Directly contact our Support Team

How to remove FBI Ransomware infection

The FBI Ukash MonkeyPak Ransomware is a malware that locks you out of your computer and your applications until you pay a “ransom” of $100/$200 via MoneyPak/Ukash/PaySafeCard.

This infection is typically installed onto a computer when the user visits an infected website that contains malicious scripts which could exploit vulnerabilities from the browser or the installed plug-ins.

Once installed, the FBI Ransomware will be configured to start automatically when you login to Windows.

AssociatedFBI Ukash MonkeyPak Ransomware files:

C:/Documents and Settings/Start Menu/Programs/Startup/ctfmon.lnk

C:/Documents and Settings/Start Menu/Programs/Startup/.lnk

C:/Users/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/ctfmon.lnk

C:/Users/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/.lnk


C:/Documents and Settings/Local Settings/Temp/.exe


C:/Program Data/lsass.exe

C:/Program Data/.exe


Here are the recommended actions for you to remove this infection from your PC:

(You can find a video with the removal steps here, in the Bitdefender Tech Assist article.)

I. Since you are unable to launch any software or access your desktop, the PC has to be restarted in Safe Mode with Networking.

II. The operating system will now boot into Safe Mode with Networking and prompt you to login with your current user account.

Important:  you will have to login with the infected user account in order to be effective

III. When your Desktop appears, download and save the Bitdefender Trojan.Ransom.IcePol generic removal tool using the following link:

[Download Bitdefender Trojan.Ransom.Ice Generic Removal Tool]

Save the file on your Desktop and double click on it (for Windows Vista/7, right click and choose Run as administrator).

IV. Press the green button Start Scan and wait for the tool to finish.