Department of Justice scam

Also Known As: Department of Justice Virus
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Department of Justice scam - how to unlock your computer?

What is Department of Justice?

"Department of Justice - your computer has been locked" is a ransomware computer infection, which demands payment from users of a bogus fine for watching pornography. This is a screen locker, which uses MoneyPak to collect fines from unsuspecting PC users, a scam developed by Cyber criminals who exploit the name of the FBI Department of Justice in order to scare computer users into believing that they have violated federal law, and thus have to pay a fine ($200 or $300) to unlock their computers. In fact, no authorities use screen lockers to collect fines for law infringements. Do not pay this fine - you will lose your money and your PC will remain locked.

This type of security infection (ransomware) is popular amongst Internet criminals who continue to create new designs and distribute their deceptive screen lockers to Internet users worldwide. The messages are commonly localized: after detecting your computer's IP address, ransomware infections are able to determine your location and display the fake messages in your language. Commonly, the Department of Justice scam is proliferated using drive-by downloads and Trojans. Your computer might be infected with this ransomware whilst visiting malicious websites or reading email.  

The United States Department of Justice computer has been blocked

department of justice computer locked screenshot

Department of Justice - The work of your computer has been suspended

To prevent such ransomware infections from infiltrating your PC, always keep your operating system and installed programs up-to-date. Furthermore, use legitimate antivirus and antispyware programs whilst surfing the Internet. Previously, similar ransomware used MoneyPak to collect bogus fines from PC users by exploiting the name of FBI. If your computer is already infected with Department of Justice scam, use the removal guide provided to eliminate it from your PC.

A fake message displayed by the Department of Justice scam:

Department of Justice.
Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America! (Article 1, Section8, Clause 8, Article 202; Article 210 of the Criminal Code of U.S.A. provides for a deprivation of liberty for four to twelve years.) Following violations were detected:
Your IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of $200. You have 72 hours to pay the fine, otherwise you will be arrested. You must pay the fine through MoneyPak: To pay the fine, you should enter the digits resulting code, which is located on the back of your Moneypak, in the payment form and press OK (if you have several codes, enter them one after other and press OK). If an error occurs, send the codes to address This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Quick menu:

Department of Justice scam removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Department of Justice ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.

remover Department of Justice scam

If you need assistance removing Department of Justice scam, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Cannot boot in Safe Mode with Networking? (Department of Justice scam blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, remove all the security infections detected, however, if you have only one user account please follow this guide (this guide will show you how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove Department of Justice ransomware).

If Department of Justice virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly-created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

remover for Department of Justice scam

If you need assistance removing Department of Justice scam, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If the newly created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Department Of Justice scam.

Alternative Department of Justice scam removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Department of Justice ransomware.

remover for Department of Justice scam

If you need assistance removing Department of Justice scam, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing Department of Justice ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove Department of Justice scam:

Comments 

 
#16 Seth 2013-08-26 11:11
Quoting keith:
well I got screwed!!!! paid 300 bucks for nothing. really needed that money. is there any way to track where the money from my money pack card went to? there has to be a trail.


Nope. Scammers use money pak all the time because theres no trail.
Quote
 
 
#15 Jason 2013-08-08 15:14
I got this virus off of an ad on Facebook and got it removed, however when my computer starts up, I get the CMD prompt and have to manually start explorer.exe. Any suggestions on fixing this?
Quote
 
 
#14 keith 2013-07-15 22:41
well I got screwed!!!! paid 300 bucks for nothing. really needed that money. is there any way to track where the money from my money pack card went to? there has to be a trail.
Quote
 
 
#13 Gene 2013-06-11 15:57
An easy way around this kind of thing is to set up another user id as a standard user- this prevents the virus from gaining admin privileges on your computer. Use the standard used id for surfing the net- especially for things that might throw malware at you. If you run into trouble you can save any files you need from your admin user account and just delete the standard user. That usually also deletes the virus and all associated files. Then just create a new standard user account for web surfing. Has worked for me several times. Never lost a file, never had to rebuild, never even had to run removal software.
Quote
 
 
#12 admin 2013-06-10 00:15
Hi TJ, when you see the fake DOJ message on your computer's screen you have to restart your PC manually and then enter safe mode. Notice that this ransomware virus commonly comes bundled with other malware which can steal passwords and perform other malicious tasks. You should scan your computer with legitimate antivirus and sntispyware programs to eliminate the mentioned security infections (you can download legitimate security programs from our top antispyware and top antivirus sections).
Quote
 
 
#11 Tj 2013-06-09 23:49
Happened to me. Didn't want to try to unlock it for fear of losing all my Buisness files so like an idiot I paid the fee and about 20 Mts later my
computer restarted. I was viewing adult material but nothing illegal. So do you start step one while the dept of justice logo is on your screen saying your computer is locked? If it is locked do I manually turn it off then start it in safe mode? Need to know the exact way to unlock it because it probably will happen again. Would appreciate all comments. Thanks
Quote
 
 
#10 Theresa 2013-05-24 13:17
Thank you so much for this great program. I was literally on my out the door to go get the moneypack but thought I should do a little research. The DOJ emblem looked so authentic. Thank you again.
Quote
 
 
#9 michael 2013-03-18 16:39
Thanks alot.SMART CROOKS,BUT SMARTER GOOD PERSON ,A POSITIVE PATH OF LIFE. KEEP IT UP!!!
Quote
 
 
#8 Larry 2013-02-14 10:42
I knew it was a scam, but had no idea how to correct it. It blew right through my anti-virus. I did the system restore and it eliminated the virus. Thanks for your help. It was a blessing !!
Quote
 
 
#7 Steve 2013-02-11 23:37
Thank you for your help. I thought it was real. And I did some research, found that it was a scam. Thanks again
Quote
 
Add comment
PCrisk.com is not responsible for the content of the comments.


About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.