Removing FBI MonkeyPak Ransomware When SafeMode Is Unavailable

Step-by-step guide to removing FBI MonkeyPak ransomware

If you have been infected with the MonkeyPak ransomware, and a system restore is not an option via SafeMode, there is an alternative way to remove the malware.  It should be noted, you will need a bootable USB device with a minimum of 32 MB memory that can be entirely rewritten.  Whatever USB device you use for this process, will have all of the information erased; therefore, if you are using one you already have, be sure it doesn’t have important data stored on it.  You will need to use the USB to download HitmanPro.Kickstart.  You will do this on a computer, other than the infected PC.  Follow the step by step guide below:

1. Click here to download HitmanPro to your desktop.  You will need to download the version that corresponds with your Windows System, either 32MB or 64MB.
2. Once installed, insert the USB device you will be using to install HitmanPro.Kickstart
3. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be see the start screen shown below.Screenshot Courtesy of BleepingComputer
4. Click on the black image by the “Settings” button, that is pointed to above.
5. This will bring up a blue screen, showing you which USB devices are currently plugged into your system.  Choose the USB device you plan to use for the HitmanPro.Kickstart.  Once you select your USB device, click on the “Install Kickstart” button.
6. You will then get a notification that the USB device will be erased.  To proceed, click “Yes”.  If you choose to not proceed, click “No” to cancel.  If you chose to continue the installation process, once Hitman has been installed, you may click the “Close” button.
7. Remove the USB device.
8. Insert the USB device that Hitman was installed on, into the infected PC.
9. Turn off the infected PC, and then turn it back on.  While the PC is rebooting, watch for the screen that gives you the Boot Menu key.  Typically these are the F8, F11, F12 or Esc keys.
10. Once you have determined which key you need press to access the Boot Menu key, restart your computer.  Hit the necessary key to access the Boot Menu during the restart process.
11. When the Boot Menu appears, you have the option to select which device you want to use to boot your PC.  You need to select the USB device that has Hitman installed.
12. As your PC begins to boot from the USB, you will be asked which boot option to use.  Identify the “Bypass Master Boot Record”, press the number key associated with this option.
13. Windows will start normally.  Once rebooted, the ransomware notification will present.  Within 30 seconds, the Hitman Pro screen will appear on top of the ransomware notification.  When it does, click “Next”.
14. Now, the Hitman Pro setup screen will present.  Here, you need to be sure to select “No, I only want to perform a one-time scan to check this computer.”  Once you have selected the “No” option, click “Next”.
15. Hitman Pro will now begin scanning your PC for infections.  Once the scan is complete, you will get a screen that displays all the identified infections.
16. Click “Next” to remove all infections.
17. You will then be presented with a removal screen, showing what has been removed.  Click “Next”.
18. Now, click the “Reboot” option.
19. Windows should start normally, and the ransomware should be removed.
20. You can remove the Hitman Pro USB.

If you need any assistance with this process, or have further PC questions, feel free to reach out to our forums community.