Department of Justice virus is a genuine ransomware program that infects computers surreptitiously and locks users out of their systems. We have seen plenty of similar infections before, like FBI Moneypak Virus, Metropolitan Police Virus and so on. However, the new variant of Department of Justice Virus that appeared in January 2014 displays new infection symptoms. It is hard to tell whether it is more dangerous that previous ransomware application, but it surely becomes hard to remove Department of Justice Virus from the infected computer. This article provides a concise report on the specifics of a new version of this ransomware infection, and what you can do to get rid of it.
Ransomware programs are notorious for entering target systems via Trojan infections. Urausy, Reveton Trojans are known for distributing various types of ransomware infections. Usually, whenever a ransomware application enters a computer, it usually drops an executable file on the system and once the file is run, ransomware gets installed on a system. However, with the new version of Department of Justice Virus on board, we encounter yet another way of infection. This new type of ransomware infects the Windows system DLL file – user32.dll. This infection makes the file’s resource section larger and it automatically gives away the fact that the file contains an encrypted payload.
Usually user32.dll system file is located in C:\Windows\System32\user32.dll or C:\Windows\SysWOW64\user32.dll. Based on security expert observations so far, the new version of Department of Justice virus seems to be infecting the 32-bit version of the file. When the ransomware infects user32.dll, it allocates a new executable block of virtual memory for the encrypted payload. The payload also has a decryption code, and when the entire encrypted payload in new blocks of virtual memory is decrypted, the infection executes the plain malicious code. As a result, Department of Justice Virus settles down on your system and exhibits the first infection symptoms.
The main symptoms of the infection include the most common ransomware behavior. For example, Department of Justice Virus will block Windows Task Manager, Registry Editor and Command Prompt on the Normal mode. What is more, you will also see the common ransomware notification on your screen, saying that your computer has been blocked due to criminal activity: “The work of your computer has been suspended on the grounds of the violation of the Law of the United States of America.” Needless to say, that this notification embodies the infection’s efforts to swindle you out of your money.
It is of no surprise that the new version of Department of Justice Virus is still trying to steal your money. Yet, just like it exhibits a new way of infection, it also has a new infection symptom that is rather disturbing. The new ransomware application can disable CD-ROM drives. For some it may seem like a random symptom, but the truth is that some ransomware removal techniques involve using Windows installation CD. Thus, if your CD-ROM is blocked, you can no longer recover CD for Windows operating system. What is more, CD-ROM remains blocked even in all Safe Modes.
With this new type of infection users have to be extremely careful about browsing unfamiliar websites. Refrain from clicking links to unknown websites and do not open attachments received from senders you do not know. It is better to prevent an infection than to battle one, and it order to avoid potential threats you should also invest in licensed computer security tool that would help you protect the system from various infections. Regular system security scans are a must!
We also provide two sets of manual removal instructions in the article. However, keep in mind that if you are not an advanced computer user, you should think twice before carrying any of the following actions. Do not forget that if you make a mistake or something goes wrong, you might literally kill your operating system. In other words, follow the instructions at your own risk.
Take note that the infection does not affect the system file in C:\Windows\SysWOW64 directory often, but it does that sometimes, so you need to take every possibility into consideration. Also, the <username> in the instructions is your computer’s username (it usually appears at the top of your Start menu), and you have to type it in WITHOUT <> symbols (not like in the instructions). For any further questions, you can always contact us by leaving a comment in the box below this article.