DOJ virus

[TheComputerGuy4u]

Hey all,

Recently been dealing with alot of customers with DOJ virus's and others that want people to go to Walmart to buy a $300 gift card to unlock their computer. Aside from shaking my head about the inquiry, "Is this legit?", any one have a quick down and dirty way to bypass start-up and get this out of peoples computer's?

Thanks

 

[frederick]

I use a USB bootable drive, with HitmanPro.Kickstart on there. Boot from the USB, and tell it to Bypass the MBR. Follow the instructions from there on HitmaPro, but make sure you choose the one-time scan option. I believe the DOJ Ransomware is MigAutoPlay.exe, but whatever, it'll find it, and have it removed with HitmanPro.

After it reboots, go ahead and sterilize the hell out of that computer with MBAM or whatever you use and get all the extra stuff it installed, downloaded, created, you get the idea.

EDIT: I do not remember where I got HitmanPro from, so...yeah...try google on that one.

 

[LifelineIT]

Kaspersky Rescue Disk (mine's on a YUMI based external hard drive.) Boot, really do the text boot, type in "windowsunlocker" and press enter. It's still there, but it's disabled. You can also just let KAV kill it.

Alternatively, you can try this tool here:
http://support.kaspersky.com/viruses/deblocker?ClickID=bgl16vvsqmv6flfeldvevqqnue161zdnkvlv

or this tool here:
https://www.drweb.com/xperf/unlocker/

To automatically generate the unlock code. Then run malwarebytes to kill. You can give them the code over the phone and they'll think you're god.

 

[TheComputerGuy4u]

Thanks Guys, I have Hitman, I'll give it a try.

 

[frederick]

If you are using HitmanPro, forgot to mention, you have to install the kickstart program to the USB drive.

 

[Bubbajoe]

1. Reboot into SafeMode with networking.

2. If the above won't work, reboot into SafeMode with command prompt.

3. Activate hidden admin acct.

4. Boot into hidden admin acct.

5. Do your tech thing.

6. If none of the above work, bootable scanner as already mentioned.

 

[ohio_grad_06]

Haven't seen this one yet. Usually for the FBI viruses just boot safemode with command prompt, at command prompt type "control panel" and hit enter to get explorer window and use that to get to my USB drive with tools.

 

[frederick]

I like everyone's method here. Personally I don't like activating the hidden admin account, especially if there is a nifty fifty boot to tool

 

[drjones]

I usually have luck nuking that virus with Windows Defender Offline. I find it to be far quicker than Kaspersky; I've seen my Kaspersky bootable CD take like 45 min just to download & process definition updates - and I'm on a 50-80mb Comcast connection!

Am I doing something wrong?

Anyhow, after Windows Defender, I'll boot to safe mode, run rkill, SuperAntiSpyware, Malwarebytes, and that usually does it. Will check startup entries with autoruns.

I ran into one or two of these that totally trashed the OS & I just decided to reinstall windows; the only important program the client had on there was QB....

 

[BillMoney]

DOj likes to destroy safe mode/safemode with networking too so hitmapro with kickstart or kaspersky rescue disk are best options

 

[computerdoc]

If your safemode is intact, I wen to safemode with networking and I ran rkill but first renamed it games.com and I then ran a full scan Malwarebytes and that cleaned it up.

 

[TheComputerGuy4u]

Hitman pro w/ sidekick was the easiest and quickest follow up by malwarebytes. Billmoney, you are correct, and this DOJ moves quick!

 

[Bubbajoe]

Hitman pro w/ sidekick was the easiest and quickest follow up by malwarebytes. ....

You actually ran side-by-side comparison tests on the same machine? Or is this a subjective analysis?

How was HMP easier and how much quicker was it?