I have a Windows XP SP3 (32-bit) computer infected with said ransomware. When I start up my computer, the computer does the usual BIOS startup, and then goes into the Windows booting screen. The computer then goes into my user account; I have about 45 seconds wherein my desktop is open for my use (but about 20 seconds passes before I can initialize anything other than the start menu due to startup programs). Then the DOJ lock screen pops up, and all I can do is click on the Moneypack button, hit Alt+Tab and bring up the small window overlay showing what programs are open (Note: I cannot actually switch to other open programs; the lock screen remains on top), and turn my computer off with the power button, although this always brings up a blue screen of death and I have to hold the power button in order to power down my computer.
I have tried the following procedures:
- I am unable to boot up the computer in any forms of the Safe Mode (available options are Safe Mode, Safe Mode With Networking, Safe Mode with Command Prompt).
- I have tried booting up the computer using Last Known Configuration, and the virus is still present, exactly like the first time I rebooted my computer with the virus.
- I already have Malwarebytes installed on my computer, and I managed to open it and run a scan. It appears that it ran perfectly fine in the background, even with the lock screen present. MS Essentials, on the other hand, is not present in the task bar, and I cannot open it. I waited three hours for Malwarebytes to finish scanning and then restarted my computer. I opened up Malwarebytes again, and silly me made Malwarebytes delete the quarantined processes. The lock screen still appeared 20 seconds later. (I'm hoping I didn't damage my computer doing that; I've rebooted again since then, and it seems to run fine, minus the lock screen that keeps popping up; the log created by Malwarebytes is still on my computer, if it is wanted).
- It is worthy to note that my computer is connected to a power strip, and that it uses an Ethernet cable rather than wireless. When I am not using it, I turn off the power strip, and since this virus has appeared, I have disconnected the Ethernet cable from my computer. The lock screen now pops up with an additional "Please connect to the Internet!" message approximately 5 seconds after the lock screen appears, with an OK button and a little X in the top right corner. I have ignored that message up to this point.
-I have HitmanPro installed on a flash drive. My attempt to follow the procedure of shutting down the DOJ lock screen via this method failed; the HitmanPro Kickstarter menu appears when I boot from that USB, but after I press 1, it says opening files and then states it cannot open the flash drive.
-I have not tried using a Kaspersky Rescue Disc or a OTLPE startup disc yet. I have a blank CD-RW disc ready, and an alternate computer (with the same operating system) with a DVD-RW drive.
I do not know where this virus originated from - the lock screen appeared Saturday, May 11, during the afternoon while I was watching a Youtube video. Mozilla Firefox suddenly closed, and then when MS Essentials disappeared from my taskbar, I knew something was up before the lock screen appeared. I do not remember downloading any files in the prior days, although I visited a couple sites that had a high number of popup ads. Needless to say, I closed out of them quickly and did not ever visit those sites again. I scanned the night before the occurrence with MS Essentials, finishing around 3 am, but no malware was detected.
Like many, I have a lot of data that I would really not like to lose and would be very difficult to replace. I also have files on there that I need to access for school, so the sooner this is taken care of the better. Here's to hoping all goes well.
I also have a question - does this ransomware infect USB drives? If that is not the case, this may make things easier.