Remove Department of Justice virus (MoneyPak Scam)

The United States Department of Justice MoneyPak Ransom is a computer virus, which will display a bogus notification, that pretends to be from Department of Justice and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The United States Department of Justice virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay $300 in the form of a MoneyPak code.
Furthermore, to make its alert seem more authentic, this virus also has the ability to access your installed webcam ,so that the bogus The United States Department of Justice shows what is happening in the room.
If your computer is infected with The United States Department of Justice virus,then you are seeing the below notification:
The United States Department of Justice MoneyPak virus

The United States Department of Justice Ransom will display the following bogus notification:

Your computer has been blocked
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Article 274 – Copyright
A fine or imprisonment for the term of up to 4 years. (The use or shanng of copyrighted files-movies, software)
Article 183 – Pornography
A fine or imprisonment for the term of up to 2 years (The use or distribution of pornographic Nes)
Article 184- Pornography involving children (under 18 years)
Imprisonment for the term of up to 15 years (The use or distribution of pornographic files)
Article 104- Promoting Terrorism
Imprisonment for the term of up to 15 years (You have visited websites of terrorist organization)
Article 297 – Neglect computer use, entailing serious consequences
A fine or imprisonment for the term of up to 2 years (Your computer has been infected with a virus, which, in turn, Infected other computers)
In connection with the decision of the Government as of August 12, all of the violations described above could be considered as conditional in case of payment of a fine.
Amount of the fine is $200. Payment must be made within 24 hours after the discovery of the violation. If the fine has not been paid, you will become the subject of criminal prosecution.
After paying the fine your computer will be unblocked

The The United States Department of Justice Ransom is a scam and you should ignore any alert that this malicious software might generate and remove this trojan ransomware from your computer.
Under no circumstance should you send any money to this cyber criminals,as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.

The United States Department of Justice MoneyPak Ransomware – Virus Removal Guide

This page is a comprehensive guide, which will remove the Department of Justice infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point STOP and ask for our assistance.
The Department of Justice will start automatically when you login to your computer and display its screen locker so that you are unable to access your computer, therefore we will need to remove this infection by using one of the below methods:
OPTION 1: Remove Department of Justice lock screen virus with System Restore
OPTION 2: Remove Department of Justice virus with with HitmanPro Kickstart
OPTION 3: Remove Department of Justice virus with Kaspersky Rescue Disk

OPTION 1: Remove Department of Justice lock screen virus with System Restore

System Restore helps you restore your computer’s system files to an earlier point in time. It’s a way to undo system changes to your computer without affecting your personal files, such as e‑mail, documents, or photos.
Because the Department of Justice virus will not allow you to start the computer in Windows regular mode, we will need to start System Restore from the Safe Mode with Command Prompt mode.

STEP 1: Restore Windows to a previous state using System Restore

  1. Reboot your computer into Safe Mode with Command Prompt. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
    [Image: F8 key]
    If you are using Windows 8, the trick is to hold the Shift button and gently tap the F8 key repeatedly, this will sometimes boot you into the new advanced “recovery mode”, where you can choose to see advanced repair options. On the next screen, you will need to click on the Troubleshoot option, then select Advanced Options and select Windows Startup Settings. Click on the Restart button, and you should now be able to see the Advanced Boot Options screen.
  2. Using the arrow keys on your keyboard, select Safe Mode with Command Prompt and press Enter on your keyboard.
    [Image: Starting computer in Safe Mode with Command Prompt]
  3. At the command prompt, type rstrui.exe, and then press ENTER.
    [Image: Start System Restore to remove lock screen virus]
    Alternatively, if you are using Windows Vista, 7 and 8, you can type: C:\windows\system32\rstrui.exe , and press Enter. And if you are a Windows XP user, type C:\windows\system32\restore\rstrui.exe, then press Enter.
  4. System Restore should start, and you will display also a list of restore points. Try using a restore point created just before the date and time the Department of Justice lock screen virus has infected your computer.
    [Image: Restore settings to remove ransomware]
  5. When System Restore has completed its task, start your computer in Windows regular mode, and perform a scan with Malwarebytes Anti-Malware and HitmanPro, as seen in the next step.

STEP 2: Remove Department of Justice malicious files with Malwarebytes Anti-Malware Free

Even after using System Restore,

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Department of Justice malicious files.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Department of Justice virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Department of Justice
  5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
    [Image: Malwarebytes Anti-Malwar removing Department of Justice virus]

STEP 3: Double-check for the Department of Justice virus with HitmanPro

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for Department of Justice malicious files.
    HitmanPro detecting for Department of Justice virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Department of Justice virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

OPTION 2: Remove Department of Justice virus with with HitmanPro Kickstart

If you cannot start your computer into Safe Mode with Command Prompt mode, we can use the HitmanPro Kickstart program to bypass Department of Justice lock screen.
As the Department of Justice ransomware infection locks you out of your computer, you will need to create a bootable USB drive that contains the HitmanPro Kickstart program.
We will then boot your computer using this bootable USB drive and use it to clean the infection so that you are able to access Windows normally again.
You will also need a USB drive, which will have all of its data erased and will then be formatted. Therefore, only use a USB drive that does not contain any important data.

  1. Using a “clean” (non-infected) computer, please download HitmanPro Kickstart from the below link.
    HITMANPRO DOWNLOAD LINK (This link will open a download page in a new web page from where you can download HitmanPro Kickstart)
  2. Once HitmanPro has been downloaded, please insert the USB flash drive that you would like to erase and use for the installation of HitmanPro Kickstart. Then double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).
    To create a bootable HitmanPro USB drive, please follow the instructions from this video:
  3. Now, remove the HitmanPro Kickstart USB drive and insert it into the Department of Justice infected computer.
  4. Once you have inserted the HitmanPro Kickstart USB drive, turn off the infected computer and then turn it on. As soon as you power it on, look for text on the screen that tells you how to access the boot menu.
    [Image: Windows Boot Menu screens]
    The keys that are commonly associated with enabling the boot menu are F10, F11 or F12.
  5. Once you determine the proper key (usually the F11 key) that you need to press to access the Boot Menu, restart your computer again and start immediately tapping that key. Next, please perform a scan with HitmanPro Kickstart as shown in the video below.
  6. HitmanPro will now reboot your computer and Windows should start normally. Then please Malwarebytes Anti-Malware and HitmanPro, and scan your computer for any left over infections.

OPTION 3: Remove Department of Justice virus with Kaspersky Rescue Disk

If any of the above methods did not clean your infected computer, we can use a Kaspersky Rescue Disk Bootable to clean the Windows registry and to perform a system scan to remove the Department of Justice virus.
To create a bootable Kaspersky Rescue Disk, we will need the following items:

  • A clean (non-infected) computer with Internet access
  • A blank DVD or CD
  • A computer with a DVD or CD burner

STEP 1: Download and create a bootable Kaspersky Rescue Disk CD

  1. You can download Kaspersky Rescue Disk utility from link below:
    KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will automatically download Kaspersky Rescue Disk (kav_rescue_10.iso) on your computer.)
  2. To create the bootable rescue disk, we will need to use the ImgBurn program. You can download ImgBurn from the below link, then install this program.
    IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download the ImgBurn program)
  3. Insert your blank DVD or CD in your burner, then start ImgBurn and click on the Write image file to disc button.
  4. Under Source click on the Browse for file button, then navigate to the location where you previously saved the Kaspersky Rescue Disk utility (kav_rescue_10.iso), then click on the Write button.
    [Image: Bootable Kaspersky Rescue CD]
    That’s it, ImgBurn will now begin writing your bootable Kaspersky Rescue Disk.

STEP 2: Start your computer using the Kaspersky Rescue Disk

  1. Once you’ve got the Kasperky Rescue Disk in hand, insert it into the infected computer, and turn off and then turn it on again.
  2. As soon as you power it on, you will see a screen that tells you to press any key to enter the menu, so please tap any key to boot your machine from the Kaspersky Rescue Disk.
    [Image: Starting infected computer from Kaspersky Rescue Disk]
  3. In the next screen, you will need to chose a language, then you click on Kaspersky Rescue Disk. Graphic Mode and press ENTER, to start the Kaspersky Rescue Disk.[Image: Kaspersky Rescue Disk Graphic Mode screen]

STEP 3: Scan your system with Kaspersky Rescue Disk

  1. Within a few short seconds you should see the full working environment, with the Kaspersky Rescue Disk screen front and center as shown below.
    [Image: Kaspersky Rescue Disk scanner]
  2. Switch tabs over to the My Update Center, and then click the Start update button to load the latest anti-virus definitions. Please be patience while this process its completed.
    [Image: Updating Kaspersky Rescue Disk antivirus definitions]
  3. Switch back over to the Objects Scan tab, select the drives you want to scan, and then click the Start Objects Scan button.
    [Image: Kaspersky Rescue Disk scan]
  4. When Kaspersky Antivirus will detect the Department of Justice virus, you’ll be prompted to select an action. When this happens, please select Quarantine or Delete to remove this infection from your computer.
    [Image: Kaspersky Rescue Disk prompt]
  5. When the antivirus scan has completed, you can restart back into Windows regular mode, by clicking on the Kaspersky Start button [Image: Kaspersky Rescue Disk Restart button] (lower left corner), and selecting Restart.
    Once your computer will start in Windows regular more, download Malwarebytes Anti-Malware and HitmanPro, and scan your computer for any left over infections.

Your computer should now be free of the Department of Justice infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove Department of Justice Moneypak virus from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help you with your computer issues, then it's your duty to let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free!
We do not request any kind of payment for our services, however if you like to support us with our website costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.

ABOUT STELIAN PILICI

I am the creator and owner of MalwareTips.com.
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

You can follow me on Google+ and I will keep you up-to-date with the latest computer infections and malware threats.

  • TUSIA

    thank you, it worked!!!!!!! You are THE BEST!!!!!!!

  • Cheree

    Thank you, thank
    you, thank you!!! This just happened to me, and I can’t thank you enough for your help. God bless you! I don’t know what I would have done without your help. You are a God send!!!!!!

  • Wendy

    million thanks to you…you’re a God send! Your detailed instructions are easy to follow. God bless u and ur family

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    This is happening because your BIOS needs to be setup to try to boot for the CD first. Please follow this instructions to do this: http://www.hiren.info/pages/bios-boot-cdrom

  • Fabian G

    Thanks a million!!!!!!!!! Had justice.gov Moneypack virus control my computer I couldn’t sign in to my regular windows account had to go on safe mode and install Malwarebytes Antimalware program an voila!!!! The fictitious incriminating malware was gone, common really how low can these hackers get!!! Anyhow Stelian Pilici your a godsend bro, thanks and god bless.

  • vanquish250

    Thanks worked great, took less than 30 minutes. Saved me much time and agrivation with this malware virus. Peace to you and much thanks.

  • http://malwaretips.com/ Stelian Pilici

    Hello Garrett,
    If you cannot use the Safe Mode with Command prompt to remove the infection, then you will have to create either a HitmanPro Kickstart USB or Kaspersky Rescue Disk as seen in this guide.
    It’s not very hard to create either of these, and it should solve your problem relatively easy!

    If you will still have issues, then you will have to create a thread in our Malware Removal Assistance forum – http://malwaretips.com/Forum-Help-my-PC-is-infected
    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello Linda,
    It doesn’t really matter, when the files are in the Quarantine folder they cannot do any kind of damage to your computer.
    Quarantined files are encrypted and password-protected so that no other program can use them, rendering them harmless.

    Nevertheless, if you want to remove them, you can follow these steps:
    1.Open Malwarebytes’ Anti-Malware.

    2. Click the “Quarantine” tab. This will display are items the program has quarantined.

    3. Click an object in the list and then click the “Delete” button. You can also hold the “Shift” key to select multiple items, or you can click the “Delete All” button to clear all quarantined items.
    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello John,
    The correct command is : rstrui.exe not rstruie.exe
    Alternatively, if you are using Windows Vista, 7 and 8, you can type: C:windowssystem32rstrui.exe , and press Enter. And if you are a Windows XP user, type C:windowssystem32restorerstrui.exe, then press Enter.

    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Lets try to run these two scans:

    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Good luck!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    While your computer is in Safe Mode with Command Prompt, type msconfig to start theWindows System Configuration utility.

    Click on the Startup tab, then search for any suspicious or unknonw entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and unckech them from startup, then click on OK.
    This will stop the infection from starting with Windows, however it won’t remove the malicous files from your computer.

    Type shutdown /r in the command prompt to restart your computer, then perform a scan with Malwarebytes Anti-Malware and HitmanPro.
    If this will not work, then you will have to create a bootable HitmanPro Kickstart USB or Kaspersky Rescue Disk.

    Stay safe

    • Happy

      I was having same problem as Wendy. Thanks! This second suggestion worked for me. First time I ever fixed a virus myself!

      • http://malwaretips.com/ Stelian Pilici

        Stay safe, Happy! :)

  • Cristian

    Thanks Stelian – a ajutat – Vista Ultimate 64 bits…. panicked a little until I Googled it on my laptop and learned it is just another scam… God bless for your valuable free help!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Lets run the below scans:
    Run a scan with RogueKiller
    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Did you try to create a HitmanPro Kickstart USB or Kaspersky Rescue Disk?

  • Josie

    You are the BEST!!!!!

  • Palmdale

    Thank you so much you are one of a kind

  • Francisco Herrera

    Thanks work perfect on the second step thanks a lot men

  • constructivewave

    Thanks a lot, it was really helpful !!!

  • Kimberly

    Thanks for the great tips, Got my virus cleaned out. Now I’m having a problem with my Windows Defender, it won’t turn on

  • Ce Ce

    THANK YOU!!! I download the trial version of Malwarebytes (www.malwarebytes.org) and it WORKED!!

  • kim

    OMG!YOU SERIOUSLY ARE A LIFE SAVER!

  • jel

    thank you!!! very helpful.

  • Derek

    I am glad that my wife did not see this. She has schizophrenia (which is controlled by medication). And something like this would have put her in orbit!!!! This thing is soooooo unsophisticated. All I did was set my computer to a previous time in RECOVERY.

    I DO NOT KNOW what idiot would pay $300 to “The Department of Justice”. If they wanted you, they would just get a subpoena and TAKE your computer. If anyone knows ANYTHING about law. You can not “get off” by paying anyone $300.

    They are just playing to the paranoia of people. Do not worry. It will be OK!!!! We live in a nation of LAWS.

  • tim87

    I knew this had to be a scam, so I looked up department of justice on my phone and tje first topic that came up was the virus. Your steps are somple to follow and very efficient. You deserve a freakin medal!! Cheers!

  • Erick

    My teenage son was surfing one night and then we received the warning message of this virus. I was aware that this was a scam but this virus was more advanced the previous ones. It prevented me from starting in any safe mode. Thank you so much for this step by step tutorial. It worked fantastically.

  • tony

    apparently they are getting greedy. i got the doj virus and it was asking for $450! after my initial freak out i went online and found this site. running scan now after safe mode. hoping this works!!

  • John

    Thanks worked perfect!

  • Jimm f

    Guineius sir Guineius

  • Andrey

    Dude you just saved my life! Thank you so much.

  • Jill

    Method 1 worked great! Easy directions!

  • norm

    I just wanted to share my problem that I had. Where I had my keyboard pluged in i was not able to use the keys to try to get to safe mood or do anything till windows started fully. Finally after many failed attempts at getting to safe mood I pluged my keyboard to a different usb port. Finally I was able to do safe mood and I am currently scaning my system to attempt to get rid of this POS malware.

  • dbow

    Its is amazing! It worked and is very much appreciated!

  • brandon

    Thank you very much. It was very helpful hint.

  • Jesus

    Hi I followed the direction unfortunatel Y cannot even get into safe mode. as soon as I hit safe mode with comnad or any other, it takes me to a blue screen with a a message stating a problem has been detected and windows has been shut down to prevent damage, I have started all over again many times and still the same. Is there any other way to get rid of this? Thanks

    Jesus

  • Tankful

    I used the sys restore method. Worked like a charm.

  • Tom

    Thank you so much for posting this Stelian! I booted up in safe mode and tried system restore and an apparently outdated version of Malwarebytes A-M to no avail, and found your site using my other computer. Method 1 worked like a charm. So glad you posted this as I had a lot of stuff for a photography class I’m taking on this computer that would have been a pain to pull off, reinstall, etc….

  • Mauricio

    Hey buddy, thank you so much. I just followed the method 1 and it worked perfectly as you said in 10 min the computer was working. You save the day!!

    • johnny

      good
      with Hitmanpro work for me. Thanks

  • Mike Elliott

    I followed this system and removed the virus in less than ten minutes.

  • chris s

    I just got the department of justice virus yesterday and none of the things you had mentioned worked. I even tried to download hitman pro on a USB drive on my other laptop but when I insert the USB drive into my infected dell laptop which has windows 7 the Ctrl + F11 feature does not work when the laptop starts. I don’t want to take it somewhere and pay a fortune but nothing works. What do I do??

    • http://malwaretips.com/ Stelian Pilici

      Hello Chris,
      Please try one more time to boot from the HitmanPro USB,pay attention at the booting part and click F11 once your computer starts.
      If it still doesn’t work,you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/anonymous-virus/ , on Method 2.
      If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
      Good Luck!

  • Jim

    Thanks for the awesome step by step process of eliminating this virus. I went through step 2 and malwarebyes ate this sh-t up so fast it was unbelievable. Great info and everything looked just like your screenshots. Thanks again.

  • Jamie

    Thank you so much! People like you restore my faith in humanity!! You saved the day….

  • Barbara C.

    Thanks

    • Elbert

      Thank you a lot your the best

  • Barbara C.

    Thanks so much! I really thought my computer was toast, but the easy to follow instructions helped me get rid of this nasty virus in less than 15 minutes!

  • Dale

    Went to the Moneypak website in hopes of getting my 300 back,,keeps saying insufficient funds,account balance 0…so think i’m basically screwed out of the 300 bucks

  • Patty

    I have tried using both command prompts .My computer starts off with C:\Documents and Settings\Owner> I get a pop up saying system restore has been turned off and cannot be turned on in safe mode. To turn on system restore, restart in normal mode and then run system restore.
    The msconfig gives me a response that it is not recognized as an internal or external command, operable program or batch file. Is there another way the commands can be entered?

    • http://malwaretips.com/ Stelian Pilici

      Hellp Patty,
      Try to type: Start msconfig in the Command prompt if your using Windows Vista, 7 or 8.
      In Windows XP and Server 2003 type: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG
      And press Enter, MSCONFIG should load now, then just uncheck those malicious startup programs.

      Alternatively, you can type explorer.exe in the Command prompt, and transfer via a USB stick Malwarebytes to perform a scan.

      • Dan

        I too had the problem where it wouldn’t give me a plain C prompt. I typed explorer.exe and it got me to a safe mode where I could get to the system restore. THANK YOU SO VERY MUCH!!!!!

  • Ben

    Method 2 worked like a charm but when I ran Malwarebytes program it didn’t pick up anything. Could the virus have been eradicated by simply post dating the computer under this method? I’ truly a computer idiot and really thank you for this post.

  • Sam

    Hey thank you for telling me to go to the Forms I found a way to clear the computer thanks to your advice, I’m using a rescue disk since nothing else was working thank you for the help

  • DEREK

    You Guys are the F-ing BOMB ! Fan-F-ing-Tastic !

    Thank You SO Much , I had to go all the way to method 4 .
    The New version of the DOJ Trojan/Virus is not removable just with safe mode….methods

    For all of you out there Hitman kickstart is now probably your only choice !!!!

    I have an older computer so it may differ a little for you.
    When you bring up the F11 Boot menu on power up,( with the kick start flash in your USB), and tab arrow over to the boot priority tab, then arrow down to the hard drive/USB priority choice ,You will need to use the + or – key on your numbers key pad to change the priority .
    This took me a while to figure out.
    I was trying to use the + , – keys above the letters of my keyboard.
    Hope this helps…

    Lets all go kick the @#%&- out of the A-holes the launched this crap on all of us.

  • Henry

    Hitman Kickstart is the SHIT!
    Got rid of this before but somehow this
    was was much harder.
    Thanks!

  • Karl

    Thank you so much. Only used Method 1. I have Trend PC protection and it obviously did not block this new trojan worm. Shame on them.

  • Rod C

    When my 18-yr old son told me that his computer was getting a weird message about paying $300, I took his laptop to Best Buy to use the $179.00 service plan I bought. I learned that that plan only covered HW related problems–not virus. The virus package was going to cost $200 more! On a $349.00 Computer! I was pissed. I told them ‘no thanks’, did some googling and found this site. Awesome! I used Method 1 and got into Safe Mode with Networking, loaded the Malware app, did the quick scan (about 20-25 minutes), re-booted, did the full scan (about an hour and 15 mins), rebooted — and everything works great!!! I told my son he can pay me the $200… Thanks for providing this site and the crystal clear instructions for non-geeks like me.

  • gogo

    thank you method 4 worked like a charm

  • Jorge

    I got the virus this morning and got me really worried. Unfotunely, I paid the $300, but then I thought of the possibility of being a scam, and found this website after searching info about the virus.
    I just want to say thank you so much for your help. I was able to unlock my computer in less than an hour using method 1 and using malwarebytes free edition. You are truly a great person to have the initiative to distribuite this information so well put together for everyone to understand. You sir, are a hero. Again, thank you and take care.

  • ashley

    Husbands computer got this virus..he flipped paid the 300 bucks to moneypak and got the 24 hour notice. I got home and googled “DOJ virus” and found this awesome blog. Took me less than an hour to remove the virus using method #2. Ran both Malbytes and Hitman Pro as suggested. THANK YOU Stelian!!!

  • jim M

    Have tried everything on the website today to get rid of dept of justice ransom and nothing is working. My computer is a little older 10 years I guess, and some of the command don’t come up the way they are explained on the site. Help?

    • http://malwaretips.com/ Stelian Pilici

      Hello Jim,
      Can you start your computer in Safe mode?If yes, boot your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt OR if you are using Safe Mode with Networking, in the text box, type msconfig.
      This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknown entries (random numbers or letter, ctfmon.exe and other suspicious entries) and uncheck them from start-up. Next, start your computer in normal mode and perform a scan with the following tools:

      STEP 1: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
      3. After the scan has completed, press the Delete button to remove any malicious registry keys.

      STEP 2: Run a scan with Emsisoft Emergency Kit.

      1. Please download the latest official version of Emsisoft Emergency Kit.
        EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
      2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
      3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
      4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.
      • Jean

        OMG – I thought I was going to have to take my computer into GeekSquad and spend hundreds of dollars to get this off my computer. Your instructions were easy and clear and after 3-hours, my computer is clean. Thank you! Thank you! Thank you!

  • PKB

    Thank you very much. I was freaking out too when I saw the DOJ warning, but the second I read the MoneyPak bit, I knew it was fake, breathed a huge sigh of relief.

    I’m a bit angry that my two anti-spyware, anti-virus protection programs that I had paid for and were active didn’t work. Not to mention I never use my admin account either… Tricky, nasty bugger of a virus/trojan horse.

    Anyhow, thank you so much!!

  • Jason

    i oughta send you the 300 bucks, this worked great. thanks man, you’re a life saver!

  • TBaby23

    Thank God for u :) U are truly a blessing……. I am very thankful (I almost had a heart attack before I found this blog)

  • John

    I got that this morning (2-15-2013) and almost panicked :) I had to boot up in Safe Mode and do a System Restore going back 12 hours in time and it was gone, Ran 2 different scans and nothing was found, Everything seems to be fine now, Let’s find these people and spend the $300.00 on airfare and go kick their asses !

  • Vue

    OMG! You are my hero! I used method 1 & got rid of it quick. Thanks again!

  • elizar

    i just got this virus and i dont know what to do.im scared and helpless to many bad things running on my mind i cant even tell to my parents,what i did is i went to the closes store and bought a moneypack card and loaded with $300.when i got home i pay it quick and it says 24 houres wait to complete the process.i still dont know what to do so i called my verygood friend to help me and i tell him what happen he came over to my house and check my computer he told me that he is not convince that that department of justice is true he think that this is virus he search the article 184 pornography and he found this.THANK YOU SO MUCH FOR SHARING THIS YOU ARE ONE OF A KIND!! THANK YOU FOR YOUR KINDNESS BLESS YOU!i owe you alot now i have peace of mind thank you is not enough.i wanna be your friend!thank you so much

    • Stelian Pilici

      Hello Elizar,
      This DOJ notification is a scam, and if you have sent any money to these cyber criminals, you should request a refund from MoneyPak from here: https://www.moneypak.com/RefundRequest.aspx
      The Department of Justice will never lock your computer or monitor your online activities, so never trust this type of notifications!

  • Jimmy

    Awesome! Thank you so much for your help and outstanding instructions. You’re a life saver!

  • Matt Sheppeck

    Hi ,I try method 2,the command prompt comes up as (C:\Documents and Settings\Administrator>).I could not get it to change to anything else. What am I doing wrong? I am running Windows XP.

    • Stelian Pilici

      Hello Matt,
      You are using a Windows XP operating system right?
      In the Command prompt,type in the following:
      For Windows XP: C:\windows\system32\restore\rstrui.exe and press Enter
      For Windows Vista/7/8 : C:\windows\system32\rstrui.exe and press Enter
      If for some reason, it won’t go into the System Restore options, boot your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt. This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknonw entries (random numbers or letter, ctfmon.exe and other suspicious entries) and uncheck them from start-up. Next boot your computer in regular mode and perform a scan with HitmanPro and Malwarebytes as seen on the guide.

  • Bill

    Profound gratitude here.
    What program is best to buy to prevent this from happening, as opposed to fixing it?
    How long does a virus like this usually last? Are the perpetrators usually caught?
    How many (estimate) have fallen victim to this and how many have actually paid?

  • Alex

    You sir are a gentleman and a scholar. Itunes was going to make me buy a whole album for one song. I go looking for it on some weird website next thing I know your help is saving me.

    THANK YOU

  • charlie

    I would like to thank both malwarebytes and hitmanpro for the free downloads it worked out great fixed the doj virus problem. I will definitely tell my friends and family about ur products. Once again thanx a million.

  • Yvette

    Just to say thank you for sharing this with us ! Rescued the partners laptop after downloaded some pics ;o) Had to go through all 3 methods but he is very happy with his “clean” C drive now :o) Thanks again, Yvette

  • John A.

    thank you so much, you were a life saver!!!

    the option that worked for me was restoring computer to a earlier date.

    first try one and done!!

    thanks so much

  • Stamper

    Thank you for posting this free way to eliminate the virus! It was a great help!!!!

  • Jennifer

    Thank you so much!! Saved me time and money! I had Norton but it couldn’t detect the virus but Method 1 solved it in under two hours!
    Thanks!

  • Sam

    Dude I owe you my life haha I was just about to pay because I thought it was real even though I was just listening to music haha! Method one worked great, thanks so much!!

  • Rob

    Unfortunately we could not get this off our computer. The computer is apparently too old to boot from a USB device. Not being able to do this step is really what stoped the attempt to erraticate the virus. I tried burning the files off the USB drive too a CD but the computer still boots from our hard drive, ignoring the CD. I tried disabling the hard drive through the BIOS and booting Windows XP from the installationd CD but the computer would boot drivers from the CD and then load the virus from the hard drive. I also tried to boot from the copied files CD I made while the hard drive was “disabled” but the computer would just boot windows from the hard drive anyway and ignore the CD.

  • Richard

    This one hit me out of the blue, and seemingly blocked all access to my computer. With the help you outline above I was able to resolve the problem completely in little more than an hour. Thanks for sharing your wisdom for FREE. You are truly one of the ‘good guys’. My sincere thanks!

  • CHAD

    Thanks. Worked great for XP. Used method – 2

  • Brandon

    I was completely caught off guard when I went to turn on my laptop earlier this evening, and was stopped by the Department of Justice notice. Considering something like this had never happened to me before, and how authentic and real the message looked…it had me ready to go to the nearest store asap and put $300 into a MoneyPak. Feeling scared and helpless that the Police could possibly take legal action if I didn’t pay the fine within 48 years, had me even more shook up. As the night went on, my gut instict told me to search the web (through my phone) to read more about this Fine. As i began searching for information, I had seen something about a Department of Justice virus…which quicly caught my attention. It brought me to this article, and with thanks to following the very detailed and helpful steps, it seems as though the virus as been deleted. At first, the virus wouldn’t even allow me to barely get past the startup screen, before popping up and blocking the computer. But now, after downloading Malware & Hitman Pro as well as completing the listed system scans…my computer seems to be running as normal. I just want to say how much I greatly appreciate this very useful and helpful information for being, 1) Easy to Find, 2) Easy to understand, and most importantly 3) Free. Unlike other things that offer help and assistance but ask for joining/money in return…I never would thing something this helpful would be offered right to my fingertips! Thank you for ALL of Your HELP and for putting together this article!! Now I’m able to relax, have ease of mind, and know that this was all just a Scam/Virus, and that hopefully this has stopped it and will prevent it from returning. THANK YOU VERY MUCH!!!

    Brandon

    • Brandon

      *48 hours (not years!)

  • Justin

    I got this virus last night.
    Method 3 worked for me.
    I’m running windows 7 Ultimate SP1 32-bit.
    I was, at the time, and still am, running Avast.
    Chrome is my default browser with Adblock Plus and Ghostery running with plug-ins to prompt before running. There was no prompt from a plug-in, it was a link I clicked.

    Now, I disabled Adblock and Ghostery previously because I had a perceived conflict with the site I was on, threatening to block my IP from their server if I did not disable Adblock. So I did.
    I disabled it and refreshed the page but the message was still present (it was in a banner form on the page with correlating colors and font) so I disabled Ghostery, refreshed with no luck.
    I said whatever and went about my business.

    Soon after I clicked the link that led to the infection of my comp.
    The link took me to a blank page where Avast quickly notified me, detected and quarantined a Trojan Virus,.
    It caught the Trojan virus and quarantined it but that didn’t stop it from running, the DOJ screen popped up.
    I read it, sat there kind of mystified (this being the first time I’ve heard of it or seen it), read it, examined it chuckled a bit and said bs.

    Esc… nothing.
    Windows-Key… nothing
    Ctrl+Shift+ESC… nothing.

    CTRL+ALT+DEL worked. I tried opening task manager but that did not work so I restarted my PC and logged into a separate account.

    After a little browsing online someone suggested 2 programs: “Kapersky Anti-rootkit Utility TDSSKiller”, and a temporary file cleaner (in this case “Old Timer Tools TFC”). I downloaded both rebooted into safe-mode, ran both programs and restarted.

    I logged on to the account that was affected and the lock was gone, but I would receive a RUNDLL failure/error stating that the 1jfuweif.dll couldn’t run or wasn’t present.
    I open Avast UI and looked in the Quarantine. There was a file so I deleted it-
    I don’t remember the name of it but it was about 3 or 4 letters with one or two numbers.

    I restarted again but I was still getting the RUNDLL error.

    I ignored it for a while (procrastinate) until my browser began to slow to a crawl and enter an infinite loading state on every page I visited.
    I restart again which fixed the browser (temporarily I presumed) and found your article through google search.
    I ran both programs from Method 2 just as soon as they downloaded. I got a positive threat result in Hitman Pro 3 for an application that was located in the:
    C:\Users\~USERNAME~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup file.

    The AppData file is hidden by default for those who don’t know (google how to make hidden files and drives visible).

    It was named “rnctf” or “rncft” and it was a shortcut with the rundll32.exe as its target, but in the general description of the rnctf/rncft.exe the target was shown as
    …\system32\rundll32.exe 1jfuweif.dllM1N1.
    Pretty interesting.

    Everything as of now seems fixed. My comp is back up to speed and running fine.
    I hope the info above may be of some help or use.

    Thanks again Stelian, you helped solve my problem!
    : D Awsome!

  • kristy b

    Help!! Nothing is working.

    • Stelian Pilici

      Hello,
      Did you try to create a HitmanPro Kickstart USB?

  • Rodrigo

    world needs less people spending time trying to ruin our lives with these kind of virus and needs more people like you spending your own time trying to help us out.
    thank you very much.

  • Aqua

    So i think i got the 2013 version. Every website i get on that trys to help me, doesn’t work. But it works for everyone. My computer won’t let me do any of those things. Please help me. I need my computer

    • Stelian Pilici

      Hello Aqua,
      Can you boot in any Safe Mode??

  • Ryan

    Hi, I have a adminstator password on my computer and I have this virus, but I don’t know the admins password and I can’t download anything without the password is there anyway to remove this virus without the consent of a adminstator.

    • Stelian Pilici

      Hello Ryan,
      Did you create the HitmanPro Kickstart USB? Please create and scan with this tool as see on Method 3.
      If it fails, you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/remove-police-trojan/ , on Method 3.

  • Phillip

    AWESOME!!! thanks so much, this is a great post and is very easy to follow and understand.

  • Emilie Cathey

    I downloaded Kaspersky Rescue Disk 10.0. Ran ultraiso and burned it to a disc, to make it a bootable cd/dvd. Once the burning was complete, I booted the system to the disc, updated the definitions then ran a scan. Found and disinfected the viruses from the computer. Was able to boot the computer up successfully w/out any problems.

  • Jake

    Hi I just got this virus and was able to get by it and use Malwarebytes to removes the 2 things it found. However, I want to double check if the virus is completely gone from my computer. Is there a way to do that besides relying on anti-]virus or anti-malware programs? Thanks!

    • Jake

      also do I need to run these programs in safe mode? I was able to login to normal mode through method 2; system restore. Just to be clear, I scanned Malwarebytes in normal mode the first time and also redid it in safe mode-network to make sure i got everything. First scan got 2 hits like I mentioned and second time in safe mode got no hits. They were both full system scans not a quick scan. Sorry for a lot of commenting, i just want to make sure my computer is safe! Thanks!

      • Stelian Pilici

        If you can log in into Normal mode, please perform a scan into Windows regular mode.
        Stay safe, and you can easily learn how to avoid malware by reading this guide: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/

        • Jake

          Hi Stelian, first I want to thank you for the speedy help with all this and I really appreciate it, I’m sure everyone who comments do too. I just ran HitmanPro and got no threast, only traces. Does that mean everything is fine? Once again, Thank you so much and will definitely look over that guide!

          • Stelian Pilici

            Hello Jake,
            Yes, you now have clean computer, I would suggest that you keep Malwarebytes Anti-Malware Free and HitmanPro installed on your computer, and perform regular scans with these tools, however this is just a suggestion so you can also uninstall them if you want that!
            Stay safe, and if you ever have any computer issues, we are ALWAYS HERE to help!

    • Stelian Pilici

      Hello Jake,
      If the lock screen is not showing anymore, then Malwarebytes removed this infection. Did you perform a scan with HitmanPro.
      As additional tools, you can perform a check with the following utilites:
      STEP 1: Run a scan with Eset Online Scanner.

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      STEP 2: Run a scan with Emsisoft Emergency Kit.

      1. Please download the latest official version of Emsisoft Emergency Kit.
        EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
      2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
      3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
      4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.

      Stay safe!

    • Emilie Cathey

      besides your anti-virus program/anti-malware program, that is about it unfortunately.

  • bob

    thanks for the hitman pro notion; I’ve used the malwarebytes before.
    I went into safe mode— back to critical time and ONLY 1 file was picked up by M-bytes.
    I then did hitman pro ( very fast awesome! on the 64 bit ) but it did not pick up the trojan.reveton
    file you mentioned above.??? ( it did clear out other files but no ‘trojan’ files….
    my set-up : windows 7 w/ ‘1 user’ set up on a Lenovo machine.
    I then went into the user to double-check– when I ran Hitman Pro again there– it came up
    and started, but in the lower portion of the box there was message” ( blue circle w/ i )
    it sez: ” application is not activated” ” removal of viruses ( et al) is disabled’ ?????????
    the scan then ran and said no threats found . ?? I still have not seen trojan. reveton’ destroyed??
    Can you offer any thoughts? What else should I do ? I am left wondering after re-setting date
    back to current time …… thanks!

    • Stelian Pilici

      Hello Bob,
      Please perform a scan with the following tools:
      STEP 1: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
      3. After the scan has completed, press the Delete button to remove any malicious registry keys.
      4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

      STEP 2: Run a scan with Kaspersky Virus Removal Tool
      Click here to download the Kaspersky Virus Removal Tool.

      1. Save it to your desktop.
      2. Double click the setup file to run it.
      3. Follow the onscreen prompts until it is installed
      4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
      5. Then click on Actions on the left hand side
      6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
      7. Click on Automatic Scan
      8. Now click the Start Scanning button, to run the scan
      9. After the scan is complete, close the program
  • Jac

    Thank you so much for this!!! I was panic stricken when I realized it was a virus and your step-by-step process was easy to follow! I was able to get it fixed by step two and only needed the malwarebytes program to remove everything.

  • cora

    My 14 year son whom is special needs and has a form of autism saw that on his laptop. I freaked out and called my mom. She told me it was a scam. So I researched it and sure enough. I was grilling my son on what he watched and what pictures he saw. He said there was no pictures on his computer and that all he watched was Hanna Montana music video on youtube… Everything he ever watched has been on youtube. He reminded me that his computer/laptop has restrictions that I put in place. So I know he was not looking at nude pics. Let alone he is special needs and doesn’t even know how to look for nudity. He knows mommy studies the law and he was so upset about it. I had to tell him for hours that it was a scam let alone explain what scam means. I feel so bad about grilling him now. Can you imagine in a 14 year old mind who cannot even fathom what is going on especially since he has a learning disability and form of autism. These damn people scamming innocent people need to be brought to justice no pun intended.

  • Joe

    i have windows xp which is 8 yrs old and i am not able to get it in safe mode. Is my cpu too old. I need my files. Please help. Thanks.

    • Stelian Pilici

      Hello Joe,
      Did you try to run the HitmanPro scan?

  • Dawa

    Method 2 worked. I had to look up the command prompt to change directories first (maybe because I’ve got XP?) before I could use cd restore, but I got there eventually. Thanks!

    Was surprised my Norton didn’t pick it up. You know, seven years and I’ve never gotten a virus on that computer until today. Weird.

  • Matt Shelton

    God bless your computer geek self. I was able to perform steps 1&2 without a hitch. I saved a lot of very important material which I am now in the process of backing up as it’s been more than 90 days since I have. Thanks a bunch brother.

  • FWilson

    The instructions in Step 2 were followed and enabled me to resume using my PC. Thank you very much for posting easy to follow instructions for a non-geek to understand and follow.

  • Heather

    Thanks for your help on this. After reading from PC Magazine that these were legit programs, we followed your advice. I realized after the fact that my husband had turned off the PCTools Spyware program and he clicked a link from an email from facebook and got this virus today.

    I purchased the Malwarebytes program.

    I also had problems with F8 with Windows 7. I found that F11 and the Esc tab worked better. I kept getting errors trying to do the system restore (after 3 attempts). After the third failure, I decided just to let it boot windows to try the email in the background trick that a previous poster did and found that the restore did work afterall.

  • Thomas

    Couldn’t get steps one or 2. Kept sending me to start page. I downloaded hitman on USB. Plugged it in followed steps. And i says failed to boot. USB on good CPU says its on there and good. Help please

    • Stelian Pilici

      Hello Thomas,
      Please try one more time to boot from the HitmanPro USB,pay attention at the booting part and click F11 once your computer starts.
      If it still doesn’t work,you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/remove-police-trojan/ , on Method 3.
      If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
      Good Luck!

  • Buford T Justice

    I solved mine in a way I haven’t read about.

    In Windows 7 I wasn’t able to get into safe mode (endless boot loop), and was almost completely locked out in regular mode. I had the ransom page displayed in full screen. Ctrl+Alt+Del brought up the normal screen, but task manager would not work.

    Out of frustration I started clicking the links on the ransom page just so I could see something different (how much worse could it get?) I believe the key was clicking on the email link at the bottom of the page (you’ll see why later). I hit Ctrl+Alt+Del -> Shut Down to make my next attempt at a new strategy. When I did, the shut down hung up asking if I wanted to force Outlook to close. Apparently hitting the email link had launched Outlook in the background. I IMMEDIATELY hit CANCEL when Windows asked if I would like to force Outlook to close before Windows had a chance to close it and continue the shut down. The shutdown stopped, but the virus processes had already ended in prep for shutdown. I had my computer back, but still had to remove the virus with MalwareBytes.

    I hope this can help someone else.

  • siva

    Hi,
    I am not able to restore my office laptop.Also I couldn’t use USB drive. It is shutting down in Safe mode as well as in Safe mode with networking.Please give me a good suggestion.

    • Stelian Pilici

      Hello Siva,
      Please try one more time to boot from the HitmanPro USB,pay attention at the booting part and click F11 once your computer starts.
      If it still doesn’t work,you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/remove-police-trojan/ , on Method 3.
      If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
      Good Luck!

  • Jared

    I ve only restored my windows, and it worked fine… On some other site i ve seen some registry files that i have to delete…. But couldnt find those… Do i still need to download a programme to delete the virus? Or has it gone after i restore my laptop??? I m sorry i kinda suck at computer stuff!:)

    • Stelian Pilici

      Hello Jared,
      Yes,please download Malwarebytes and HitmanPro , and run a scan with these software….Both scans should not take more that 30 minutes and will clean any trace of malware.

  • Rob

    Wow, I was a little shook up over that one! Somebody put a lot of work into that. Very convincing. I’ll bet a lot of people fell for that and paid the $300 “fine”. I used method 2 and it worked great! Then I followed up with Ad-Aware full scan. I would have had to seek professional help, as I am only half-geek. Thank you so much for your guidance.

  • mike

    oh man I was so scared when that virus came out of my computer. I don’t usually look at underage porn, and play with myself. I was surfing on an uninfected comp and I saw ur bl. I followed ur first step and it work, thank GOD I found you to help me out. You are a GOD sent, thank you very much.

  • Ryan b

    Hello,

    Can I use AVIRA virus scanner to find it and delete it, if I don’t want to download the Hitman? Thanks!!

    • Stelian Pilici

      Hello Ryan,
      Not sure if Avira can detect this variant of the virus, however I see no reasons why you shouldn’t do a scan with this product !! :)
      Stay safe!

  • Mortredor

    Im confused. When I ran the malwarebytes scan, it picked up one(1) virus which was a trojan horse not named doj virus

    • Stelian Pilici

      Hello Mortredor,
      The virus it’s not named DOJ..that’s just an interface that the cyber criminals use to trick people….The infection is called Trojan.Reveton.

  • Jenn11

    Only hitman pro found the .exe files in another users login. I was logged in as admin, and Malwarebytes did not spot the files in another users temp folder. MalwareBytes DID find a bunch of other trojans etc, but needed Hitman Pro to finish the job

  • Don

    Thank You.. I know Damn well I wasn’t looking at kid porn , I was like WTF is this S**T! .. And when I seen the Cam I really got nervous. I removed that crap following your instructions..Thanks again Bud..

  • Forest

    I fixed the virus but I do not have a virus scanner or the ability to restore to an earlier point. What I did was log in with a different account. Then when my desktop screen came on I wait a few seconds and the virus came up. I pressed the computer power button. The screen went back to the desktop for a second. I pressed ctrl-alt-del and the task manager came up. Automatically a window came up with the cancel option. I clicked cancel. Now I am on the desktop again. I booted up msconfig and looked at startup. I could see a weird name at the end of one of the files. Random letters with an .exe

    • Forest

      Then I told it to disable the file on startup. Also I went to my user name folder and renamed the virus to virus.exe. Next I rebooted and chose my account. I used msconfig to disable the file on my account too. Then I rebooted. Now I can delete the virus in my user name account name folder. Now empty the recycle bin and reboot once more. It’s working now!

  • joejoe

    Im running Windows 7. I restored my pc to a previous date, then upon reboot I press F8 and selected safe-mode with networking. I proceeded to download HitmanPro. After downloading I ran the scan and followed the steps. Thank God everything turned out great. I tried both steps to ensure complete removal.

  • sonny

    I used method 1 to help my gf. It worked great thank you so much at first we were lost but this saved us thank you

  • Stelian Pilici

    Hello David,
    You’ll need to create a Kaspersky Rescue CD as seen http://malwaretips.com/blogs/remove-ukash-virus/, on Method 3.
    If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance

  • Stelian Pilici

    Hello Jenn,
    You’ll need to create a Kaspersky Rescue CD as seen http://malwaretips.com/blogs/remove-ukash-virus/, on Method 3.
    If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance

  • Stelian Pilici

    Hello TJ,
    You’ll need to create a Kaspersky Rescue CD as seen http://malwaretips.com/blogs/remove-ukash-virus/, on Method 3.
    If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance

  • danielle

    THANK YOU….oh I can’t tell you how frustrated I was with this virus. But all is good to go now! I used the method 1 and it was fine. Thank you!

  • Keel

    hey what if i dont have administrative priviligies wat can i do

    • Stelian Pilici

      Hello Keel,
      Usually their is a need for Admin rights to completely remove malware… Anyway can you please try to create a bootable HitmanPro KickStart disk and run a scan with it?
      If it doesn’t work, you’ll need to created a Kaspersky Rescue CD as seen in this article, on Method 3.

  • Don

    Thank you for this gift.
    My only question is this: I noticed that in your example videos, HitmanPro was working on Windows7. My infected desktop is an XP. Will it still work? I am using my old laptop with XP to make the boot flash drive. So far, it is searching this computer for any malware.
    I just received a new laptop with Windows8. I’m finally upgrading.
    Thank you again.

    • Stelian Pilici

      Hello Don,
      Yes HitmanPro will work for Windows XP and 8 also …. Good luck and Have a Happy New Year!

  • JRC

    Thanks so much for the help, Method 2 was used to get our laptop operational again. Great job!

  • Jerick

    Thank you so much, your help is very appreciated.

  • Ariel

    Thank you! I somehow got this annoying virus last night and was able to easily dispose of it with Method 1. I appreciate your help so much!

    • Oscar

      Thank you sooooo much!!!!

      • jeff

        Pull up this post and followed the directions and within 10 minutes I had my computer working. Excellent insight on the virus and how to resolve. Would tell everyone to use these suggestions!! THANK YOU!!!!