Cannot delete Department of Justice virus

Have an XP Pro machine that has the DOJ virus when it boots.   I cannot do anything in production mode because as soon as I sign in the virus takes up the whole page.  When I try to go to Safe Mode, the computer reboots before the sign in page appears.   I have run Kaspersky Rescue CD, Malewarebytes, Hitman Pro kickstart, Alvira Rescue CD and Superantispyware .   Nothing worked.   Any ideas?
syssolutAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TomMicrosoft ISV PartnerCommented:
Boot PC - Press F8
Select: Safe Mode with Command Prompt
Type : C:\windows\system32\restore\rstrui.exe

System Restore should start, and you will see a list of restore points. Try using a restore point created just before the date and time the Department of Justice lock screen virus has infected your computer.

When System Restore has completed its task, start your computer in Windows regular mode, and perform a scan with Malwarebytes Anti-Malware and HitmanPro
0
syssolutAuthor Commented:
As stated above, any of the 3 Safe Mode choices, the computer reboots before as it goes down the list of files that show when trying to access Safe Mode.
0
TomMicrosoft ISV PartnerCommented:
OK, Whats left is to boot from a win/linux boot cd. and then do the scan

Example:
http://www.knopper.net/knoppix/index-en.html

KNOPPIX is a bootable Live system on CD, DVD or USB flash drives, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 9GB on the DVD "Maxi" edition).
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

syssolutAuthor Commented:
You mean scan with Malwarebytes and Hitman Pro after booting to Knoppix?
0
TomMicrosoft ISV PartnerCommented:
Correct, the PC's Hard disk will be mounted as a drive when booted from the CD. Make sure you copy out all files you absolutely need to a safe location (don't forget to scan them also)
0
syssolutAuthor Commented:
I have an older version of Knoppix loaded, and Malwarebytes downloaded to the desktop but when I click on Mbam, it is asking me how do I want to open the file?   Not sure how to do this
0
TomMicrosoft ISV PartnerCommented:
OK then start with HitmanPro
http://www.selectrealsecurity.com/remove-ransomware

Remember don't start to repair anything before you have tried to rescue important files
0
TomMicrosoft ISV PartnerCommented:
If rescue of important files where successful,  consider also the time used to clean this PC against re installing from scratch .
0
syssolutAuthor Commented:
I downloaded Hitman Pro kickstart to a USB, it went through the scan, but it didn't eliminate the ransomware.

The link you sent wants me to go to Safe Mode with networking but I cannot get into Safe Mode.  Is there any way to make the infected drive a secondary drive on another computer and delete files to get rid of this?   I know there is supposed to be a file called MigAutoPlay.exe, but I cannot locate it.   Does this mean I need to format the drive and re-install everything?
0
n2fcCommented:
A better step-by-step guide to using HitManPro to remove this virus is available here:
http://www.bleepingcomputer.com/virus-removal/remove-department-of-justice-ransomware

In the alternative, I would attach the hard drive as a slave on another (good) PC and delete the main virus exe file(s)...

It is usually located at: %CommonAppData%\MigAutoPlay.exe
and:     %UserProfile%\Templates\syssecurity.exe

You can then delete the registry settings that attempt to load these files at boot time...
0
TomMicrosoft ISV PartnerCommented:
The way I see it: As long as you have your files, the easiest way is to boot with the WinXP CD and format the
drive and do a complete re install.

Or better: Try out Win 7
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ccampbell15Commented:
If you attach that drive as a secondary to another PC you should be able to run Mbam against that drive.  Mbam should catch it.  Since you are running XP you may also want to try making a CD with Ultimate Boot CD
http://www.ultimatebootcd.com/download.html it has a few AV programs on it that should clean up that PITA.

Also it usually only affects 1 profile.  If you have another profile on the PC you should be able to log in to that and clean things up.
0
syssolutAuthor Commented:
As I said, I tried multiple AV and anti-malware programs.   I ran these programs as a startup rescue CD/USB or put the infected drive in a good working computer, but it did not catch the DOJ virus.
0
syssolutAuthor Commented:
I re-installed Win XP after making a copy of files and it is working fine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.