How to: Remove MoneyPak virus on Windows 10?

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Affiliate Disclosure

To fix various PC problems, we recommend DriverFix: This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:
  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

Computer viruses are a major threat, and one of the worst kind of malware is ransomware. This type of malware will prevent you from accessing your files and applications, but fortunately there’s a way to fix this problem. There are different types of malware, and today we’re going to show you how to remove MoneyPak virus from Windows 10.

How to remove MoneyPak virus from Windows 10?

As we previously mentioned, MoneyPak is a ransomware and just like any other ransomware, it will lock your files and prevent you from accessing them. This malware will give you a message saying that your computer was locked by FBI Department of Defense Cyber Crime Center due to a copyright infringement, and that the only way to unlock your PC is to pay a “fine”. Of course, this is a complete scam, and your computer isn’t actually locked due to copyright infringement. This is just a scam created by cyber criminals to take your money, therefore you should never send money to anyone if you ever get such message on your PC. Now that you know that MoneyPak is just a scam, we’ll show you how to remove it from your Windows 10 PC.

Solution 1 – Use System Restore

One of the simplest ways to fix this problem is to use System Restore. Using System Restore you should be able to revert your PC, and malicious file will most likely be removed from your computer. You won’t be able to perform System Restore from Windows 10 due to MoneyPak virus, but you should be able to circumvent this problem by following these steps:

  1. Restart your computer few times while it boots to start Automatic Repair. In some cases, you can enter this mode by pressing F8 or by using Shift + F8 shortcut. These shortcuts may work, but usually the safest way is to restart your computer few times.
  2. When Automatic Repair starts, choose Troubleshoot > Advanced options > System Restore.
  3. Select your account and enter its password. Click Continue.
  4. Click on Next. Select Choose a different restore point and click Next.
  5. You should now see the list of all available restore points. If available, check Show other restore points to reveal all restore points that you have available.
  6. Select the desired restore point and click Next.
  7. Follow the instructions on the screen to complete the System Restore process.

Solution 2 – Use Kaspersky Rescue Disk

Since this virus blocks all access to your PC, you’ll need to use a bootable media to remove it. To do that, you’ll need to download Kaspersky Rescue Disk ISO. After you download the ISO file, you’ll need to burn it on a CD or create a bootable USB flash drive. Now you just need to follow these steps:

  1. Insert the Kaspersky Rescue Disk CD or USB flash drive to the infected computer and boot from it.
  2. When your PC boots from the CD or USB flash drive, select the Kaspersky Rescue Disk Graphic Mode option and press Enter.
  3. When your PC boots, you’ll see a graphical environment and Rescue Disk software running. To go My Update Center tab and click the Start update button to download the necessary updates.
  4. Go back to Objects Scan tab, select all options and click Start Objects Scan button.
  5. When Kaspersky Rescue Disk locates MoneyPak virus, choose the Delete option. If any other viruses are found, be sure to delete them as well.
  6. After the scan is completed and all viruses are removed, restart your PC and check if the problem is resolved.

Solution 3 – Download and run Norton Power Eraser from Safe Mode

Since Windows 10 is blocked by MoneyPak, you’ll need to download and run Norton Power Eraser from Safe Mode. If you can’t access Safe Mode at all due to this virus, you should skip this solution and try a different one. To start your PC in Safe Mode, do the following:

  1. Restart your PC few times during the boot to start Automatic Repair.
  2. Select Troubleshoot > Advanced options > Startup Settings and click Restart.
  3. When your computer restarts you’ll see a list of options. Press F5 to start Safe Mode with Networking.
  4. When Safe Mode starts, you’ll need to download Norton Power Eraser.
  5. After the file is downloaded, run it and click Accept.
  6. Click the Scan for Risks button.
  7. Norton Power Eraser will ask you to restart your PC in order to perform a Rootkit scan. If you don’t want to perform a Rootkit scan, you can easily turn it off from the settings menu. To perform a Rootkit scan, click the Restart button.
  8. When your computer restarts, be sure to enter Safe Mode again.
  9. Follow the instructions on the screen to complete the scan.
  10. After the scan is completed and all viruses are removed, your PC should be able to start normally.

Solution 4 – Delete the virus manually from Safe Mode

According to users, you can fix this problem by manually removing the virus from your PC. To do that, you’ll need to enter Safe Mode. If you can’t access Safe Mode, you should skip this solution. To remove MoneyPak virus manually, follow these steps:

  1. Enter Safe Mode.
  2. When Safe Mode starts, press Windows Key + R and enter %appdata%. Press Enter or click OK.
  3. AppData > Roaming folder will now open. Go to the Microsoft\Windows\Start Menu\Programs\Startup folder. You should see ctfmon shortcut in there. Delete the shortcut.
  4. Close this folder.
  5. After doing that, press Windows Key + R and enter %localappdata%. Press Enter or click OK.
  6. When AppData > Local folder opens, navigate to the Temp folder.
  7. Now you need to find the problematic .exe file. Usually that’s one of the latest files that has random letters in its name followed by .exe.part, for example ZloN8OV9.exe.part or rool0_pk.exe. Keep in mind that the name of this file can be different. After you find the problematic file, delete it.
  8. Locate V.class file and remove it. Also, locate and remove update00.b file. If you notice any suspicious files that were added to the Temp folder, you can also delete them. Alternatively, you can also delete all files and folders from the Temp folder.
  9. Optional: Sort the files in Temp folder by date and remove any files that are created at the similar time as the malicious file. If want, you can also delete all files from your computer that are created at the similar time.

Keep in mind that you need to permanently delete malicious files, therefore hold the Shift key to permanently remove those files from your PC.

Solution 5 – Install the latest version of SpyBot or Trend Micro

Users reported that they managed to fix this problem by installing the latest version of SpyBot Search & Destroy application. In addition to SpyBot, some users reported that Trend Micro tool helped them fix this issue, so you might want to try using it as well. Another tool that can help with this problem is Malwarebytes, so be sure to install the latest version on your PC. Keep in mind that you can only download and use these tools in Safe Mode.

Solution 6 – Disable your Internet connection

According to users, this virus relies heavily on your Internet connection, and if you unplug your Ethernet cable or turn off your router, you should be able to start your PC without any problems. After starting your PC, try following the steps from Solution 4.

Several users reported that they were unable to remove the malicious file roper0dun.exe from their PC because it was used by rundll32 process. To fix this error, you need to stop rundll32 process and then delete the malicious file. Unfortunately, this virus prevents Task Manager from starting, so you’ll have to use Command Prompt to stop rundll32 process. To do that, follow these steps:

  1. Press Windows Key + X to open Win+X menu and enter choose Command Prompt (Admin).
  2. When Command Prompt starts, you need to list all running processes. To do that enter tasklist command and press Enter.
  3. List of all running processes will appear. Locate rundll32 process or any process that is currently using the malicious file and write its PID. Usually that’s a four-digit number. If you have multiple rundll32 processes be sure to write down PIDs for all of them.
  4. After that, enter taskkill /PID xxxx /F command into Command Prompt. Be sure to replace xxxx with the four-digit number that matches the PID from previous step. If you want to end multiple processes, be sure to repeat this command and replace the PID.
  5. After ending these processes, try to delete the problematic file again. If you can’t delete this file because another process is using it, be sure to repeat the steps above to end the process and try to delete the problematic file again.
  6. After removing the problematic file, enable your network connection and check if the problem is resolved.

Solution 7 – Disable Startup processes

If you want to fix this problem, you can disable all problematic startup processes, but to do that first you need to enter Safe Mode. After doing that, follow these steps:

  1. Open Task Manager by pressing Ctrl + Shift + Esc.
  2. When Task Manager opens, go to the Startup tab.
  3. List of all startup applications will appear. Locate unknown or suspicious applications, right click them and choose Disable. Alternatively, you can right click any startup item and check its properties to see the location of that process. MoneyPak files are usually located in AppData or Temp folders and they use rundll32.exe file, so if you see any files located in these folders or using this .exe file, be sure to disable them.
  4. After disabling the problematic process, restart your PC.
  5. If everything works normally, download anti-malware software to remove this malicious program, or remove it manually.

Solution 8 – Check your registry

Sometimes these malicious files can make changes to your registry, but you should be able to fix this problem by following these steps:

  1. Start Windows 10 in Safe Mode.
  2. Press Windows Key + R and enter regedit. Press Enter or click OK.
  3. When Registry Editor opens, go to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run key in left pane.
  4. In the right pane you’ll see several entries. Locate the one that has random name and double click it to check its location. Usually this file will have a random name such as pg_0rt_0p.exe and it will be located in Temp or AppData folder. Write down the location and the file name because you’ll need it for the next step. Delete the entry with the random name from your registry.
  5. Close Registry Editor and go to the folder where the malicious file is stored.
  6. Locate the malicious file and delete it permanently.
  7. Be sure to sort files in that folder by Date Modified and delete any files created at the similar time as the malicious file.
  8. After doing that, restart your computer and scan your PC with anti-malware software just in case.

Solution 9 – Download and run BitDefender Removal tool

Antivirus company BitDefender released its own tool that removes MoneyPak virus, and in order to fix this problem you need to enter Safe Mode and download BitDefender Removal tool. After downloading the tool, run it and wait for it to scan your PC and remove the malicious application. After removing the virus, restart your PC and check if everything is working properly.

MoneyPak virus can create a lot of problems since it will prevent you from accessing Windows 10, but you should be able to remove this virus by using the appropriate anti-malware tool, or by deleting it manually from your PC.


This article covers:Topics:

There are no comments yet. Please leave a comment

add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *