program you have downloaded over the years. Some of them work automatically, so you have probably forgotten about that advanced zip file opener, the Adobe or those video codecs. You also probably have a bunch of helpful programs that you use time to time. You want to know the name of those programs if you ever want to download them again. You can't just put "That program that converted files into different formats" and get Format Factory. You will want to know the name of your favorite reformatting program in order to find the download page again.

Know Your Virus

There are probably many versions of this virus floating around. Some of you may have the older version, while others have the updated version that disable the fixes from the past. Each one is a timer virus, meaning it activates simultaneously on every computer that has it. And there are variants so that some activate on one date and others on another date. How do I know this? The first thing I did when I realized it was a virus was pull out the internet plug. If there was any possibility this was a remote trojan then I did not want someone going through my computer and looking for passwords. When the block screen came on again it displayed an internet error page. That meant the block page was actually a website page which the virus expanded to cover the entire screen, disabling any way to X it out. Now knowing it was a website, I was able to go through my web history and find it. This is what I found.

I am presenting it as a picture file so that no one reading this article accidentally clicks it. Even though it now appears to have been shut down, there is always the possibility that you can get a virus from visiting it.

Since my computer was already infected I decided to revisit the site to make a screen capture. The first time I visited it I got the same F.B.I. page. Not knowing what would happen if I attempted to screencap the site, and deciding backing up my files was more important, I shut down the computer, bought some new blank quality DVDs the next day, and spent the rest of the next night backing up everything. Now that it was safe I revisited the site, but now found this....

That is a warning from the German version of the FBI basically telling some poor slobs in Germany the same thing in their language, that they found illegal files and have shut their computers down.

This is how I know the virus is timed. The hackers had some sort of delivery system where computers with American IPs got their own specific timer. 48 hour later computers in another country activated, at which time the hackers had changed the web page to correspond to their language, their police, and their laws. Also, I believe the hackers specifically chose the week ( or weeks ) of the Olympics when the news is so dominated with that event that they would not have time for a computer virus story. In other words, the perfect week to go under the radar.

Addresses that end in .su are in Russia. This is the hackers home base. In the past few days I have been unable to access the site. This could mean the hackers disabled it, or that the authorities in Russia had it shut down. There is only so long this scam could work before the law caught on.

So who would this scam work on? Most people I contacted said the same thing, they realized it was a hoax after a few minutes. But maybe they were not the intended targets. Instead it would be mom and dad. The family computer gets blocked, and panicky mom and dad suddenly think their kid had done something illegal. Thinking they are keeping their child out of prison they rush over to the local retailer and send the hackers the $200 Moneypak account. Their child comes home from his friends and mom and dad confront him, showing him the web page. But Jr. knows better, and has to convince his parents that they have been tricked out of $200.

There is only two ways to know you have this virus. One is if your computer was locked. The other is if you noticed your system restore has been disabled. I discovered my system restore was disabled a week ago with vital components deleted. I knew then that a virus had done it, and had hoped that the Combofix scan had found it and deleted it. The Olympic Monepak Virus evaded it. I am going to wipe my computer clean and reinstall Windows XP. That is going to mean a few days of reinstalling service pack 3 and every one of the hundreds of updates from 2000 on. But my computer has been suffering from years of damage cause by various viruses, and I am sure there were a few trojans and other malware that were either evading all the anti virus programs, or had done some sort of damage to the system that removed a component needed for those antivirus programs to work. I have grown sick of it taking a minute for some web pages to load. I am looking forward to my computer loading up a web page in a flash again. Going through the trouble of reinstalling everything had been something I put off for years. This new virus has given me a new reason to do what I should have long ago. Maybe getting my computer locked by a fake FBI was not such a bad thing.


    0 of 8192 characters used
    Post Comment

    • profile image

      stethacantus 2 years ago

      Best you can do is scan for a virus in the safe mode.

    • profile image

      Kim 2 years ago

      I just had a screen pop up and say that my browser was locked by the FBI/NSA and all content on this computer has been sent to my internet provider. And that I could unlock by getting a green dot money pak or loading money to paypal. I disconnected from the internet and i have no problems since. Not sure what to do now.

    • profile image

      robert 3 years ago

      Get A MAC!

    • profile image

      stethacantus 3 years ago

      The latest malware removal programs should get rid of it. The problem is any new version of the virus that was just programmed in the past couple of days. It takes a while for Malwarebytes or any other company to become aware of a virus and write the update to get rid of it, so I would update and run the program every weekend for the next few weeks just to be safe.

    • profile image

      Anna 3 years ago

      This happened to me yesterday. I clicked on the tab thinking it was an advertisement when I read Your browser has been blocked. I saw FBI so I panic and tried to X it out but couldn't. So I shut down the laptop and turn it back on. Everything still works fine. I could still go to other websites and no pop ups about the thing again. I really thought it was true so to be safe I research about it and found out it was a virus. I don't know how it attacks. Like does it stop you from going any websites? Or go anywhere at all? I'm not sure. I shut it off and turn it on. I decide to restart to get to safe mode with networking which i manage to get in but didn't know what to do so I restart it and kept on researching about this virus. So far nothing pop up about the Your browser has been locked but I am still worried so I called my friend and she told me to download malwarebyes anti malware. This is my second day and because I panic and didn't read much of what the virus says (I hope it's a virus and that I manage to get rid of it by using the anti malware) so I really hope I am safe. Im using the same laptop and nothing about Your browser has been locked popped or stop me from going to yahoo, google, and I just want to make sure. Did the virus attack the laptop? Did I manage to get rid of it since no screen pops about the Virus (I really hope it's just a Virus) so I assumed I am safe for now but still worried.

    • profile image

      James 3 years ago

      I had that same thing happen to me. I tried exiting out of the webpage, but could not. I also had to force shut down. I thought it was legit. That has to have been the most scariest moment of my life.

    • profile image

      RobinG 3 years ago

      I am waiting to see what happens when the 48 hour timer runs out?

    • profile image

      Pyro 1907 3 years ago

      This happened to me to but i took it to my computer technition at my school who fixed it in matter of three minutes

    • profile image

      trixie 4 years ago

      I just clicked on my task manager and when it opened, I clicked "End task" on my Internet Explorer. It works great.

    • profile image

      Russel 4 years ago

      All I did was turn off my computer

    • profile image

      chris toste 4 years ago

      this happen to me today i was hella scared

    • profile image

      stethacantus 4 years ago

      Lets say we lived in a country with no bill of rights, and the government was allowed to scan your private computer for illegal files. They would arrest you first and confiscate your computer before they would ever demand a fine. Notifying you would just give you time to delete the evidence. In other words, there is no legal system on this planet that would ever remotely lock any computers in return for a fine, even those without fourth amendment protections.

    • profile image

      Grant 4 years ago

      The "F.B.I." Shut down" Just happened to me !!!!!!!! "It freaked me out", Wondering ? What the hell did i do ? I "Thank God" i desided to look up, to see if this happened to any one else. "They" ??? Want $300.00 with in 72 hrs. Or they? will begin filing charges; "What the hell is going on"??? I'm all freaked out, because we don't have $300.00 to give anyone ! "I just hope" You??? guys are right... (and it isn't really them) I don't need the f.b.i. or anyone else knocking on my door. "I haven't done anything wrong" Thanks again, "Whoever" you are.....? Grant

    • profile image

      oxymnteex 4 years ago

      Hey there just wanted to give you a quick heads up. The text in your content seem to be running off the screen in Chrome. I'm not sure if this is a formatting issue or something to do with browser compatibility but I thought I'd post to let you know. The layout look great though! Hope you get the issue solved soon. Many thanks registry cleaners

    • profile image

      Vincy 4 years ago

      Have never got this virus yet

      was doing search for new virus

      now I prepared some fixes incase :)

    • profile image

      nick 4 years ago

      I realized it was a hoax due to the fact there was misspelling in the fine print

    • Daughter Of Maat profile image

      Melissa Flagg COA OSC 4 years ago from Rural Central Florida

      I've never heard of this virus until just now, and ironically I'm reading this hub as my Norton antivirus expires. I think that means it's time to renew it... Voted up and shared.

    • profile image

      dkmayo 4 years ago

      Thanks for the warning. There are so many virus/scams out there now.

    • profile image

      The Chewy Mommy 4 years ago

      I HATE this virus with a passion. We got this twice on our old computer and it took hours to get it off the first time, days the second. I am praying we don't get hit with this on the new computer because I just might cry.

    • profile image

      nikashi_designs 4 years ago

      Crazy...thanks will watch out for this and update my Norton.

    • profile image

      jen 4 years ago

      I had this problem a few minutes ago!! I was worrry!!1 But then we call my internet provider and they said that it was a virus!! Also, my computer turn off and it dint apper, I went to my account and whern on internet and it dint apper!! It wasn't until i went to my brothers that it apper! I notice that the timer re-started!! And Also I thought if this was important their should be a phone number or it should block all accounts!!! Thaats when I figured it out! It's better to delete the accound and do a scan for virus and spyware to check the others!!

    • profile image

      stethacantus 4 years ago

      There seems to be different versions of this virus. The one I had wiped out both the files needed to do a restore, and disabled the safe mode. Both those options were out. What I can't figure out is why? If you are using safe mode to access your anti-virus program(s), or attempting a system restore, then you have already figured out that it is not the FBI locking your computer, and you are not going to send any money through moneypak. So why bother taking the extra steps to keep the computer "locked"? If you were able to use the system restore then your friend had the earlier tamer variant of the virus.

    • profile image

      Tyler 4 years ago

      My friend brought his laptop to me two months ago. He had the same virus. At first I wasn't sure it was a virus, then I saw the moneypak crap and I knew it was. I got rid of it by making a cmd (.bat) file on my computer to quickly access msconfig.exe. Once I was there, I did a fast search for startup programs that looked wrong. I found 4 start up items with scrambled names(something like hfbrr.) So I quickly hit disable. It asked to restart as usual then the fbi thing popped up. I did a reboot and bam, it didn't show up. So I investigated the start up items I disabled to pinpoint which one it was. I cannot remember the name of it, sorry. Once there, I simply deleted the folder and re-enabled the other start up items I have disabled. Did a reboot to make sure I got it. It was gone. Unfortunately, the virus took out a couple core files. (5 mins then bsod.) So I ran system restore and everything turned out fine. My friend even paid me $20 so it was a win-win. :)

    • profile image

      Missem 5 years ago

      I had this happen, and I completely freaked out! I restarted my laptop 3 times by just unplugging the power cord (I don't use the battery since it won't hold a charge) then decided to try by holding down the power button. Lucky me has a bunch of stuff that runs in the background, so my computer says are you sure you want to close this, not everything may be saved, yada yada yada. I clicked cancel and bam! My computer is unlocked...I've had to do this a couple times. I'm getting my photos off and then I'm done with my laptop! It sucks, but whatever I have another computer to use.

    • livewirez profile image

      Romel Tarroza 5 years ago from Pearl of the Orient Sea

      You better use antivirus.. For you to choose the best anti virus you can use this information here:

    • profile image

      Burhan 5 years ago

      You Can Try this for help

      For Free Support call on :1-855-200-0277

    • Practical Paws profile image

      Debra Hine 5 years ago from Longueuil, Quebec

      Your hub gives us really highlights the phrase that should be engraved in glowing neon on every computer monitor and laptop screen - Think BEFORE Clicking!!!

    • don tilton profile image

      Donald Titlton 5 years ago from Los Angeles, California

      What a Hoax .. the Fake Antivirus program maybe even be more cunning. I typically have success using MalwareBytes and the Avast in that order to get these virus off the computer .. (both the free versions)

    • moonlake profile image

      moonlake 5 years ago from America

      I got the FBI virus and did get into the safe mode. I shut my machine down and unplugged and all came back.

      I couldn't get to the system restore because my screen was completely disabled. Youtube is a good place to go and find information on how to get rid of it. Glad your computer is now working. I hate viruses of all kinds.

    • HoneyBB profile image

      Helen Laxner 5 years ago from Illinois

      Great advice. I had a trojan in my computer not long ago and I found it through Windows Defender. I ran a scan and it took it out. If I hadn't caught it I would have no idea what to do. now that you shared this info at least I have an idea of what to do in the future. Thanks for sharing.

    • profile image

      bamA 5 years ago


    • profile image

      Anonymous 5 years ago

      It is a virus. If you get to the blue Windows Disk error screen, you need to reload your OS.

    • CWanamaker profile image

      CWanamaker 5 years ago from Arizona

      This happened to some people I know. Kinda scary actually.

    • profile image

      @Anonymous@ 5 years ago

      Lyer... That is not FBI, stupid. You think it is legal to set ANONYMPUS LOGO?

    • profile image

      Billkatz2 5 years ago

      Norton too care of it for me. it did not disable system restore.

    • profile image

      Neil Sherman 5 years ago

      Matthew? Just now had a curiosity to m'self - Does your laptop have WiFi, Cell-Modem, and-or Wireless WANy-LANy-ding-dong engaged and functioning when you boot up?

    • profile image

      Neil Sherman 5 years ago

      Sounds like I'm in for morer and biggerer versions! Thanks for a heads-up. I got two different versions in the past week and a half. This morning's worse than last weeks. Unlike the other folks I've seen so far, I did get suckered in during visits to, ahem, "adult", chyeah-right, sites. So far though, they've been easy enough to remove, since, as you've pointed out, they become part of the starting schema. My only real complaint why work that good doesn't include a screensaver! And, fwiw, it's nice to see the FBI finally posted a denial.

    • profile image

      Mathew 5 years ago

      I'm following the same steps and it doesn't seem to work on my laptop for some reason.

    • profile image

      Frankie 5 years ago

      Wow. The FBI screwed my computer when I brought it past their front door, they took my purse away to hold it safely, and after the visit, giving my purse back, I access my computer to find it was irreversibly corrupted, erasing everything. I had it encrypted, and when they surreptitiously accessed it, probably by USB, without my consent, it voided the files. Had to take it back to the Apple store for a factory reinstall. The FBI is paranoid and, well, destructive with property; I don't think I'll ever volunteer anything for the sake of my country through them again.

    • profile image

      mhags17 5 years ago

      I just removed this virus by disconnecting from the internet which gave me full access to my computer again and system restore.

    • djeff37 profile image

      Daryl j. 5 years ago from Converse, TX

      Depending on the work you do with your computer, the safest would be to install a copy of Ubuntu (a Linux-based operating system). Typically those systems which are based on the Linux kernel are virus free. Mainly because they pay more attention to security than Windows and viruses are generally written for the most popular operating systems Windows.

      You can burn a Live copy onto a CD/DVD and run it from the disc to try out without making any alterations to your computer.

    • blessed365 profile image

      Vicky C. 5 years ago from New England

      Those viruses can be a pain. I have had many of them, but have always been able to remove them from my system. Never heard of this virus. Thanks for the instructions.