Remove Department of Justice PC Locked Virus (Ransomware Removal Guide)

Your computer has been locked due to the violation of the federal laws of Department of Justice of America and a ransom of $ 300 is required to pay via Greendot Moneypak within 48 hours? Wonder this alert is fake or not? Read this post to figure it out and a detailed removal guide to get rid of this Department of Justice ransomware virus and help you out is here to stay.

 

Department of Justice virus is categorized as ransomware, an updated version of the previous notorious FBI moneypak virus infections in the cyber space. This virus infects computers with potential vulnerabilities and it is spread mainly in United States of America, and thus it is also called the United States Department of Justice virus. Once infiltrate with the help of Trojans, this ransomware will take over the entire victim operation system and display a warming in name of Federal Department of Justice to entice the victim user to pay a ransom, the sum of which is randomly ranging from $100 to $300 to be paid via Greendot Moneypak, within a due time, ranging from 48 hours to 72 hours, in order to escape from the falsely claimed lawsuit and unlock the taken OS. Till now, hundreds of thousands of victim users have been trapped in this, some of them believed this and follow the instructions to pay the ransomware but they just get nothing and even the taken OS is still taken. Therefore, everyone should be aware of such nasty ransomware and take appropriate precaution.

 

Some other similar ransomware infections found threatening Americans are:
FBI moneypak virusCitadel Reventon MalwareUnited States Cyber Security virusFBI Ultimate Game Card virusAll Activity on This Computer Has Been Recorded-Fake FBI Warning infectionFBI Online Agent virusInternet Crime Compliant Center Virus, etc.

 

other ransomware infectionsPCeU virus (aka Metropolitan Police Ukash virus)Malex ransomwareYour computer is locked for violating the Law of Great Britain virusDOJ virusFile Encryption VirusSGAE virusAn Garda Síochána. Ireland’s National Police Service virusISCA 2012 virusAutomated Information Control System virusACCDFISA Protection Program ransomwareCelas ransomwareVotre ordinateur est bloque! Gendarmerie Ukash virusCanadian Police Association VirusUrausy virus/ransomwareOffice Central de Lutte contre la Criminalité VirusBundesamt fur Polizei VirusCanadian Police Cybercrime Investigation Department VirusGEMA: Your computer has been locked virusDen Syenska Polisen IT-Sakerhet RansomwareBundes Polizei Ukash virus,Australian Federal Police Ukash Virus, etc.

 

Symptoms of Department Justice virus infections

Once infected, every time the victim computer is started, it will be totally blocked and taken over by a a full screen bogus alert in name of Department of Justice as shown below appears to scam on people.  In most cases, even the Safe Mode start will fail due to the infection.

 

 

The displayed warning reads:

 

Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America (Article: 1, Section 8, Clause 8; Article 202; Article 2012 of the criminal code of the U.S.A. Provides for the deprivation of liberty for four to twelve years.)
Following violations detected:
Your IP address was used to visit websites containing pornopraphy, child pornography, zoophillia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography!
(…)
You have 72 hours to pay the fine, otherwise you will be arrested.
(…)

 

The sum of ransom and the payment term may vary randomly, ranging from $100 t0 $300 and from 72 hours to 48 hours. No matter what it says, they are totally bogus and merely for scams. If you come across such alert, you are supposed to ignore it and immediately find a solution to get rid of such nasty computer infection. Below is a complete removal guide in details to help you out.

 

Web cam control

 

 

Once infected, there would be a little more than usual that this ransomware virus would even attempt to trick the user into thinking they are under surveillance by webcam, as it always shows a fake screen in “recording” status. Actually this even makes no difference on the infected computer with no web cam at all. Apparently, the truth is ready to jump out at your call.

 

Deny Flash

Most ransomware exploits Java or Flash vulnerabilities to load the malicious code. In some cases denying or disabling flash on your system may suspend the Federal Department of Justice ransomware viurs and enable the user to navigate through the infected system. If this not a necessity for removal, skip to the removal options below these steps.

 

To disable (deny) flash 

1.Visit:http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html

 

 

 

 

2. Select the “Deny” radio option

3. Proceed to a removal option (detailed below).

 

 

How to Remove Department of Justice Virus (Ransomware Removal Options-Step-by-step Removal Guide)

 

As stated above, the Department of Justice virus blocks the entire computer even from starting in safe mode in most cases. And thus the removal and troubleshooting would be hard to proceed.  In such a scenario, we Anvisoft team has developed a convenient tool-Anvi Rescue Disk for practical help.  You can freely use it to recover the taken OS and repair the computer to normal. Please note this way may take time and efforts to complete. If you can still restart your computer to Safe Mode with Command Prompt or Safe Mode, we suggest move to removal option 2 to do system restore or manual removal to get rid of this ransomware infection. Good luck and be safe online. If any question in the removal process, please feel free to get in touch and Anvisoft Team is at your service.

 

Remove Department of Justice Ransomware Infection Using Anvi Rescue Disk

If the computer is blocked by Department of Justice virus infections even from the safe mode running, you are highly encouraged to follow below removal steps using Anvi Rescue Disk all the way to get out.

 

For more details on Anvi Rescue Disk, you may refer to: http://www.anvisoft.com/product/rescuedisk.html

 

For the step by step removal guide using Anvi Rescue Disk in details, please visit this post: How to Remove Ransomware Using Anvi Rescue Disk

 

Below is a video of ransomware removal using Anvi Rescue Disk for reference.

 

Remove Department of Justice Ransomware Infection-Safe Mode with Command Prompt Restore Method

 

step 1
 Launch your PC into Safe Mode with Command Prompt. During the start, keep pressing F8 key till the Advanced Windows Options Menu shows up and then use the arrow key on the keyboard to highlight the Safe Mode with Command Prompt option and then press EnterSee detailed instructions on how to boot Windows to Safe Mode

Note: make sure you login your computer with administrative privileges. (login as admin)

step 2
 Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the ransomware virus will not allow you to type anymore.

 

step 3
 Once Windows Explorer shows up browse to:

Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter

 

step 4
 Follow all steps to restore or recover your computer system to an earlier time and date (restore point), before infection.

 

step 5
 Download, install, update and runAnvi Smart Defender(http://www.anvisoft.com/software/asd/. Remove all threats detected and reboot your PC.

Please note, even the safe mode with command prompt system restore may fail to fix the Department of Justice issue in some cases. If so,  below is a manual removal guide for some help.  You may check it out in the alternative removal option part in this article.

 

Recommended: After the infection removal, you may need a computer system cleaner/optimizer like Cloud System Booster to clean up the computer operation system and boost the computer performance because in most cases, the computer infection may mess up the entire system files and even leave some hidden leftovers to be potential danger in future. So it is highly recommended that you use the Cloud System Booster to clear junk files, fix registry errors and optimize computer services by downloading it here. The direct download link is:www.anvisoft.com/software/csb/ . This tool can also fit as the daily system maintenance tool to help you maintain the OS on daily basis.

 

Alternative –Manual way to remove the Department of Justice virus in Safe Mode Running

 

Chances are the infected computer can be booted into safe mode, but the safe mode with command prompt system restore method fails to fix the issue. Then, you may choose below manual removal option to remove the Department of Justice ransomware virus infection. Here we go.
Please note, this manual removal may require certain computer skills to complete. Before you go for below removal steps, see to backup your computer files and data as possible as you can.

 

step 1
Restart the infected computer to Safe Mode. During the start, repeatedly tap the F8 key on the keyboard till the Advanced Windows Options Menu shows up and then use the arrow key on the keyboard to highlight the Safe Mode with Command Prompt option and then press EnterSee detailed instructions on how to boot Windows to Safe Mode

step 2
Click windows Start button. In windows 7, in the search box, type in

%USERPROFILE%\wgsdgsdgdsgsd.exe

In windows XP, you may click Start -> Run, and type the above file in Run box and click OK to search for it and remove it.

This file is the added malicious file of Department of Justice virus. Find it to remove it.

 

step 3
Open the registry editor. Click the Start button, type “ regedit” in the search box or Run box to open the registry editor. And then find below registry entries to revise the corresponding parameters to right.

The modified registry entries:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Winmgmt\Parameters]

“ServiceDll”=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,41,\

00,4e,00,56,00,45,00,49,00,55,00,7e,00,31,00,5c,00,77,00,67,00,73,00,64,00,\

67,00,73,00,64,00,67,00,64,00,73,00,67,00,73,00,64,00,2e,00,65,00,78,00,65,\

00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]

“ServiceDll”=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,41,\

00,4e,00,56,00,45,00,49,00,55,00,7e,00,31,00,5c,00,77,00,67,00,73,00,64,00,\

67,00,73,00,64,00,67,00,64,00,73,00,67,00,73,00,64,00,2e,00,65,00,78,00,65,\

00,00,00

 

The revised correct registry entries should be:

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Winmgmt\Parameters]

“ServiceDll”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\

00,6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]

“ServiceDll”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\

00,6c,00,6c,00,00,00

 

 

step 4
Delete the modified files:

%STARTUP%\runctf.lnk

 

Search for this file in your computer system. Find it and remove it.

 

step 5
Restart the computer to normal mode. And the issue may be fixed and the computer is repaired. To ensure the computer is clean, you may use the anti-malware program Anvi Smart Defender to do a full scan. To boost the system performance after the virus removal, you are recommended to use the system optimizer program Cloud System Booster to do a full clean.

 

 

Computer Protection Tips-How to Prevent Department of Justice Ransomware Infections and Other Similar Attacks

You may keep the Anvi Smart Defender onto your computer for an extra layer of online safety. The Anvi Smart Defender Pro is focused on malware detecting, removing and preventing and its attached database is automatically updated on daily basis to ensure our user are protected from the emerging malware threats of all kinds, let alone the smart engine for light smart defending strategies. Get it now.

Or at least you should just turn on the security settings of your browser in order to better secure your online activities. See detailed instructions to turn on security features of IE, Firefox and Google Chrome.

 

Good luck and be safe online.

 

Social Share Toolbar
Leave a comment

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Are you human? Click the Apple...