Department of Justice scam

Department of Justice scam - how to unlock your computer?

"Department of Justice - your computer has been locked" is a ransomware computer infection which asks to pay a non existent fine for watching pornography. This is another screen locker which uses MoneyPak to collect non existent fines from unsuspecting PC users. This scam is developed by Cyber criminals who exploits the name of FBI Department of Justice in order to scare computer users into thinking that they have violated some federal laws and thus have to pay a fine ($200 or $300) to unlock their computers. In reality none of the authorities are using such screen lockers to collect fines for law infringements, you shouldn't pay this fine - you will loose your money and your PC will still be locked.

Such type of security infections (ransomware) has become very popular among Internet criminals, they are continuing to create new designs and distribute their deceptive screen lockers to Internet users all over the world. Such messages are commonly localized - after detecting your computer's IP address ransomware infections are able to determine your location and display the fake messages in your language. Most commonly Department of Justice scam is spread using drive-by downloads and Trojans. Your computer might have got infected with this ransomware while you were visiting malicious websites or you were reading your e-mail.  

To prevent such ransomware infections from entering your PC you should always keep your operating system and all of your installed programs up-to-date. Furthermore you should use a legitimate antivirus and antispyware programs to protect your Internet surfing. Previously seen similar ransomware which used MoneyPak to collect fake fines from PC users were exploiting the name of FBI. If you computer is already infected with Department of Justice scam you should use the provided removal guide to eliminate it from your PC.

Fake message shown in Department of Justice ransomware:

Department of Justice
Your computer has been locked!
This operating system is locked due to the violation of the federal laws of the United States of America! (Article 1, Section8, Clause 8, Article 202; Article 210 of the Criminal Code of U.S.A. provides for a deprivation of liberty for four to twelve years.) Following violations were detected:
Your IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains
video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of $200. You have 72 hours to pay the fine, otherwise you will be arrested. You must pay the fine through MoneyPak: To pay the fine, you should enter the digits resulting code, which is located on the back of your Moneypak, in the payment form and press OK (if you have several codes, enter them one after other and press OK). If an error occurs, send the codes to address This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Department of Justice ransomware removal:

Step 1

Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Log in to the account that is infected with Department of Justice ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.

remover Department of Justice ransomware

Can't boot in Safe Mode with Networking? (Department of Justice virus blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Department of Justice ransomware).

If Department of Justice virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:

1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.

3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.

4. Finnaly enter this line: shutdown -r and press ENTER.

5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the ransomware infection and you will be able to download and install recommended anti-spyware software to eliminate this virus from your computer.

6. Download and install recommended anti-spyware software to eliminate this ransomware infection from your computer:

remover for Department of Justice virus

If the newly created user account is also affected by the ransomware infection try doing a System Restore:

1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. When command prompt mode loads enter the following line: cd restore and press ENTER.

3. Next type this line: rstrui.exe and press ENTER.

4. In the opened window click "Next".

5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).

6. In the opened window click "Yes".

7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of Department Of Justice ransomware.

Alternative Department of Justice ransomware removal guide:

If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.

1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.

3. In the command prompt type regedit and press Enter. This will open the registry editor window.

4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of Department of Justice ransomware.

remover for Department of Justice ransomware

If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Department of Justice ransomware from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.

Anti-spyware programs known to detect and remove Department of Justice ransomware scam:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.

Manual Department of Justice ransomware removal:

If you were unable to remove Department of Justice ransomware using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Department of Justice ransomware processes:

random.exe

Delete these Department of Justice ransomware files:

%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk