Remove Department of Justice Ransomware
Department of Justice Ransomware a malware that shows a screen locker that you are not allow to access your Windows desktop. You must pay a ransom to unlock the windows desktop. The screen locker is very nasty indeed. It try to be an alert from the United States Department of Justice. It warn you that they have detected that you have been viewing child pornography, using unlicensed software, or sharing copyrighted files. They also stated that in order to avoid criminal prosecution, you must pay a fee of $300 in the form of a MoneyPak voucher within 48 hours to gain access to your computer again. The ransomware must be removed as fast as possible.
Department of Justice Ransomware show that: The work of your computer has been suspended on the grounds of the violation of the law of the United Sates of America. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300. It continue to threaten you that this fine may only be paid within 48 hours. If you let 48 hours pass without payment, the possibility of unlocking your computer expires. In this case a criminal case against you will be initiated automatically.
Department of Justice Ransomware should be removed immediately!
Removal Guide
Kill Process
(How to kill a process effectively?)
MigAutoPlay.exe
syssecurity.exe
Delete Registry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MigAutoPlay" = %CommonAppData%\MigAutoPlay.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DisplaySwitch" = %UserProfile%\Templates\syssecurity.exe"
Remove Folders and Files
%CommonAppData%\MigAutoPlay.exe
%UserProfile%\Templates\syssecurity.exe
%UserProfile%\Templates\1.jpg
%UserProfile%\Templates\1.bmp
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7, and Windows 8.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData.
Removal Guide
Kill Process
(How to kill a process effectively?)
MigAutoPlay.exe
syssecurity.exe
Delete Registry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MigAutoPlay" = %CommonAppData%\MigAutoPlay.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DisplaySwitch" = %UserProfile%\Templates\syssecurity.exe"
Remove Folders and Files
%CommonAppData%\MigAutoPlay.exe
%UserProfile%\Templates\syssecurity.exe
%UserProfile%\Templates\1.jpg
%UserProfile%\Templates\1.bmp
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7, and Windows 8.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData.
No comments:
Post a Comment