Jump to content

doj hijack ransomeware removal

Recommended Posts

Hello there I have the 2 logs as requested but they are on and about the Clean Computer! Do you still need them? Please read on before you answer.

I have purchased Malwarebytes Pro and Total Defense on the clean machine. I did that to clean up the infected one.

It, the infected one had mwbytes free version and Avg freeware.

I have pulled the hard drive and purchased the BlacX Box to plug in the hard drive and plug in to the clean computer and scan it. When I do this, it has G and F I have scanned both with MWbytes and G shows clean F locks up after about 37 minutes and 60000 odd files are scanned.

After this happens I put it back in the infected computer start it up and it scans the disc each time while rebooting after it reorganizes it all it will restart normally XP or last known safer version- and upon reboot it will allow access to all of my files and programs for about 2 minutes or so then the DOJ screen appears and Locks me up!


I do also have other users I have entered each and it has not locked up as of yet but I haven't stayed long enough to be sure, but I will try that now while I await your anser. It may but I cant access files I want from these other users. Can I clean it or fix it from them if they work since I cant access safe mode?

I know this is a long and complex question but I have been fiddling with this issue for months now and I want to fill you in on my past sessions. HELP.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.






    This method may remove the malware:

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus
  • krd5.jpg Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter
  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally



Link to post
Share on other sites

Marius that means I have not had success with the instructions you sent I downloaded the Kaspersky rescue to my desk top and made a cd, I'm not sure I did that correctly. I may need instructions on how to do this. I put the CD in my damaged pc and F10 until It says to boot by cd/dvd:  I choose that and it says, boot failure select any and key When I select a key it says it time and again over and over same thing.

Question can I use a USB instead of a CD I may have burn it wrong, the burning instructions were somewhat confusing. Can I just drag and drop the files from my desktop to the usb drive? Then boot it that way???

Link to post
Share on other sites

OK, then log into a user that isn´t blocked by the malware and do the following:



Scan with DDS

Download DDS and save it to your desktop from here or here or

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply





Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.