Department of Justice Virus is one of the latest threats from Ukash virus group that try to attack people living in the United States of America. This threat belongs to the category of ransomware, so it is designed to get inside the system secretly and then try to rip users off. Just like FBI virus, FBI Moneypak or FBI Green Dot Moneypak virus, it creates lots of troubles for its victims by locking the system down. This results is complete system's take over – user becomes incapable to get on the Internet, launch legitimate anti-malware programs or do other things on his PC. He only sees a forged Department of Justice Virus alert, which states that user is caught doing illegal activities on his computer. Before you fall for this alert, you must note that such organizations as Department of Justice do NOT collect their fines in such way. You must remove Department of Justice Virus immediately!
HOW CAN I GET INFECTED WITH Department of Justice Virus?
This scam is designed to use the same ways intrussion as all previous Ukash viruses: it uses spam emails, freeware, shareware and other sources to come inside undetected. Once there, it locks the system down and shows its only message, claiming that Windows system has been blocked because you have been using copyrighted content, visiting pornographic websites or even spreading malware. For that, now you have to make a payment of $200 using the Moneypak prepayment system. Here's how this message looks like:
Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America (Article: 1, Section 8, Clause 8; Article 202; Article 2012 of the criminal code of the U.S.A. Provides for the deprivation of liberty for four to twelve years.)
Following violations detected:
Your IP address was used to visit websites containing pornopraphy, child pornography, zoophillia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography!
You have 72 hours to pay the fine, otherwise you will be arrested.
No matter how trustworthy it seems, you must ignore this alert because it has nothing to do with Department of Justice. If you pay this $100 or $300 fine, you won't have your computer unlocked and you will lose your money as well. In order to avid that, you should remove Department of Justice Virus as soon as possible.
HOW CAN I REMOVE Department of Justice Virus?
In order to remove Department of Justice virus, you should try following this information. It includes different methids that MAY work in this virus removal. Remember that manual removal methid can be used only if you have enough nowledge about computer's system and its architecture:
* Users infected with Department of Justice virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Flash drive method:
- Take another machine and use it to download Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage or other reputable anti-malware program.
- Update the program and put into the USB drive or simple CD.
- In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
- Reboot computer infected with Department of Justice virus once more and run a full system scan with updated anti-malware program.
* Manual Department of Justice removal (special skills needed!):
- Open Windows Start Menu, enter %appdata% into the search field, click Enter.
- Go to: Microsoft\Windows\Start Menu\Programs\Startup.
- Remove ctfmon (don't mix it with ctfmon.exe!).
- Open Windows Start Menu, enter %userprofile% into the search field, click Enter.
- Go to Appdata\Local\Temp and remove rool0_pk.exeDelete [random characters].mof file
- Delete V.class
- Run a full system scan with updated Reimage to remove remaining Department of Justice virus files. You can also use Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.
UPDATE: There is a new Ukash virus, which uses the logo of the Department of Justice. This threat now says 'Your computer has been blocked! The work of your computer has been suspended on the grounds of the violation of the law of the United States of America”. Similarly to the previous version of the Department of Justice virus, this ransomware shows a list of laws, that have been violated, and asks to pay the fine of $300 using MoneyPak prepayment system. Besides, it speaks to the victim!