Currently DOJ virus won’t allow any type of booting circumstance. Even booting from a USB with a possible program solution downloaded to a clean computer.
Written by 2-spyware.com on Apr 8, 2013 | 4 comments
This solution has been deemed correct by the post author
Hello, thanks for asking on 2spyware forum.
First of all, you should know that Department of Justice virus, just like other viruses that belong to Ukash group, mutate, so there is a chance that you have a new version of ransomware. However, you can use these options, not only the USB stick, when trying to unblock your computer and remove Department of Justice virus for good:
1. Reboot to Safe mode with command prompt. Your virus should not be active after doing this.
2. Run regedit and search for Winlogon.
3. Find a key named as ‘Shell’ under Winlogon. It should refer to Explorer.exe or be blank. If you see something else referring an executable in one of folders, replace it to explorer.exe.
4. Save changes and additionally reboot to Safe mode with networking.
5. Run msconfig and disable all unnecessary startup entries.
6. Finally, run anti-spyware and remove malicious executables it detects.
Try to deny the flash. For that, go to Macromedia support and select ‘Deny’: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
If you are a paid Spyhunter’s customer, you can get a free assistance from its technicians. Here you can read more about that: What to do when antispyware program fails to remove infection?
Feel free to contact us again if these steps won’t be helpful for you. For more information, read: How to remove Department of Justice virus?
While I appreciate your response, you may not have read my statement clearly concerning the DOJ Virus. There is now a version that will not allow any booting from any safe mode option. Suggest you try to address this from that point of view, since complaints of any new infections of this virus will more than likely, be that version.
What is your take on the possible “Slave Drive” solution, using the infected drive as a slave in a different computer?
My husband just had this happen to his laptop for the second time, first being the FBI this time the dept of justice, last night.I looked up a solution on my iPad and did this:
First off, I turned our Internet connection off, so whoever had the virus couldn’t hack our information.
Secondly I just turned the computer off by pushing the power button since couldn’t activate main screen.
When I turned the computer back on I pushed the F8 key and loaded in safe mode with command promp. When it loaded I typed in explorere.exe and went to my control panel and ran a recovery and took computer back 4 days and it removed the virus. I currently have spyhunters running on it and deleted all history and cookies that he had on his laptop. Needless to say this has worked both times, last night it just took me forever to get the computer to turn off it just wanted to keep going to sleep mode then back to the locked screen…hope this helps anyone who has it. Got this info from the main page of this website in the comments section…
This virus described above was a tough one to remove. Normally I would try to kill the virus through any means ie: taskkill on another workstation, but this virus doesnt allow any of this. The only thing that worked was booting a MSDaRT CD and doing a system check. It found that user32.dll was infected and replaced it with a legit copy. I went to the user’s profile and in the templates folder are all the files associated with the virus. Just deleting them is not good enough as the virus corrupts a system file and uses it to launch.
Your email address will not be published. Required fields are marked *
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>