FacebookTwitterLinkedIn

Department of Justice scam

Also Known As: Department of Justice Virus
Damage level: Severe

What is Department of Justice?

"Department of Justice - your computer has been locked" is a ransomware computer infection, which demands payment from users of a bogus fine for watching pornography.

This is a screen locker, which uses MoneyPak to collect fines from unsuspecting PC users, a scam developed by Cyber criminals who exploit the name of the FBI Department of Justice in order to scare computer users into believing that they have violated federal law, and thus have to pay a fine ($200 or $300) to unlock their computers.

In fact, no authorities use screen lockers to collect fines for law infringements. Do not pay this fine - you will lose your money and your PC will remain locked.

This type of security infection (ransomware) is popular amongst Internet criminals who continue to create new designs and distribute their deceptive screen lockers to Internet users worldwide. The messages are commonly localized: after detecting your computer's IP address, ransomware infections are able to determine your location and display the fake messages in your language.

Commonly, the Department of Justice scam is proliferated using drive-by downloads and Trojans. Your computer might be infected with this ransomware whilst visiting malicious websites or reading email.  

The United States Department of Justice computer has been blocked department of justice computer locked screenshot Department of Justice - The work of your computer has been suspended

To prevent such ransomware infections from infiltrating your PC, always keep your operating system and installed programs up-to-date. Furthermore, use legitimate antivirus and antispyware programs whilst surfing the Internet.

Previously, similar ransomware used MoneyPak to collect bogus fines from PC users by exploiting the name of FBI. If your computer is already infected with Department of Justice scam, use the removal guide provided to eliminate it from your PC.

A fake message displayed by the Department of Justice scam:

Department of Justice.
Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America! (Article 1, Section8, Clause 8, Article 202; Article 210 of the Criminal Code of U.S.A. provides for a deprivation of liberty for four to twelve years.) Following violations were detected:
Your IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of $200. You have 72 hours to pay the fine, otherwise you will be arrested. You must pay the fine through MoneyPak: To pay the fine, you should enter the digits resulting code, which is located on the back of your Moneypak, in the payment form and press OK (if you have several codes, enter them one after other and press OK). If an error occurs, send the codes to address fines@fbi.gov

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Department of Justice scam removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Department of Justice ransomware. Start your Internet browser and download a legitimate anti-spyware program.

Update the anti-spyware software and start a full system scan. Remove all the entries detected.

Cannot boot in Safe Mode with Networking? (Department of Justice scam blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, remove all the security infections detected, however, if you have only one user account please follow this guide (this guide will show you how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove Department of Justice ransomware).

If Department of Justice virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly-created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Department Of Justice scam.

Alternative Department of Justice scam removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file).

Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Department of Justice ransomware.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated.

For this step, you need access to another computer. After removing Department of Justice ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove Department of Justice scam:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Department of Justice Virus QR code
Scan this QR code to have an easy access removal guide of Department of Justice Virus on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.