Department of Justice Virus is one of the latest threats from Ukash virus group that try to attack people living in the United States of America. This threat belongs to the category of ransomware, so it is designed to get inside the system secretly and then try to rip users off. Just like FBI virus, FBI Moneypak or FBI Green Dot Moneypak virus, it creates lots of troubles for its victims by locking the system down. This results is complete system's take over - user becomes incapable to get on the Internet, launch legitimate anti-malware programs or do other things on his PC. He only sees a forged Department of Justice Virus alert, which states that user is caught doing illegal activities on his computer. Before you fall for this alert, you must note that such organizations as Department of Justice do NOT collect their fines in such way. You must remove Department of Justice Virus immediately!
HOW CAN I GET INFECTED WITH Department of Justice Virus?
This scam is designed to use the same ways intrussion as all previous Ukash viruses: it uses spam emails, freeware, shareware and other sources to come inside undetected. Once there, it locks the system down and shows its only message, claiming that Windows system has been blocked because you have been using copyrighted content, visiting pornographic websites or even spreading malware. For that, now you have to make a payment of $200 using the Moneypak prepayment system. Here's how this message looks like:
Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America (Article: 1, Section 8, Clause 8; Article 202; Article 2012 of the criminal code of the U.S.A. Provides for the deprivation of liberty for four to twelve years.)
Following violations detected:
Your IP address was used to visit websites containing pornopraphy, child pornography, zoophillia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography!
(…)
You have 72 hours to pay the fine, otherwise you will be arrested.
(...)
No matter how trustworthy it seems, you must ignore this alert because it has nothing to do with Department of Justice. If you pay this $100 or $300 fine, you won't have your computer unlocked and you will lose your money as well. In order to avid that, you should remove Department of Justice Virus as soon as possible.
HOW CAN I REMOVE Department of Justice Virus?
In order to remove Department of Justice virus, you should try following this information. It includes different methids that MAY work in this virus removal. Remember that manual removal methid can be used only if you have enough nowledge about computer's system and its architecture:
* Users infected with Department of Justice virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Flash drive method:
- Take another machine and use it to download Defender Pro Ultimate Security Suite, SpyHunter or other reputable anti-malware program.
- Update the program and put into the USB drive or simple CD.
- In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
- Reboot computer infected with Department of Justice virus once more and run a full system scan with updated anti-malware program.
* Manual Department of Justice removal (special skills needed!):
- Open Windows Start Menu, enter %appdata% into the search field, click Enter.
- Go to: Microsoft\Windows\Start Menu\Programs\Startup.
- Remove ctfmon (don't mix it with ctfmon.exe!).
- Open Windows Start Menu, enter %userprofile% into the search field, click Enter.
- Go to Appdata\Local\Temp and remove rool0_pk.exeDelete [random characters].mof file
- Delete V.class
- Run a full system scan with updated SpyHunter to remove remaining Department of Justice virus files.
UPDATE: There is a new Ukash virus, which uses the logo of the Department of Justice. This threat now says 'Your computer has been blocked! The work of your computer has been suspended on the grounds of the violation of the law of the United States of America". Similarly to the previous version of the Department of Justice virus, this ransomware shows a list of laws, that have been violated, and asks to pay the fine of $300 using MoneyPak prepayment system. Besides, it speaks to the victim!
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
By Downloading any provided Anti-spyware software to remove Department of Justice Virus you agree to our
privacy policy and
agreement of use.
Modern viruses are really hard to remove. They have random file names, random registry entries, they can immitale legal products and files.
Removal instructions sometimes can't Help to remove infection manually. Please take a look at our discussion where users like you share they experience in fighting the parasite:
(90 / 100)
|
Follow us 
|
Like us 
First, manually shut off your computer.
As your system reboots, constantly hit the F8 key until the Boot screen shows up.
From there, click a Safe Mode option.
Once in Safe Mode, access the internet and download Malware Bytes.
Have the program run a full scan. Once the virus is detected, remove it- then restart your computer.
BLAMO! Virus is gone.
Youre welcome.
WWW.YOOCARE.COM - HELP ME REMOVE THE VIRUS. UNFORUNTELY IT COST ME $69.95 BUT NOW I ACCESS TO MY LAPTOP.
SERIOUSLY CONSIDERING GETTING A MAC NOW.
Thank you.
Is there an alternate methods???
1. Shut your PC off using the off button. Do not try alt/ctrl/delete (three finger salute). It wont work.
You need to shut down manually. Go to control tower and shut it off.
Give it a minute or so and turn it back on. This will give you access to your programs. Do NOT try to get back
on the Net.
2. Run your Anti-Virus program. It may try to block you again. If so? Do all of the above again! and just let it run
until your PC is clean. Avast will clean it.
3. Run ccCleaner and you will get rid of it
On my next infection I was watching streaming videos again on a different website, again DOJ came knocking. This time I recognize the banner and immediately turn off the computer. I then boot up on safe mode with network. I run malwarebyte and got rid of the virus.
Lesson learned: Turn off your computer asap dont let it run because the virus would write itself deeper into the system. I have an AVG anti virus and Microsoft Security Essential running when I got the 2nd infection. They are useless against the DOJ virus. Now I installed malwarebytes hope this will protect me from DOJ attack.
You cant end process to use antivirus anymore, says illegal process has been noted.
You cant open safe mode, it blocks it and says another illegal process has been noted.
You cant open a other account, crashs laptop and you get back to your main and says illigal process has been noted again.
pay now or your system will be erased.
i refused and my system was erased.
So best info i can give on this is to back everything up all the time.
Or a dirtbag hacker will erase it and laugh.
erase it even if you pay him money which i didnt.
BE CAREFUL GUYS!
WARNING: Back up your files on a frequent basis. I had backed up all my files to an external hard drive, but found that after the process, I didn’t have to restore any of my files but I did have to go back and reinstall my Antivirus and MS Office software so please make sure that you have your product keys available.
Windows 8 Users only:
From the START menu:
1. Move your mouse to the far right of the screen where you can have access to Settings (1 of the 5 options) and click on SETTINGS.
2. Select Change PC Settings
From the SETTINGS Menu:
1. Scroll down to GENERAL and click.
2. Move your mouse to the right side and scroll down to “Refresh your PC without Affecting your Files” and click on Get Started.
3. Read the prompts then click NEXT.
The process took me less than 15 minutes and when the process was complete, all of my files and folders were in tact. My desktop, however, was black and I only had 3 icons, one of them which was a file named Removed Apps. I was able to reinstall my important icons but the most important thing was that my computer was no longer locked. It certainly helps to install an anti-malware software. Good luck to everyone and I hope that this can help someone else like it helped me. Pay it forward!
1) Disconnect infected PC from network and internet.
2) Go to Start menu and enter %TEMP%
3) Temp folder will be displayed in Windows Explorer.
4) Delete any .EXE files you find in the root folder, not in any subfolders.
5) Go to Start menu and enter %APPDATA%
6) AppData folder will be displayed in Windows Explorer.
7) Delete CTFMON file
8) Empty your Recycle Bin
9) Re-boot PC, virus should now be removed...
-RW-
Open for suggestions, although I did see a suggestion of making the infected drive a slave drive in a different computer.
Or which is the best selection in safe, only three on my vista 32 bit..thanks
My customer has the same problem (or perhaps its another type of malware problem, but this article seemed to mention it in a similar way).
As soon as my customer saw this virus, she called me and I made sure she rebooted the computer in network mode. After I could remotely control her computer (through our it-system) and scan the computer using "Eset Endpoint Antivirus". The AW looked different, as the layout wouldnt show up, only the client command interface with text would and it started to scan. After that I took Johns advice and installed cCleaner and removed all registries and scanned and analyzed everything else, and removed everything completely from the system. Im not sure yet if this fixed the issue but heres some tips:
1. Restart in safe mode.
2. Go to &appdata% and kill CTFMON if you see it.
3. Go to &username& and make sure you have enable hidden files/folders so you can get to the temp folder and delete everything.
4. Scan with AW + ccleaner.
5. Reboot
6. Hope to profit.
If this problem still occurs for me, then I will post here and relate to this, hoping that someone can solve the issue and update it to the others.
Post Comment: