Staying Away From the US Department of Justice Virus

Department of Justice Virus is one of the latest threats from Ukash virus group that try to attack people living in the United States of America. This threat belongs to the category of ransomware, so it is designed to get inside the system secretly and then try to rip users off. Just like other related viruses such as the money pack virus – it creates lots of troubles for its victims by locking the system down. This results is complete system’s take over – user becomes incapable to get on the Internet, launch legitimate anti-malware programs or do other things on his PC. He only sees a forged Department of Justice Virus alert, which states that user is caught doing illegal activities on his computer. Before you fall for this alert, you must note that such organizations as Department of Justice do NOT collect their fines in such way. You must remove Department of Justice Virus immediately!

This scam is designed to use the same ways intrussion as all previous Ukash viruses: it uses spam emails, freeware, shareware and other sources to come inside undetected. Once there, it locks the system down and shows its only message, claiming that Windows system has been blocked because you have been using copyrighted content, visiting pornographic websites or even spreading malware. For that, now you have to make a payment of $200 using the Moneypak prepayment system. Here’s how this message looks like:

Your computer has been locked!

This operating system is locked due to the violation of the federal laws of the United States of America (Article: 1, Section 8, Clause 8; Article 202; Article 2012 of the criminal code of the U.S.A. Provides for the deprivation of liberty for four to twelve years.)

Following violations detected:

Your IP address was used to visit websites containing pornopraphy, child pornography, zoophillia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography!

(… )

You have 72 hours to pay the fine, otherwise you will be arrested.

(… )

No matter how trustworthy it seems, you must ignore this alert because it has nothing to do with Department of Justice. If you pay this $100 or $300 fine, you won’t have your computer unlocked and you will lose your money as well. In order to avid that, you should remove Department of Justice Virus as soon as possible.

HOW TO REMOVE THIS VIRUS

In order to remove Department of Justice virus, you should try following this information. It includes different methids that MAY work in this virus removal. Remember that manual removal methid can be used only if you have enough nowledge about computer’s system and its architecture:

* Users infected with Department of Justice virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select ‘Deny’:

* Flash drive method:

  1. Take another machine and use it to download Spy Hunter or other reputable anti-malware program.
  2. Update the program and put into the USB drive or simple CD.
  3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
  4. Reboot computer infected with Department of Justice virus once more and run a full system scan with updated anti-malware program.

* Manual Department of Justice removal (special skills needed!):

  1. Open Windows Start Menu, enter %appdata% into the search field, click Enter.
  2. Go to: Microsoft\Windows\Start Menu\Programs\Startup.
  3. Remove ctfmon (don’t mix it with ctfmon.exe!).
  4. Open Windows Start Menu, enter %userprofile% into the search field, click Enter.
  5. Go to Appdata\Local\Temp and remove rool0_pk.exeDelete [random characters].mof file
  6. Delete V.class
  7. Run a full system scan with updated spy hunter program to remove remaining Department of Justice virus files.

UPDATE: There is a new Ukash virus, which uses the logo of the Department of Justice. This threat now says ‘ Your Computer Has Been Blocked’ The work of your computer has been suspended on the grounds of the violation of the law of the United States of America”. Similarly to the previous version of the Department of Justice virus, this ransomware shows a list of laws, that have been violated, and asks to pay the fine of $300 using MoneyPak prepayment system. Besides, it speaks to the victim!