Department of Justice virus?

[rhino415]

Hi,

My other computer got a virus saying its from the Department of Justice. It says I have 48 hours to pay $450 or I will be prosecuted. I have tried to get help and boot up safe mode with Networking and couldn't do it. My computer runs XP Pro. The virus claims my computer will be reformatted if I try to remove it. Is there anything I could do to fix this? The repair guy said he will charge $129, but I really don't have the money unless I sell something I own. I am unemployed due to a car accident and lost my job cause of it. Thanks for any help. If I have posted in the wrong section, my apologies.

 

[kenrivers]

These links may help:
http://malwaretips.com/blogs/department-of-justice-virus/
http://www.youtube.com/watch?v=2LkvuwNzLM8
One of the suggestions to to boot into Safe Mode with a Command Prompt and attempt to do a system restore. Of course this only works if you have created restore points.

 

[hang-the-9]

This virus is really hard to clean out, it took me several hours to find the fix, it blocks just about everything from running, even in Safe Mode.

You can burn a rescue CD from a anti-virus vendor and boot off that and run the scan, it may clear things up. Try the Avira Rescue Disk, AVG also has one. The way I ended up fixing it was to start Safe Mode, then had to install a copy of Malwarebytes from a flash drive, including the manual updates to it. I don't even remember how I got it to boot to Safe Mode when this worked, I know I tried Safe Mode several times and it just went to the virus screen.

 

[Saga Lout]

We have them in the UK too, only purporting to come from a mixture of three Police forces. The text is clearly written by a Russian with some knowledge of English and the saddest thing about is, the Police won't do anything about it. They could follow the money through the IKash site and shut these scam artists down.

Anyway, in XP says, Safe Mode is your best friend in XP and you need to log in as Administrator because your own Username will be shut down immediately you try to log in. If you have more than one user account, you can work in Normal mode because their name won't be affected. The worst case scenario is in Vista, Windows 7 and 8 where the Administrator account is not activated and there's only one Username. That needs a Linux Live CD.

The method I use is to run searches for the files of type .exe and .dll, created within the last, say, three days or whenever the problem showed up. Selectively deleting those should catch the culprits. They can usually be found in Docs and Settings>{Username}Application Data or further down in >Local Settings>Application Data. The page that blocks the screen is a blank white sheet which is populated by Bitmap files which later end up in Temporary folders so a search for the originals of those is worth a shot.

Sooner or later, I gain access to the affected user account and run ComboFix to complete the cleanup but that requires some careful study before use. Don't get it anywhere other than bleepingcomputer.com and even then, take care which Download button you click.

I've fixed nine of these in the last two weeks and would welcome anyone else's experience. The thieves are getting smarter in finding hiding places for their scamware and we need to be able to keep up.

 

[Jesse Weaver]

I have no answer but I did have the virus. After many trys to get rid of it, I found an answer on th internet. It worked an my computer is working.
Problem: I'm unable to locate the person that gave me such a simple answer. A second problem now is my computer freezes after setting idle for a while. It may be part of the FBI bot cleared or a different problem. Can use help again.

 

[Saga Lout]

Try ComboFix to clear out the detritus that comes with Scamware but please carefully read the instructions at bleepingcomputer.com before downloading. Also, in case they don't mention it, when it completes and before you restart, open the Run box and type combofix /uninstall and wait until that completes. That process doesn't delete the log so if you have any doubts afterwards, please post that log back here for more advice.