I also had this FBI Moneypak virus. I work in the PC service industry, so I have removed this virus from many customer PCs. However this NEW version was a real bugger to remove. In the interest of helping others, I offer the following:
1. This new version of the virus blocks Safe Mode and Safe Mode With Networking. Safe Mode command prompt works unless you attempt to run any program from the DOS prompt that causes the Explorer shell to open, then it locks you again. If I had known where the new virus version stores the infected file, I could have fixed it from there (it used to be in either %appdata%\Roaming or C:\Program Data).
2. On Sept 4th I updated the Hitman Pro Kickstarter USB drive that I own and ran it. IT DID NOT FIND OR DETECT THE VIRUS.
3. On Sept 7th I undated the Hitman Pro Kickstarter USB drive, and a new update was loaded. This time it detected the file that was infected. So it seems that the Hitman people had learned how to fight this virus by then and they updated their software (whew).
4. As the member above stated, the infected file was C:\Windows\SYSWOW\user32.dll. For those of you that are having trouble fixing this virus, it is possible to simply copy the user32.dll from another Windows 7 (in my case) PC and copy it over the infected user32.dll from the Safe Mode command prompt (make sure you match the version of the file - either 32 bit or 64 bit).
Hope this helps!
Edited by dadguy, 08 September 2014 - 10:17 AM.