Dept of Justice Lockout

Hi, my wife’s system has been locked by the Dept of Justice ransomware.
Is there an established routine to remove/recover from this?
Thanks.

malware removal specialist have been notified and will tell you how to proceed
it may take hours before he arrive so be patient…
he is usually here after work hours…european time. :wink:

if able to then attach…not copy and paste…the requested logs from this guide

http://forum.avast.com/index.php?topic=53253.0

I would, but the system is pretty well locked up. I can’t access the desktop or task manager, and a hard reboot returns to the lock screen.

hi Mugwump,

Expert malware cleaners here have ways of getting around your issues of no access to desktop or task manager, so be patient, and follow all instructions carefully and to the letter. Likely you will need to use your second computer to transfer programs and files to the sick computer and vice versa, so help is forthcoming for you and your wife.

All malware experts here are fully certified, just so you know.

Hi there what is the operating system i.e. XP, Vista, 7 or 8

Do you have the windows CD ?

If not are you able to use another computer to create a USB/CD

Her system is Win 7. I do not have a disk with her OS.
Her system came pre-installed with the OS, and it has no CD/DVD drive (ultrabook)
I can create a USB/CD from my system though.

http://www.youtube.com/watch?v=jm3NMl9LVAY
Instruction on removal
Found on google

@ PorscheCarreraGTRacer safe mode is not available, they now block that option

Download the following three programmes to your desktop :

  1. WiNTBootIc

For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

For 32bit systems
2. Windows 7 RC
3. Farbar Recovery Scan Tool

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Actually, I was able to boot her system into Safe Mode via the F8 key, and proceeded to use PorscheCarreraGTRacer’s solution. It seems to have removed the problem. I ran a full system scan and a boot scan and one other item was found in the Java setup. Removed that and everything appears to be back to normal.

I will still build a recovery USB flash drive to keep on hand for future use (hopefully I’ll never need it - she’s learned her lesson about watching her TV episodes on a ‘share’ site…)

Thanks to all for the assistance!
-Mug

if you now are able to…you should follow essexboys guide so he can check if all is gone when he is back

http://forum.avast.com/index.php?topic=53253.0

attch logs…not copy and paste

AdwCleaner
Malwarebytes
OTL
aswMBR