Hi, my wife’s system has been locked by the Dept of Justice ransomware.
Is there an established routine to remove/recover from this?
Thanks.
malware removal specialist have been notified and will tell you how to proceed
it may take hours before he arrive so be patient…
he is usually here after work hours…european time.
if able to then attach…not copy and paste…the requested logs from this guide
I would, but the system is pretty well locked up. I can’t access the desktop or task manager, and a hard reboot returns to the lock screen.
hi Mugwump,
Expert malware cleaners here have ways of getting around your issues of no access to desktop or task manager, so be patient, and follow all instructions carefully and to the letter. Likely you will need to use your second computer to transfer programs and files to the sick computer and vice versa, so help is forthcoming for you and your wife.
All malware experts here are fully certified, just so you know.
Hi there what is the operating system i.e. XP, Vista, 7 or 8
Do you have the windows CD ?
If not are you able to use another computer to create a USB/CD
Her system is Win 7. I do not have a disk with her OS.
Her system came pre-installed with the OS, and it has no CD/DVD drive (ultrabook)
I can create a USB/CD from my system though.
http://www.youtube.com/watch?v=jm3NMl9LVAY
Instruction on removal
Found on google
@ PorscheCarreraGTRacer safe mode is not available, they now block that option
Download the following three programmes to your desktop :
For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64
For 32bit systems
2. Windows 7 RC
3. Farbar Recovery Scan Tool
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
http://dl.dropbox.com/u/73555776/wintoboot.JPG
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
It will let you know when it is done
Then copy FRST to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Actually, I was able to boot her system into Safe Mode via the F8 key, and proceeded to use PorscheCarreraGTRacer’s solution. It seems to have removed the problem. I ran a full system scan and a boot scan and one other item was found in the Java setup. Removed that and everything appears to be back to normal.
I will still build a recovery USB flash drive to keep on hand for future use (hopefully I’ll never need it - she’s learned her lesson about watching her TV episodes on a ‘share’ site…)
Thanks to all for the assistance!
-Mug
if you now are able to…you should follow essexboys guide so he can check if all is gone when he is back
http://forum.avast.com/index.php?topic=53253.0
attch logs…not copy and paste
AdwCleaner
Malwarebytes
OTL
aswMBR