Update: I have a more recent FBI MoneyPak removal post here (another variant of the virus).
A client called me today with a machine (Windows 7) infected with the FBI MoneyPak virus. I got it out in about ten minutes – this is what I did:
1) Tap F8 during pre-boot and go into Safe Mode
2) Click Start>All Programs>Startup Folder
3) You’ll see “ctfmon” (without quotation marks). Delete it.
4) Click Start>Run>Type %temp% >OK
5) Look for “festOr_ot” (without quotation marks). Delete it. Some techs have reported seeing “roolO_pk.exe”, “er_OO_O_l.exe” and/or a “.mof “ file also. If you see any of these delete them!
6) Restart the machine in normal mode
7) FBI virus is gone!!
Professor Randy says: The FBI MoneyPak virus is just another of the many ransomeware programs that want to scam you out of your money! Don’t be fooled – remove this phony malware by using the method described above.