Your Computer has been blocked - US Department of Justice

Sue Taylor
Sue Taylor used Ask the Experts™
on
I'm an IT guy and am baffled by this one...  I can't even get to the start menu or anything in Safe Mode.  Does anybody have any suggestions as to how I can remove this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
Bartender_1Microsoft Network Administrator

Commented:
Have you tried following these steps:
http://malwaretips.com/blogs/department-of-justice-virus/


Hope this helps!

:o)

Bartender_1
Bartender_1Microsoft Network Administrator

Commented:
If you can't get to safe mode, you could try this software to boot from and edit the affected registry settings:

http://www.raymond.cc/blog/how-to-edit-windows-registry-key-values-without-booting-in-windows/

Hope this helps!

:o)

Bartender_1
bigbigpig

Commented:
You can try booting to a rescue CD like Kaspersky's, or another if you have a preference.
http://support.kaspersky.com/4162
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Find out now!
Commented:
Avast has a tutorial on how to remove this infection.  I would also consider wiping an reinstalling or reimaging the OS on this computer if this doesn't work.  And get some AV software installed and updated on it before giving it back to the user.


https://forum.avast.com/index.php?topic=112757.0
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
I like the Kapersky Rescue Disk myself.
Thomas Zucker-ScharffSolution Guide

Commented:
I use a SARDU created disk which everything on it.  It is worth making one of these for just such occassions:

http://www.experts-exchange.com/Storage/Misc/A_3038-Boot-Disks-UBCD-UBCD4Win-and-SARDU.html
Darr247

Commented:
It's called "ransomware" malware... whatever steps you take, do NOT give them any money, because that will NOT fix the problem.
Gabriel CliftonNet Admin
Top Expert 2012

Commented:
I have seen it fixed with sophos antivirus boot disk and/or combofix from bleepingcomputer.com.
nobus
Top Expert 2013

Commented:
Sue TaylorProject Manager

Author

Commented:
I tried EVERYONE's solutions, but ended up having to reformat.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial