The Department Of Justice Malware - How To Remove?


The Department of Justice (DOJ) is a virus that blocks a screen of an infected computer by displaying a special warning message. It is supposed to be from official federal authorities – Department of Justice – that is responsible for enforcing the law and defending the interests of the United States, according to the law. The blocking screen uses department‘s logo to seem more legitimate. Alas it is only a scam which aim is to swindle people‘s money away. Cyber criminals use sophisticated methods for deceiving their victims.

To scare an infected computer user, Department of Justice message accuses him of such crimes as illegal usage and distribution of copyrighted content, sending spam e-mails or even committing child pornography crimes. For the effect to be even stronger a virus is programmed to use computer‘s webcam for showing a person using PC. The text explains that any video or photo material will be sent to a remote server and later used for a criminal‘s identification. It is a smart step that completely confuses the user however it shouldn’t be taken seriously. As if this was not enough, you will see a countdown timer, a bogus case number and FBI agent name. You must have already realized that none of the above is true. All the psychological tricks are made up to force a victim to pay the money which is not that small. A fine is as big as 300USD. This is an example of the message you might see:

The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.
Article 274 – Copyright
A fine or imprisonment for the term of up to 4 years. (The use or sharing of copyrighted files-movies, software)
Amount of the fine is $300. Payment must be made within 24 hours after the discovery of the violation. If the fine has not been paid, you will become the subject of criminal prosecution.

To pay a fine one is asked to use a prepaid payment system – MoneyPak. It is not likely at all that official justice institutions would use such methods. It is just one more proof that the program is not related to police in any sense. If you have already paid the ransom contact your credit card bank and dispute the charges. Please note that after paying the money your bank card information might have been recorded by cyber criminals therefore you should take all the precaution methods in order to protect your savings. For the future remember that none of governmental authorities collect any payments including fines using prepaid payment systems. They will always inform you about any cases contacting you personally instead of sending some unclear message. If you are offered such an option you can be sure the issue is related to scam.

The Department of Justice virus can be distributed in various ways but one of the most common methods is infiltrating infection into web pages. Your computer might get infected after you press on malicious advertisements. It does not necessary has to be a site of fishy origin. Web pages that you visit every day, such as job search pages, might get corrupted and spread infection. In this case inform a website owner/administrator about the issue.

To remove the Department of Justice virus follow this guide:


1. Reboot your computer, press F8 during rebooting;
2. Select safe mode with networking;
3. Launch MSConfig;
4. Disable startup items rundll32 turning on any application from Application Data;
5. Reboot system one more time.
7. Scan with  it will find the Department of Justice virus and remove it. Watch a step by step video instructions:


In some cases it is not possible to use Safe Mode because of a special virus version. If you have this problem, try rebooting into safe mode with command prompt:

  1. Reboot into safe mode with command prompt. The Department of Justice virus should not be launched this time. If you cannot chose safe mode with command prompt and cannot access other user account for running Anti-Malware program scan, use Bootable antivirus CD/USB disk and scan with it or call +1-888-334-2444 (USA / CA ) for help.
  2. Run regedit. Look for Winlogon.
  3. There will be a key named by Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users’ folders, replace it with explorer.exe.
  4. Save changes and reboot to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
  6. Install and run Scan with it the PC and the Department of Justice virus executables it finds.

For a better understanding follow this video guide:

If you have any questions or comments feel free to post them below this article. Our support team will answer as soon as possible.

Automatic the Department of Justice Malware removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove Department of Justice Malware, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on


the Department of Justice Malware screenshots


About the author

 - Main Editor

I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

December 18, 2012 17:44, June 6, 2013 06:41

17 thoughts on “the Department of Justice Malware


  2. Thanks for all the information. There is a problem that I am having. I tried to “start with command prompt” but I don’t see the option of “shell” under Winlogon. What do you think I can do? Thanks.

  3. Guys, you don’t have to buy any Antivirus, you just restore your computer to a point you are certain it had no virus, then it is all good.

  4. To everyone who CANNOT find Shell: After you hit find, you will probably not find shell. In this instance simply click Find Next in the Find box. You will have to go through numerous windows before you finally hit the page that has Shell.

  5. I think i may have an evolved version of this thing, even in safe mode it pops up to block anything else from working. Does anyone know disable this thing so I can run a virus scan?…the only way it doesn’t activate is in safe mode with command prompts, can I get a scan going from there?
    In the past, I’ve been able to do a restore point in safe mode and then scan with malware bytes to remove it…but this little gremlin is really persistant.

  6. I recently fell victim to the Dept. of Justice Virus and freaked out when I first read it. I just upgraded my system to Windows 8 and with the assistance of a Technician, we were able to remove the virus with the hassle of trying to hold my SHIFT key and F-8 or from the Desktop, hit the windows key + R and enter “msconfig” without the quotations which didn’t work for me at all.
    WARNING: Back up your files on a frequent basis. I had backed up all my files to an external hard drive, but found that after the process, I didn’t have to restore any of my files but I did have to go back and reinstall my Antivirus and MS Office software so please make sure that you have your product keys available.

    Windows 8 Users only:
    From the START menu:
    1. Move your mouse to the far right of the screen where you can have access to Settings (1 of the 5 options) and click on SETTINGS.

    2. Select Change PC Settings

    From the SETTINGS Menu:
    1. Scroll down to GENERAL and click.

    2. Move your mouse to the right side and scroll down to “Refresh your PC without Affecting your Files” and click on Get Started.

    3. Read the prompts then click NEXT.

    The process took me less than 15 minutes and when the process was complete, all of my files and folders were in tact. My desktop, however, was black and I only had 3 icons, one of them which was a file named Removed Apps. I was able to reinstall my important icons but the most important thing was that my computer was no longer locked. It certainly helps to install an anti-malware software. Good luck to everyone and I hope that this can help someone else like it helped me. Pay it forward!

  7. THANK YOU!!!! I just got a new laptop for Christmas and was devastated when I realized this DOJ crap was a virus. Thank you, really.

  8. So I got a version of this malware and it does a few unique things overall, first off it will not allow me to boot into any safe mode like people are describing, 2nd it disabled my other 2 drives, and third I was able to slow it down enough for find the .bmp and .jpg files after creating a whole new login. I think I got all of the parts of this malware removed including out of the registry but still having a hard to getting access back from my other drives. It keeps promoting me to format the drives any ideas what I might be able to try besides reformating the drives themselves?

Leave a Reply

Your email address will not be published. Required fields are marked *