New Department of Justice Virus Removal


New Department of Justice Virus Removal

Dan Steiner
Dec 20, 2012

Is your computer locked by the Department of Justice? Does a window come up saying you’ve committed crimes such as pornography or copyright infringement? Are you unable to boot into Windows? Have you been blocked by the United States Department of Justice? Is the Department of Justice a real program? Can I remove the Department of Justice Window? Do I need to send money to the Department of Justice?
The Department of Justice window is a scam, and a virus in itself. Under no circumstances should you send any money to the cyber-criminals who created it.

The United States Department of Justice virus has been constantly changing and becoming more and more difficult to remove. Generally users notice they suddenly can’t log on to their computers and are blocked or locked out with a window that claims they have broken a law and must pay a fine. The virus does not delete any of your data or damage any of your programs, it only blocks entry into your desktop until you pay the ransom via MoneyPak. Recently, we’ve noticed a string of more difficult to remove viruses, and our previous removal guide was unable to help many users.

Operating systems affected by The Department of Justice Virus are: Windows XP, Windows Vista, Windows 7, and Windows 8.

Removal Options for the Department of Justice Virus

    Stop! Is your Data Backed up? Virus removal can be potentially damaging to your computer.
    If you are uncomfortable making changes to your operating system, please contact an Expert!
  1. Boot up Your Computer via ‘Safe Mode with Networking’

    The first thing we need to do is to shut the computer down. Make sure the computer is completely off! Once the computer is turned off, we need to turn it back on and boot into Safe Mode with Networking

    To do this, press the power button then immediately start tapping the F8 Key on your keyboard.

    Within a few seconds, you will notice the Windows Advanced Options Menu. Using your arrow keys to choose the Safe Mode with Networking option, press Enter. (Screenshot provided below)

  2. safemodebootup

  3. Log into Windows and View Desktop

    Safe Mode with Networking will then load a variety of files and drivers, so do not worry as this is perfectly normal. You will then see your account’s user icon. Once you see it, log into your account to view your Windows’ Desktop as normally.

  4. Open Your Web Browser (Internet)

    You will now need to open your web browser, and nearly any web browser will suffice: Internet Explorer, Firefox, or Google Chrome for starters.

  5. browser_icons

  6. Download Trusted Removal Software

    The easiest way to remove Win 7 Security Cleaner Pro is with Malwarebytes Anti-Malware. This is hands down the easiest and most effective tools available for malware removal (and it doesn’t cost anything to use!)

    Malwarebytes Anti-Malware

    • FREE / $24.95 USD (Lifetime)
    • Malware Scanner Utility (No Protection)
    • Malware Scanner + System Protection
  7. Install MalwareBytes Anti-Malware

    Install MalwareBytes Anti-Malware as you would any other program. Once the installation process begins, the software may download new definitions and update the program, so give it a few minutes and allow it to update appropriately. Once the updates are completely and you are viewing the following screen below, you are ready to use it:

  8. mb_fullscan_selected

  9. Run a Full Scan with MalwareBytes

    Select the Full Scan box, then select Scan to begin the scanning for malware. Ensure drive C: is selected, then select Scan once more.

  10. mb_scanning

  11. Look at the Infected Files

    Once the scan is finished, select OK to look at the files then select Show Results.

  12. mb_objects_detected


  13. Remove the Infected Files via MalwareBytes

    You will now notice a variety of infected files and registry keys. Ensure the detected objects are selected, then select Remove Selected.

  14. mb_infections

  15. Reboot Your PC

    MalwareBytes Anti-Malware will inform you that you must reboot. This is perfectly normal, and will provide the software with the opportunity to remove the infected files.

  16. mb_reboot_window

  17. Boot Back into Windows

    Your PC will now boot up as normally without the virus infected your machine. Open a few of your regularly-used software and ensure everything is working as normally.

  18. Congratulations! All Finished!

    We sincerely hope this guide has helped you. If you fixed your computer using our free guide, we ask that you support us by selecting one of our social share buttons or by commenting on our guide with your feedback below!

Added Notes for the Department of Justice Virus

This particular virus can be tricky to remove in some situations. Here are some tricks to remove even the nastiest variations of the Department of Justice Virus.

Windows XP Users If the computer crashes when attempting to get into Safe Mode, try selecting Directory Services Restore Mode

Windows 7/Vista Users If you’re unable to get into Safe Mode, try to run a System Restore.

Author: Dan Steiner
Was This Guide Helpful
New Department of Justice Virus Removal
18 votes, 4.67 avg. rating (92% score)


      • I was unable to start the computer in safe mode in any way. I say where you said to start in “Directory Services Restore Mode”. I did that,which got me to mt screen in Safe Mode. I then ran Hitman Pro and problem fixed with computer running all of our business programs and internet. I did not find this info anywhere else on the internet.Great Job and hats off to you.

  1. My DOJ virus is very virulent. All the above software are unable to detect the virus. I cannot even go to safe mode. The only way to use the removal software is by using it via MS DOS prompt. But still can’t detect and remove the DOJ virus. Run both malware and hitmanpro scan to no avail both indicate no infection! Finally transfer my files to a USB HD via MS DOS then reformat the computer.

  2. Thank you very much for the guide. I had initially used malwarebytes, but this virus had really gotten my nerves after shutting me out every time I rebooted–The ComboFix was a real life-saver.

    Good Luck with your future endeavors!

  3. The latest version of this virus is so bad when my computer is infected, it take over all operations. It even blocked the safe mode. I tried to reinstall Window 7 from CD and it disable my keyboard and mouse so I never able to use keyboard/mouse to pass the installation 1st screen. What can I do in this case ?

  4. The steps provided got me out of the Department of Justice virus perfectly. Thats kinda nerve wracking when you get the impression that the FBI is monitoring your every move using your laptops web cam.
    Thank-You very much.

  5. Hi I also have this virus. Went into safe mode before coming to your site, tried to get to system restore but it went right to the DOJ virus. I have a refurbished comp and only 1 cd that has my xp files on it…going to try safe mode again and see if I can get to system restore again.

  6. thank you for this last night my laptop was hit by this virus and i could not do anything and all my wedding plans are my laptop and i was freaking out

  7. i had a nasty version of this virus as well. I dont consider myself a computer expert, but I do know a lot more than the average joe. This virus even had me blocked out of safe mode, so to get around it, I accessed the F8 menu at start up, and booted my computer into the Directory Services Restore mode. that allowed me to access my computer and follow this guide, which seems to have gotten rid of it. I also like to use Avast antivirus, because it has a nifty lil Boottime Scan, which will scan you computer for viruses before windows loads up; quite handy.

  8. I cant run mine in safe mode with networking and I tried to run it in safe mode with command but couldnt find the right files. What else can be done?

  9. Thank you VERY much for your helpful blog! It worked perfect – the only changes I had to make were to run the hard drive of the infected computer as a 2nd in another uninfected computer, and did the scans from there. It was impossible to get the infected computer to let me in at all. Again, thank you for your help! This virus is ridiculous – I hope that the MoneyPak wire is traced by the US Law Enforcement Departments – if for nothing else to charge them with impersonating police/law enforcement authority. Unreal.

    • I got taken in with this scam. Heck- who thinks virus/scam when you see “US Dept of Justice” and it is blocking the computer. We actually paid it this morning. THen I thought to call moneypak, who told me it was a scam. they did find out who got the money and froze that person’s card so they can’t use it. I was told to file a police report and the police can call and get that person’s info. Unfortunately, moneypak won’t refund the money but my state police is also giving my info to the victim crime reimbursement department to see about getting me the money back. Hopefully these steps work or at least let me back in under safe mode. But my gist is- if you haven’t already, file a police report.

  10. Thank you for the detailed instructions for virus removal. It worked like a charm. From start to finish just over 1 hour. To anyone else with this problem just be patient and follow the steps above, I’m not computer expert but these steps made it very easy.

  11. Hey guys I don’t know how to thank you. This was awesome and it worked. I had gotten the virus on my mothers computer so you guys just saved a life. Thanks a million. I would recommend this to everyone with this virus on the computer.

  12. You seriously rock! My computer was down for 2 days before I found you and now its working better than ever. And to think I was using BitDefender 2013 Pro, and this virus slipped right by it. I have immediately switched to Norton, which I use on my laptop which has never had a virus. I’m not even sure where I got this stupid virus, but I thank God that you guys figured out a way to get rid of it!

  13. With the virus version I have the virus takes over when you boot Safe Mode Networking. Also when you boot Safe Mode Command Prompt. The same DOJ screen pops up and takes over. What do you do when you cannot even run in Safe Mode at all?

    • You would want to try a System Restore from Command Prompt. Google “How to restore via Command Prompt” and that should do the trick. Otherwise, our Experts can help you out.

  14. Worked great to remove the virus. Now Internet connection is stuck in identifying phase from some deleted files. Went to restore point, but no luck. Thoughts?

  15. Do you have to run this virus scan while in safe mode? it would not let me get into safe mode but did eventually get me to access internet and I was able to download and start the recommended virus program. Is this okay?

  16. Nothing Works! :( I he tried everything on every website and nothing has worked!!!!!! No matter what I enter in the advance setup it won’t stay long enough on my desktop to click the Anti virius or the Internet icon! It jus takes me to a blank black screen the says safe mode in each of the 4 corners of the screen!

  17. The primary/admistrator’s user profile is infected witht the DOJ virus. I shut down and was able to open under a differnt user (one of the kids). If I download and run the malwarebytes program from this user, will it fix it in mine (the admistrators)?

    • To anyone who cannot remove the virus, there is a new version of the virus going around. Please contact us for help. The new removal procedure is too advanced for me to publish. My apologies!

  18. This virus popped up on my computer and then it just disappeared. I am running super anti spyware and avast antivirus. I am able to get on the internet again and everything should i be conserned it is tracking my info?

  19. Hey guys I found how delete virus for windows 7 home premium computers. Mine is toshiba laptop. Hold down power button till it shuts down, start normally right before it gets to log in screen when it says just windows hold down power button. When it asks if want to repair startup DO It it will say recommended. It will search for problems and when it asks for restore thing hit yes or whatever it says. It will take a couple of minutes but when done and login virus will be gone well block up but get malwarebytes in do complete scan just in case. My had really bad condition of this virus and I did this on accident but it works and might(MIGHT) work for u toooo

  20. You are the best. I got this stupid virus twice. 1st time I rebooted the whole machine. UGH. 2nd. I did what u said. Thank you thank you

  21. Got doj virus. Can not boot in safe mode with networking nor can I boot just in safe mode. Can not use command prompt since I don’t have the password. Someone please help!!!

  22. I got this virus this morning.I have tried it all, it wont allow me to access safe mode, safe mode with networking or anything.only way to access any of it is to start in normal mode with my internet not on or the directory services restore mode with no internet, but then it wont allow me to access system restore or even task manager. Anytime I have internet on it will pop up..not sure what else to do here. Is there any hope?

  23. This is a nasty little bugger. I suspect it is in the registry because it pops up even is safemode. There a little delay but never enough to do anything. 😉 I have hung the drive in an old computer and am trying to scan it as a storage drive. Time will tell….

  24. Thank you so much. This virus came out of no where and was a little scary, but my husband was able to use your site to fix it. Thanks again. It worked well and everything appears to have been restored.

  25. Just wanted to say thank you. I turned my husband’s laptop on and found that stupid virus. I had just redone his computer the other day and had not gotten around to installing malwarebytes yet. Wasn’t sure how to do it in safe mode, but my daughter found your site and helped me get it installed. The rest is a piece of cake..actually all of it was lol. Thanks again.

  26. we are using remote dekstop here and the virus takes over my screen and I cant use f8 coz i’m logged through the server using remote dekstop

  27. I got hit with this DOJ virus your software worked great and easy to use. Why isn’t these big anti virus companys not able to get rid of this virus.
    Oh i forgot corperate america want’s their money.
    Thank you I’ll

  28. I. Was so freaked out by the message. Never dealt with a virus before and I just want to thank you for these steps they helped out so much. Thanks so much again… off to bed I go.

  29. Mine would not reboot either in safe mode. I first downloaded the malware to a USB, shut down the infected PC, inserted the UBS and booted in safe mode with command prompt. At the command prompt, I was not sure of which drive the USB was so I entered CD E: and got a cd drive then I tried CD F: and got the USB drive. To verify I entered DIR M* and saw my setup file. Then jsut entere the full name of the setup file and the install will begin. When asked about looking for an update, select cancel (you don;t have networking at this point) My 40 day old version found 2 viruses and I removed. Then I rebooted with command prompt again and ran a quick scan. Nothing was found so I rebooted but with networking and downloaded the update. Next quick scan found 5 more viruses and I removed. Reboot again and nothing found then I did a full scan with no issues. Nope this helps.

  30. Was able to log on second account since virus only affects single account. Then downloaded the malware, ran scan and so far so good!

  31. Thanks a lot for the very useful tips on this. As said by many, the latest version of this virus does not allow the ‘safe mode” route. However, using the “Directory Services Restore mode” does help to get the desktop from where you can use/run the Malware bytes to remove the virus. Great tips. Hope somebody at DOJ or cyber-crime folks take some action on this hi-tech scammers.
    Thanks again

  32. Thank you so much!!! I really hope no one actually falls for this and sends these crooks any money. Some of the scams I hear about out there (or, in this case have run across myself) are just awful! Again thank you for making this information available. Between your detailed instructions and the Malwarebytes program the problem is solved. KUDOS TO YOU!

  33. Everything performed as explained by the information passed on above with the exception of the restart. Virus popped right back up even though the malware detected the problens.

    Anyone else experience this that could lend a helping hand?

  34. I tried every setting and none of them will let me reboot. I downloaded the Hitman removal tool and put it on a flashdrive but I can’t boot from it either. I went into setup and selected to boot from removal drive, what else can I do.

  35. THANKS SO VERY MUCH!! I thought my computer was DOOMED!! Im no computer wiz but the instructions were simple and straight to the point, Thanks!

  36. Just this morning i got infected with this virus/Trojan. Could not boot into safemode by hitting F8. I pulled the hard drive out of my computer.
    Then replaced the CDrom drive in my wifes computer with my drive.
    Since i already had malwarebytes on her machine i did a full scan on my drive and it removed the trojan virus.
    Just to be sure, when i put the drive back in my machine, i ran another full scan, and it found more of the virus.
    Thank goodness i had a second computer so i could get rid of this nasty trojan.
    I hope this will help some of you get your machine fixed.

  37. Follow the advice of Meow. My was locked so bad I could do nothing but then i did what he did with the powering off and it worked. Thanks Meow.

  38. I’ll try this to make sure I’m rid of this virus. I must not have gotten a very bad version of it, though. I was able to go into safe mode and do a system restore and everything seems to be working fine at the moment.

  39. Thanks for the help! This is the second time my daughter has gotten this ransomware on her computer and the second time I’ve gotten rid of it using your guide. Hope it stays away this time! Thanks again!

  40. Cannot access in safe mode, but can access windows in normal mode. Already have Malwarebytes Anti-Malware on computer. Should it still work or has been compromised?

  41. I presumed the computer lock was virus related. Despite having a widely-accepted Anti-Virus tool on my computer, this malware got in anyway. The instructions were clear, consise and very easy to follow. It worked like a charm. Thanks so very much!

  42. Got this nasty little virus today and luckily with my Comcast internet account, I have free “Norton” AntiVirus software, though I was a bit dissapointed that Norton didn’t intercept it in the first place… But anyway… Called Norton and was told that I would have to pay $90 for a tech to remove the virus – LOL no thanks! So I started the computer in Safe-Mode w/ Networking, and then ran my Nortus “full system scan” and it said that it removed 20 “occurrences” or whatever. Then I restarted my computer in regular mode like I normally do and – Boom, gone! Virus was gone and my Norton window flashed up that it removed a malicious virus. I assume it is all gone now – seems to be – hopefully? :) Yay Norton!

  43. I got this virus from Utube and using the free version, removed it within 30 minutes.
    Just the wording of the page made be believe that it was a virus.
    Fist off, the department of Justice would not lock up your computer, they would just come and get you. Neither would they format your hard drive, that would be destroying evidence. Anyone that would believe that the department of Justice would make you pay to get your own computer back is just plain stupid.
    Thank you for the link to malwarebytes, THANK YOU VERY MUCH!

  44. well I cant get rkill or hitmanpro to kill this thing long enough for me to be able do do crap !!! windows xp home 32bit dell laptop latitude d531 and when I try safe mode, safe wit networking or safe with command prompt I get a blue screen basicly says check my hard drive etc. and if I actualy start up the normal way soon as windows loads up and desk top is up about 10 seconds later I get the doj screen and a little box telling me to connect to internet I need some better advice considering I cant get into safe modes or anything else for that matter

  45. Many Thanks to everyone there!!!!!

    Wife was looking for yarn on our main system and got hit with that notice.
    I thought no hope for this system until I found your site.
    I purchased your product and was able after 3 attempts to clear the problem and get the system back in service.
    I will always be a fan of your product and I plan on letting others that I work with know about it.

    Thanks again

  46. I got this the other day and paid money. i was so freaked out bcus it looks so real!! Luckily my computer came back on and i was able to retrieve my money. i am restarting the whole computer to factory state

  47. my girfriends mom got this on her computer and sent it for 60 bucks to get fixed. a week later she got it on her own laptop and i googled it, found this site and after hardly half an hour the problem was fixed and for free on top of that! thanks a lot for the help!

  48. Your Guide worked amazingly. Thanks for loading the info to help others. You need to commended. I would like to donate to your cause, but did not find link on the website. God bless you.

  49. Massive thanks for this! My laptop had all my uni work on and I hadn’t backed it up so I was really worried I would lose it all, but I found this and it worked perfectly! Thanks so so much!!!

  50. Thanks for the help Worked like a charm! Lucky I was able to find out about this on my phone I was lost tryin to fix my computer! I cant belive people fall for that!

  51. Heres my nightmare with this virus I got hit really bad and im pretty computer savy. I first got this virus 4 days ago it started off as the ICE RANSOM VIRUS which I removed within an hour through the safe mode prompts I ran malware bytes and it picked up two traces of the virus but didn’t remove any of the registry keys or sub folders in my start menu (look in the start menu there is a shortcut of the virus in there in a folder named startup) I then proceeded to click run msconfig and found it under startup it was named RUNCTF.exe. this did nothing the virus loaded right back up and made a copy of itself in msconfig so now I see two copie. I went to safe mode again found the virus manually in the local c documents and settings user folder there will be a folder that says q935235946867-USER the virus is in there. I cleaned it out everything seemed normal I rebooted in normal mode but I noticed my cd drive was missing and a lot of folders my network connections and even usbs would not work I went into the control panel and turned the services back on and long behold my computer connected to the internet and withing 3 seconds I was locked back out but this time I got the DOJ RANSOM VIRUS!!!!! I cannot stay in safe mode for more then a few seconds I had shut down system restore so there are no restore points. I was able to get malware bites on buts its 94 days outdated and I cant update it to catch new version of the virus. THIS IS A NIGHTMARE EVEN FOR ME im ready to throw the computer out the window please please help I don’t have money to spend im in school and this is screwing me up big time

  52. My husbands laptop got this virus, I found your site, read everyones comments, and gave it a go. Your instructions were simple and easy to follow. Worked like a charm! Thanks so much for sharing!!!!

  53. I got the virus this morning and followed the steps deleting the virus thru Malware, however when my laptop restarted After entering my home screen password I was greeted with a black screen and my mouse pointer nothing else. I then restored my laptop to a previous date but also had the same black screen. What do I do?!?!?

  54. I followed the directions and deleted the virus thru Malware however when I logged back into my account the screen is black. I went back and did a system restore and the screen is still black. What do I do?

  55. thanks so much I just got this virus today and by following these steps its gone! Unbelievable! Thank you so much for the help especially these days good old fashioned help is hard to come by, thanks again.

  56. I got slammed and locked up by the MoneyPak virus. It knew my login name. Restarting each time when prompted, I first ran MSE quick scan from safe mode. I ran Windows startup repair, which seemed to work briefly. I then ran MSE from a guest login. The virus kept appearing. Finally, I saw this forum and, from a guest login, downloaded and ran MalwareBytes Free, which worked, finding something with ..fake.. in it that nothing else fixed. Everything seems to be okay, with several restarts now. Hopefully there is nothing left from which the criminals can log my stuff. Windows 7, AMD, Mozilla Firefox, laptop, middle of the night, not really tech savvy, but I can follow clear directions a step at a time. Thanks

  57. my son ship his laptop on a panic and told me we had to pay 300.00. i did not ask any questions and did some research to find that is a bad virus and once you boot your computer by pressing f8 several times and login in you can use the free patch from norton and that did the trick. im wondering about the people that said they can help you and if not you can call their toll free number is a sucker punch after the virus costing you money either way. So do your research before you pay for any fix catch 22 bandits….

  58. Can you help me please via email I have this virus on my pc laptop using wind 8 I have cleared the virus I think, but now all I get is a black screen and can no longer use my laptop for anything???? Need help please but via email please thank you in advance.

  59. i got this virus this morning and managed to get into safe mode and ran scans, didnt have time to finish before i left for working so my laptop was running them while i was gone am i still at risk of getting hacked or is it fine (i had my mom shut the screen when she got home a few minutes ago so i could finish it later please help

  60. Had this come up on my laptop this evening while my dad was on it. He’s ignorant when it comes to clicking on things, he clicks on every ad out there! Anyways came across this and I followed your steps and it worked! Thanks for good people like you to post these helpful things to get rid of nasty viruses!!

  61. Thank you so much. These instructions were easy and effective. You are doing a great service for the average “Joe” like me when the bad guys strike. God bless.

  62. I was initially baffled when I saw the screen popping up. But being an expert and knowing a bit about Operating system, I figured out what needs to be done. Hope the below helps:

    Steps to temporarily get rid of the pop-up:

    1) Logoff and Login as a different user.
    2) Sooner you log-in (ensure switching off the internet/WiFi), Open MSCONFIG (run command), and uncheck the applications that has ownership as “Unknown”, under StartUp tab. Click Ok.
    3) Search (extensive search, on hidden files) for ssxjro.dll under “c:UsersOwnerAppData…’ and delete it.
    4) This should let you proceed with your work.
    5) Purchase a legitimate Anti-virus software Online and perform deep scan.

    Hans :)

  63. Thank you guys! I got the virus on Sunday I think and I was freaking out! Then I learned that it was a virus and found you guys! I followed all of your steps and now the virus is gone! Thank you guys and malware! Big help (:

  64. Hi Dan…I did as what was told…ran the antivirus and removed the same…my laptop is back on track…thanks alot it was sooo easy…..5stars from my side

  65. I tried to do what you said. but when I get to your step three the one that says go to you Internet I can’t cause the virus is in the way it won’t let me do anything. any info will help me thanks

  66. If your having trouble getting past the lockdown, run computer normally log into profile first infected with the virus. Then switch users, the other profile will not get locked and you can clean your cpu from there :)

  67. I was unable to go to safe mode and my computer tech said the person doing the scam has figured out how to prevent any infected computer from doing so. He also said this infection is coming from the Middle East and the person doing it is known but so far can’t be touched.

Leave a Comment

Your email address will not be published. Required fields are marked *