Severity scale:  

Remove Department of Justice Virus (Virus Removal Guide) - updated Jul 2019

removal by Lucia Danes - - | Type: Ransomware

Department of Justice Virus is the infection that displays a message on the screen with claims about a fine due to illegal actions

Department of Justice virus 

Department of Justice Virus is the ransomware that blocks you from accessing the computer until you pay the demanded amount. This so-called fine is demanded due to the violations because the alert states about the distribution of pornography, unlicensed software, copyrighted files. Of course, you did nothing like that and you shouldn't pay the ransom since there is no proof of these claims. Unfortunately, people still fall for this scam since it states that the Department of Justice is involved.

Questions about Department of Justice Virus

Department of Justice Virus is one of many similar threats that deliver scary messages to get profit. Nymaim virusPolitie virusMetropolitan Police virus are all ransom-demanding threats based on messages from agencies of the government. All the types of such malware demand payments transferred via MoneyPak or Ukash services. The amount can differ, but it usually starts with $300 per victim. DO NOT consider paying the “fine” since it does not give any positive results fro the security of your device.[1]

Name Department of Justice Virus
Type  Lockscreen malware[2]
Category  Ransomware 
Symptoms  Shows the message claiming about illegal activities and demands to pay a fine
Main danger  Can install other malware, damage the system, steal credentials and money
Distribution  Spam email file attachments with malicious scripts 
Ransom amount  Starts at $300, can go up to thousands
Pretends to be  The Department of Justice or any other government agency in the US
Elimination  Install anti-malware and run on the machine to remove Department of Justice Virus

Department of Justice Virus message claims that you viewed child pornography, obtained other illegal content or even distributed such material yourself. Those lock screen windows can also show that your machine got locked and your private information got recorded via the webcam and microphone. People get scared after such claims and pays the fine for the criminals to avoid any actions.

Unfortunately, victims of the Department of Justice Virus pays for nothing since these statements are fake. However, these people can capture and record footage of you from audio devices or the webcam, so the possibility of streaming your private videos and audio is truthful. 

Nevertheless, if you react to these alerts and messages, you can get rid of the Department of Justice Virus and avoid further damage. When the threat locks you out of the applications and the system in general, it seems to be impossible, but we have a few methods below the article to help you. One of them is rebooting the machine in Safe Mode.

This is one of the threats from Ukash virus group that try to attack people living in the United States of America. This threat belongs to the category of ransomware, so it is designed to get inside the system secretly and then try to rip users off. Just like other crypto-malware, it creates lots of troubles for its victims by locking the system down. This results in a complete system's take over – the user becomes incapable to get on the Internet, launch legitimate anti-malware programs or do other things on the PC.

Department of Justice virus ransomware
Department of Justice virus is the screen-locking threat that asks the user to pay at least $300 to keep access to his or her computer.

The user only sees a forged Department of Justice Virus alert, which states that the user is caught doing illegal activities on his computer. Before you fall for this alert, you must note that such organizations as Department of Justice do NOT collect their fines in such a way. You must remove Department of Justice Virus immediately!

This scam is designed to use the same ways of intrusion as all previous Ukash viruses: it uses spam emails, freeware, shareware, and other sources to come inside undetected. Once there, it locks the system down and shows its only message, claiming that the Windows system has been blocked because you have been using copyrighted content, visiting pornographic websites or even spreading malware.

For that, now you have to make a payment of $300 using the Moneypak prepayment system. Here's how this message looks like:

Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America (Article: 1, Section 8, Clause 8; Article 202; Article 2012 of the criminal code of the U.S.A. Provides for the deprivation of liberty for four to twelve years.)
Following violations detected:
Your IP address was used to visit websites containing pornopraphy, child pornography, zoophillia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography!
You have 72 hours to pay the fine, otherwise you will be arrested.

No matter how trustworthy it seems, you must ignore this alert because it has nothing to do with the Department of Justice. If you pay this $100 or $300 fine, you won't have your computer unlocked and you will lose your money as well. In order to avoid that, you should focus on Department of Justice Virus removal as soon as possible. 

Department of Justice virus pop-ups
Department of Justice virus is the malware that shows various windows with demanding messages that are focused on crypto-currency extortion or monetary gain in general.

Possible ways to get malware on the machine

The threat that locks the screen immediately with fake alerts or messages stating about illegal activities can get on the machine without your permission, so there is no way to stop the infiltration while it happens. Especially when there is no need for your permission.

Ransomware threats come to the targeted computer via spam emails, other similar campaigns and with the help of malicious macros and infected files, the payload gets dropped directly on the network.[3] From there the attack goes to the second stage – extortion and scary message delivery.

In most cases, you just need to download and open the attached file on your system. Then malicious script either delivers you malware designed to spread ransomware or directly launches the money-extortion based virus. You can avoid these infiltrations if you pay attention to received emails and try to delete them before opening on the PC. This is what experts[4] always recommend.

Removal of Department of Justice Virus methods

In order to remove Department of Justice virus, you should try following the information below. It includes a few methods that MAY work in this virus removal. Remember that manual removal method can be used only if you have enough knowledge about the computer's system and its architecture

In other cases, Department of Justice virus removal can be performed with anti-malware tools like Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, or Malwarebytes. These automatic virus termination tools help to eliminate all files, programs related to this threat and the ransomware itself. Make sure to pay attention and possibly run a system scan more than once to ensure the proper cleaning.


do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Department of Justice virus, follow these steps:

Remove Department of Justice using Safe Mode with Networking

Reboot computer infected with Department of Justice virus in Safe Mode with Networking and then run the scan on the system

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Department of Justice

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Department of Justice removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Department of Justice using System Restore

Use System Restore as an alternate method of the virus removal

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Department of Justice. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Department of Justice removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Department of Justice and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Removal guides in other languages

  1. Aubrey says:
    December 8th, 2012 at 2:12 am

    Its actually much simpler to remove this virus. Im no computer nerd or anything, but I effectively removed this virus without all the technical crap.

    First, manually shut off your computer.
    As your system reboots, constantly hit the F8 key until the Boot screen shows up.
    From there, click a Safe Mode option.
    Once in Safe Mode, access the internet and download Malware Bytes.
    Have the program run a full scan. Once the virus is detected, remove it- then restart your computer.
    BLAMO! Virus is gone.

    Youre welcome.

  2. jonathan says:
    December 11th, 2012 at 4:29 pm

    it isnt working it says we cant download the malware bytes because we are on safe mode, is there a way to downlaod something on safe mode? get back to me ASAP thanks

  3. Victor says:
    December 15th, 2012 at 3:24 pm

    Run safe mode with network mode

  4. KELLY says:
    February 15th, 2013 at 7:57 am




  5. anon says:
    February 22nd, 2013 at 2:38 pm

    you gave your cc information to a random company. I would keep a close eye on your statements.

  6. Dev says:
    January 21st, 2014 at 1:18 pm

    Macs have viruses also. I remove them daily from client computers.

  7. Hollyg0915 says:
    December 24th, 2012 at 9:10 am

    I did as you said and the virus is GONE!! Your solution was so much simpler that the other archaic options out there on the web.

    Thank you.

  8. Ariel says:
    December 26th, 2012 at 2:06 pm

    I did this and the virus seemed to be removed, then reappeared three days later. I just did this same method again and its not doing anything! Im in safe mode with networking at the moment.

  9. Anonymus says:
    December 31st, 2012 at 3:38 pm

    Read Aubreys comment. Oh and on my computer it reset the timer that tells you how much time u have to pay everytime we restarted the computer

  10. AAA says:
    January 14th, 2013 at 11:19 am

    the virus opens now in the safe mode as well … th only place it doesnt open is a safe mode with the prompt ..

  11. bcucksee says:
    August 30th, 2013 at 10:28 am

    in safe mode with command prompt you can try rstrui.exe (system restore) and if the virus had not damaged it go back to a restore point. then after reb oot run malware-bytes.

  12. Jenny says:
    August 9th, 2013 at 5:49 pm

    What if your computer does not allow you to enter into safe mode once selected?

  13. bcucksee says:
    August 30th, 2013 at 10:25 am

    Does not always work. The virus can actually damage the ability of some machines to boot into safe mode. Primarily XP machines. BLAMO IF you can get into safe mode. otherwise use Windows Defender Offline to make a bootable CD or USB. Run it. Then boot into windows and run malware-bytes.

  14. james says:
    December 19th, 2012 at 1:37 am

    Thank you for your great information, after followed all instruction, now I am free from virus

  15. kenneth says:
    April 24th, 2013 at 3:22 pm

    What happens if you cant get to the start menu??//

    Is there an alternate methods???

  16. Jayson says:
    December 19th, 2012 at 8:58 pm

    Great advise. Way faster than the other suggested ways and it only took 15 minutes to get everything fixed. Thanks

  17. John says:
    December 20th, 2012 at 4:32 pm

    If you have an anti-virus program and you should. I have AVAST and ccleaner.

    1. Shut your PC off using the off button. Do not try alt/ctrl/delete (three finger salute). It wont work.
    You need to shut down manually. Go to control tower and shut it off.

    Give it a minute or so and turn it back on. This will give you access to your programs. Do NOT try to get back
    on the Net.

    2. Run your Anti-Virus program. It may try to block you again. If so? Do all of the above again! and just let it run
    until your PC is clean. Avast will clean it.

    3. Run ccCleaner and you will get rid of it

  18. Dutchman says:
    December 20th, 2012 at 10:29 pm

    MS Security Essentials caught and quaranteened this

  19. Sue says:
    June 1st, 2013 at 5:13 pm

    It did not quarantine mine… I ended up with the virus today!!!

  20. Computer56 says:
    December 26th, 2012 at 11:21 pm

    How long should a scan take?

  21. rashai says:
    May 14th, 2013 at 9:23 pm

    i know right like forever

  22. GH says:
    December 28th, 2012 at 10:21 am

    I (not me actually a co-worker) must have a new version of this it blocks out safe mode now. Cant login as administrator either blocks that to. Any ideas??

  23. mooink says:
    June 5th, 2013 at 10:49 am

    try using safe mode with networking

  24. snake says:
    December 28th, 2012 at 11:56 am

    im having the same problem…cant perform any of the fixes suggested. can anyone help? ill try calling the Smartsupport # 888-340-9777

  25. ssanders519 says:
    December 29th, 2012 at 10:14 pm

    I started my computer in safe mode and restored computer to previous restore point and virus was gone after restoring.

  26. jr says:
    August 21st, 2013 at 9:21 am

    Me too, first time I got it. Last time safe mode automatically restarted and sent me into normal mode. I have another user account and was able to do system restore from there. Having another user came in handy.

  27. Tammy says:
    January 1st, 2013 at 11:18 am

    I did what Aubrey suggested and it worked perfect. The scan took almost 3 hours. I then ran ccleaner after I restarted. I have Avast, aol security and Verizon security, how do I still get a virus. All the software security really slows down my laptop.

  28. millertyme7777 says:
    September 5th, 2013 at 7:24 am

    Having more than one anitvirus running will cause you to be more prone to getting infections. They actually fight with one another and allow infections to come in. Have ONE antivirus program and use malwarebytes, superantispyware or spybot along with your antivirus.

  29. Rachel says:
    January 2nd, 2013 at 12:42 am

    It blocks me even in safe mode, I dont know what go do

  30. Jgdfhk says:
    January 8th, 2013 at 6:10 pm

    Same here. Blocked in every safe mode. Any other options?

  31. Jake says:
    January 3rd, 2013 at 5:39 am

    I was infected twice. I was watching streaming video then suddenly DOJ appeared. On my first infection I was puzzled I let the computer running while the DOJ displayed on my screen. That was a fatal mistake! Not only it locks up my windows but also the safe mode. I have to go through safe mode with MS DOS command prompt to transfer my documents then reformat the whole computer. The combofix, AVG and other malware was unable to see the virus.

    On my next infection I was watching streaming videos again on a different website, again DOJ came knocking. This time I recognize the banner and immediately turn off the computer. I then boot up on safe mode with network. I run malwarebyte and got rid of the virus.

    Lesson learned: Turn off your computer asap dont let it run because the virus would write itself deeper into the system. I have an AVG anti virus and Microsoft Security Essential running when I got the 2nd infection. They are useless against the DOJ virus. Now I installed malwarebytes hope this will protect me from DOJ attack.

  32. rpuglisi says:
    January 9th, 2013 at 10:22 am

    I booted into safe mode with networking, removed ctfmon from startup, downloaded Malwarebytes and ran a full scan and it was gone.

  33. toto says:
    January 9th, 2013 at 7:29 pm

    So this is just a virus, it has nothing to do with the law?

  34. mooink says:
    June 5th, 2013 at 10:57 am

    yep, just some lies

  35. Shari says:
    January 9th, 2013 at 8:16 pm

    I did f8 got to safe mode with networking hit to desktop and then the message took over again. It comes up before I can get the Internet open. Help!!!!

  36. Linda says:
    January 19th, 2013 at 12:27 am

    The virus kept showing up during my safe mode too. I ended up using Safe Mode with Command Prompt and did a System Restore. Typed %systemroot%system32restorerstrui.exe in the box and pressed enter. I saw on another site that you can probably just type rstrui.exe.

  37. Hasmat says:
    January 19th, 2013 at 7:55 pm

    Turn your computer off immediately when you see this virus. Does anyone wanna tell where they were at when the virus hit? I was on a computer beside my main computer when it hit. Luckily, I could finish what I started… The virus is a bad one. I was on cam4, and xtube. Then I went to second computer. Moments later the MF DOJ virus got my main computer.

  38. Chris says:
    January 22nd, 2013 at 8:18 pm

    I was sleeped in 3 hours.after I woke up,this notice is appeared in my laptop I tried to turn off my laptop and turn on but stil there.after I read this I was so scared.dont know what to do.Im not going to watch Any porn again.damm

  39. Tedmouse says:
    January 24th, 2013 at 6:12 am

    You cant end process to use antivirus anymore, says illegal process has been noted.
    You cant open safe mode, it blocks it and says another illegal process has been noted.
    You cant open a other account, crashs laptop and you get back to your main and says illigal process has been noted again.

    pay now or your system will be erased.
    i refused and my system was erased.

    So best info i can give on this is to back everything up all the time.
    Or a dirtbag hacker will erase it and laugh.
    erase it even if you pay him money which i didnt.

  40. Tiffany says:
    February 8th, 2013 at 12:00 pm

    That was some really quick & easy instructions worked out well. Thanks so much!

  41. KELLY says:
    February 15th, 2013 at 8:02 am


  42. chris says:
    February 24th, 2013 at 5:19 pm

    I have both Mac and PC. Windows 8 pro is great and better than MAC. Just make sure you have latest virus protection. The intel core processor next gen which is coming out will have security protection built in to the processor. Also MAC is still expensive and gives you all the old operating system functions. I would recommend windows surface or Samsung tablet and windows 8 pro. Windows 7 is also very fast and with the proper virus protection youll be okay. MAC is good as well but what Im starting to see how expensive it is and you dont have many options. Also when things brake you only have limited support and it has to be with MAC or certified MAC place. Im starting to like windows more since you have so many different vendors to choose from and different devices. Also the pricing is great.

  43. Johnny says:
    February 27th, 2013 at 9:50 pm

    I have a MAC and never got this virus, although I did on my Laptop that runs windows. When someone tells you a MAC cannot get a virus, listen to them, its tru.

  44. ejestrada says:
    March 15th, 2013 at 9:32 pm

    I recently fell victim to the Dept. of Justice Virus and freaked out when I first read it. I just upgraded my system to Windows 8 and with the assistance of a Technician, we were able to remove the virus with the hassle of trying to hold my SHIFT key and F-8 or from the Desktop, hit the windows key + R and enter “msconfig” without the quotations which didn’t work for me at all.
    WARNING: Back up your files on a frequent basis. I had backed up all my files to an external hard drive, but found that after the process, I didn’t have to restore any of my files but I did have to go back and reinstall my Antivirus and MS Office software so please make sure that you have your product keys available.

    Windows 8 Users only:
    From the START menu:
    1. Move your mouse to the far right of the screen where you can have access to Settings (1 of the 5 options) and click on SETTINGS.

    2. Select Change PC Settings

    From the SETTINGS Menu:
    1. Scroll down to GENERAL and click.

    2. Move your mouse to the right side and scroll down to “Refresh your PC without Affecting your Files” and click on Get Started.

    3. Read the prompts then click NEXT.

    The process took me less than 15 minutes and when the process was complete, all of my files and folders were in tact. My desktop, however, was black and I only had 3 icons, one of them which was a file named Removed Apps. I was able to reinstall my important icons but the most important thing was that my computer was no longer locked. It certainly helps to install an anti-malware software. Good luck to everyone and I hope that this can help someone else like it helped me. Pay it forward!

  45. James says:
    March 20th, 2013 at 6:56 pm

    It wont let me connect to the internet. Now what do I do?

  46. rlw says:
    March 23rd, 2013 at 1:22 pm

    A customer of mine called me and told me his PC was infected with the DOJ virus. I picked up the PC and brought it home and began working on it. The solution was really rather simple:

    1) Disconnect infected PC from network and internet.
    2) Go to Start menu and enter %TEMP%
    3) Temp folder will be displayed in Windows Explorer.
    4) Delete any .EXE files you find in the root folder, not in any subfolders.
    5) Go to Start menu and enter %APPDATA%
    6) AppData folder will be displayed in Windows Explorer.
    7) Delete CTFMON file
    8) Empty your Recycle Bin
    9) Re-boot PC, virus should now be removed…


  47. John Q says:
    June 18th, 2013 at 11:22 am

    thats brillant……we cant get to the START MENU genius. We get the DOJ screen……damn it….this info doesnt help….

  48. cazzie says:
    April 8th, 2013 at 3:07 pm

    DOJ virus wont allow any kind of boot…all safe modes fail, USB fails, etc.

    Open for suggestions, although I did see a suggestion of making the infected drive a slave drive in a different computer.

  49. kenneth says:
    April 24th, 2013 at 3:25 pm

    what happens when it will not to safe?

    Or which is the best selection in safe, only three on my vista 32 bit..thanks

  50. Maxim says:
    April 29th, 2013 at 3:15 am


    My customer has the same problem (or perhaps its another type of malware problem, but this article seemed to mention it in a similar way).
    As soon as my customer saw this virus, she called me and I made sure she rebooted the computer in network mode. After I could remotely control her computer (through our it-system) and scan the computer using “Eset Endpoint Antivirus”. The AW looked different, as the layout wouldnt show up, only the client command interface with text would and it started to scan. After that I took Johns advice and installed cCleaner and removed all registries and scanned and analyzed everything else, and removed everything completely from the system. Im not sure yet if this fixed the issue but heres some tips:
    1. Restart in safe mode.
    2. Go to &appdata% and kill CTFMON if you see it.
    3. Go to &username& and make sure you have enable hidden files/folders so you can get to the temp folder and delete everything.
    4. Scan with AW + ccleaner.
    5. Reboot
    6. Hope to profit.

    If this problem still occurs for me, then I will post here and relate to this, hoping that someone can solve the issue and update it to the others.

  51. Richard says:
    May 22nd, 2013 at 8:46 pm

    If you have Avast, do a boot scan, should take care of it. It is under scans then look on left side of window….select boot scan then schedule now then restart now….all on anti virus control panel

  52. Art says:
    May 24th, 2013 at 5:39 am

    Hey, i tryed it but it dint work for me but what i did was this.
    I ran computer to safe mode with command promot and i typed
    1)cd windows
    2)cd system32
    3)start rstrui.exe

    then recovery shows up and i recovered it to past:D

  53. mike says:
    June 4th, 2013 at 4:33 pm

    i changed my settings to a previous version of windows and fixed it. i think its still there though so trying to get it out

  54. hanion says:
    June 17th, 2013 at 1:58 pm

    i had this virus today, turned off my computer immediatly then restarted in normal mode ( not safe mode) then opened cmd from search then i used the command (netstat -ano) and i found many ip adresses spying on my computer knew that by the word (established) ithen i opened task manager by right clicking start menu bar then clicked on processes then looked for PID numbers that marked as (established) in cmd. now end process with these numbers then scan ur computer with avira free antivirus then restore to earlier point and the virus is out !!!!!!!!!

  55. Nikki says:
    June 19th, 2013 at 8:23 pm

    When the timer runs out, will it erase my system? I am at 40 min now and still working on removing it, but scared to keep trying if it will erase everything. Id rather pay a professional. Cant open as other acct, any type of safe mode, nothing is working…

  56. dan says:
    June 20th, 2013 at 10:32 pm

    This worked for me, so far – no doubt you could mess up your PC doing this, though…. =
    from Command prompt-
    cd (goes to root)
    dir /OD (sorts files by modified date)
    find file that was most recently modified – mine was in Windows, called “winsta.dll”, so i had to type
    cd Windows
    ren winsta.dll notsure.dll rename file (didnt delete incase it was the wrong file… “) )
    when i restarted, it said “rundll32 cant find winsta.dll” and, so far, so good. hoping Malware Anti finds it, though. No doubt its still lurking somewhere.

  57. Dan says:
    July 24th, 2013 at 11:34 am

    Workaround: I just rebooted computer and started hitting ESC key over and over again……had to try 3 or 4 times and voila, the virus was interruped and did not show up…..left computer on a few days and rebooted and my anti-virus software must have removed it…..hope this helps someone.

  58. jco1971136 says:
    August 12th, 2013 at 1:56 pm

    I have read all of these comments and noticed that some of the people mentioned that they had several antivirus programs running at the same time. This is a bad idea. There should only be 1 antivirus program running at any time. Anyway… I have a friends PC that has this virus on it and it seems to me that the virus changes something in the BIOS which is EXTREMELY BAD!!! I am going to do some investigating and will post my results.

  59. ace says:
    August 16th, 2013 at 5:14 pm

    got the thing yesterday and I created a gust acct on my pc and now im tryin tto see if a malware will help me ….

  60. LtD says:
    August 22nd, 2013 at 9:20 am

    I got this once before and in safemode I ran malwarebytes. It found it in two places and got rid of it. This time I did the same thing. It found the trojan in one place and when I delete it I thought all was good. But when I rebooted, it was still there. This was late last night, and I had to get some sleep, so I waited for morning to try the manual approach. So far it is not working either. Im running a full scan now, but dont have much hope it will do any better. After the first scan, it always tells me there was no items found. I hate spending the money on a pro, but if I cant get it off today, I will have to.

  61. Candace says:
    August 23rd, 2013 at 3:23 am

    My laptop is mo longer powering on and the battery charging indicator light doesnt even come on when connected to charger.

  62. johnson says:
    August 23rd, 2013 at 3:28 am

    This virus comes through Java from what I believe,and heres my evidence:I visited a site that I commonly use before I installed Java,after installing Java I went to the site and was infected by the department of justice virus,I highly recommend you delete Java,it is dangerous to your computer,it is a gateway for hackers,If your job/company/college needs you to use Java on your computer,you should convince them to use an alternative.

  63. bcucksee says:
    August 30th, 2013 at 10:27 am

    Keep your Java updated and remove old versions as you go if the old versions are not needed. Clear your java cache manually if needed.

  64. Rick says:
    August 28th, 2013 at 12:57 pm

    I had no control over my computer so I followed the reboot tip from Aubrey and started my machine in safe mode while not connected to the internet. Once in safe mode I reset to a previous date and the viurs was gone. I ran a scan and and update on my current antivirus and will add Malware Bytes. Thanks

  65. bcucksee says:
    August 30th, 2013 at 10:38 am

    The virus can actually damage the ability of some machines to boot into safe mode. Use Windows Defender Offline to make a bootable CD or USB stick on a clean computer. Boot from it on infected PC. After scan and removal then boot into windows from hard drive and run malware-bytes.

    This is a direct Microsoft link not through a 3rd party.

  66. gsc says:
    September 3rd, 2013 at 9:47 am

    Worked when this was selected, full scan about 40 minutes.

  67. Bruce says:
    September 5th, 2013 at 1:43 pm

    i got this virus the other day and it said that I was downloading child porn,man was I pissed. You can get a reboot disk Its called Fix it utilities once I ran that and then installed maleware it was gone.i hope they find these people that are behind this,becuse its really giving our DEPT of Justice a really bad name. Can you imagin how many people have already paid for this bullshit scam?

  68. Mike says:
    September 6th, 2013 at 10:00 am

    I can still get to the administrator account on my laptop. If I delete the infected account will it get rid of the virus? Would it delete the infected files from the laptop? There is nothing really important on the account.

  69. removedIt says:
    September 24th, 2013 at 3:05 pm

    This forum was really helpful. what did was, I had another user on computer, I could log on to that, it was not virus affected. Then downloaded malware byte and ran full scan. Full scan found more than 100 files infected. Removed those and immediately restarted computer.

    After restarting logged on same user which I had used for running malware byte. Then logged off from that user and logged onto user which was infected and it worked fine.

    Thank you all guys. you are awesome

  70. Steve says:
    October 26th, 2013 at 6:23 pm

    I am trying to reboot and then it goes to safe mode and then gets back to normal mode and the screen cants display nayhting, any help please

  71. Jay says:
    November 12th, 2013 at 12:40 pm

    I shut my computer down, pressed esc then Restored my laptop to the day before & now my laptop is working perfect. No more virus.

  72. AG says:
    December 28th, 2013 at 5:41 pm

    A friend of mine brought me his computer and it had this virus on it. I usually wouldve went into Safe mode with networking not allowing the virus to boot itself but in this instance it did not allow the computer to boot in safe mode so i downloaded windows defender onto a USB from another computer, booted the infected the computer through the USB drive and presto, the scan began and found it. I ran the quick and full scan and found something each time. Be sure to run both scans to make sure it gets everything before you let it boot and install itself again if it has a rootkit attached to it.

  73. Ace says:
    January 10th, 2014 at 9:50 pm

    I have a Mac and I got this virus, how do I get it off and is yoocare site legit

  74. Jesus says:
    January 17th, 2014 at 4:31 pm

    do i have to be connected to the internet? because im trying stopzilla and spyhunter and both didnt work when i put my computer in safe mode command prompt

  75. Vic says:
    January 20th, 2014 at 12:10 pm

    For Win 7, reboot computer-press f8 – select repair computer (enter)- enter name/password- then select system restore

  76. Dave says:
    January 27th, 2014 at 2:12 pm

    I disagree sir. Mac OS X 10.9 is the most advanced OS out right now. The power management and the stability is amazing and nothing compares. As far as support it comes with 1 year and you buy the applecare you just bring it in to an apple store which there is one just about everywhere and they fix it. I have had my mac since 2011 and it runs just as strong if not better than the day I got it. Best purchase ever. There is nothing my mac can not do. I Even have windows running on it. Vmware for mac is awesome. Windows 8 is better than a mac? lmafo Do more research man..

  77. Skye says:
    January 27th, 2014 at 3:13 pm

    Any advice for windows xp users that cant do anything in safe mode/with or without ntworking or commsnd prompt? Thanks.

  78. Larry says:
    January 28th, 2014 at 6:40 pm

    This worked like a charm! I initially became concerned after the Malwarebytes full scan hung up after 42 minutes, scanning 234k objects. I cold started the system; started in Safe Mode again and did a quick scan this time which went quickly. It found 4 items and removed them without a problem. Im trying to figure out how this virus got past Bitdefender which Im running (which is coming up for renewal). Im inclined to give Malwarebytes paid version a hard look. Thanks Aubrey!

  79. TYoung says:
    March 7th, 2014 at 11:23 am

    1) As soon as the image appears immediately physically disconnect from the internet
    2) you will not be able to get to anything – safe mode, safe mode w/o internet, etc.
    3) Get a good and clean USB stick. I used a SanDisk.
    4) Go to
    Let it format the USB and add the files
    5)Boot PC and let this run. Do a complete scan. Might take 2 +/- hours.
    When done clean the bad files per defender procedure
    6) connect to internet and uipdate the defender files. disconnect from internet
    7) run again, and then connect again and update files
    8) keep doing until clean
    9)Clean boot system and then run your chosen anti-virus programs

    All info here has been invaluable.
    Thankis to all the wizards

  80. TYoung says:
    March 7th, 2014 at 11:54 pm

    Post Script-

    I was initially doing great but Defender is not removing the whole virus!
    It is not sufficiently aggressive to do so.

    I have done 6 scans now of all three levels within Defender and now it comes up with nothing found but I still cannot get to safe mode.
    The virus is still in there some where

    The FBI screen keeps coming up albeit much slower now.

    Any additional hints here would be gratefully appreciated.

    If anyone knows how to make a boot disk out of a USB drive for XP Pro I would like to know.
    It apparently is the only way I can clean the system

  81. Brian says:
    March 8th, 2014 at 12:12 pm

    Nothing is working!! safe mode, back up cd, 64 bit windows defender cd, different users, nothing, not an effin thing!! Im out of options. what do I do!?!?!?!?

  82. THE BRO says:
    June 8th, 2014 at 7:31 pm

    I just repeatedly clicked the “Leave Page” button and it worked and I got away.

  83. ericb says:
    June 10th, 2014 at 6:39 pm

    I downloaded defender on another computer and booted the infected one from the usb. It allowed the boot and quick scan, which found nothing. I then ran the full scan with the same results. It must still be there somewhere? any suggestions?

  84. unknown says:
    June 10th, 2014 at 11:26 pm

    This is on my Samsung tab 3 and am freaking out what am I supposed to do.

  85. Sarah says:
    June 17th, 2014 at 8:28 pm

    I removed the virus by rebooting my computer back about 3-4 weeks (a couple updates previous) but now i cannot connect to the internet whatsoever. My computer keeps telling me that the troubleshooter for the internet connection is not working. Then when i attempt to find a wireless connection (Which is what my router is) it shows that there is nothing that can be found. My iPad and phones are connected to my wireless internet, but now my HP is not.. HELP!?

  86. JBCOLL says:
    April 25th, 2015 at 2:13 am

    It most likely deleted your NIC/Ethernet settings. You can usually reset these to default or browse for your particular Ethernet card in TCP/IP configuration.

  87. Sara says:
    November 15th, 2014 at 2:53 pm

    FBI virus has taken over my verizon wireless tablet what can I do????? I tried a hard reset nothing ….. I cant get off the FBI screen to try any of the methods listed here.

  88. Billy D says:
    December 7th, 2014 at 6:49 am

    Unable to open in safe mode. Been watching this screen for two days. Ready to throw the fucking computer in the street and drive over it.

Your opinion regarding Department of Justice Virus