Homeland Security virus is a ransomware program that was designed by cyber criminals in order to steal money from random users. The malware is distributed to random systems using Trojan viruses. It can also get into computers through spam emails or if you click on some malicious link. The program belongs to Reveton group of viruses which are spreading extremely widely at the moment.
Homeland Security virus attacks mainly those systems located in the United States and is a subversion of Moneypak viruses. It locks computer completely and displays an alert stating that the work of your computer has been suspended on the grounds of violation of the law of the United States of America. The Ransomware warns that using copyrighted material as well as unlicensed software or porno related files is a crime that can even lead to imprisonment. Have a look at the entire message of Homeland Security virus below:
U.S. Department of Homeland Security
National Cyber Security Division
This computer has been blocked
THE WORK OF YOUR COMPUTER HAS BEEN SUSPENDED ON THE GROUNDS OF THE VIOLATION OF THE LAW OF THE UNITED STATES OF AMERICA.
Article 184. Pornography involving children
Imprisonment for the term of up to 10-15 years(The use or distribution of pornography material)
Artticle 171. Copyright
Imprisonment for the term of up to 2-5 years. (The use or sharing copyrighted files)
Article 113. The use of unlicensed software
Imprisonment for the term of up to 2 years (The use of unlicensed software)
To unlock your computer you are told to pay a fine of $300 using MoneyPak in 48 hours. If you don’t do this, the program warns that you will become the subject of criminal prosecution without the right to pay the fine. This is a really smart step taken by Homeland Security virus as it doesn’t give you much time to think and figure out what is going on. Many users pay expecting to get rid of the problem as nobody wants to be involved into any law violations. However, you should find more information about Homeland Security virus before making any conclusions.
Police does not collect fines using pre-paid cards so it would never ask to pay anything through MoneyPak. Besides, there are legal ways to inform you about any law violations and fines that you must pay. This would never be done by locking your computer remotely. Remove Homeland Security virus as it is just one more scam designed by cyber criminals in order to steal money from you. If you have access to other user account, you can scan your PC with reputable anti-malware program from there, such as Spyhunter. We recommend following these removal instructions of Ukash virus which explains how to eliminate this type of ransomware programs in a few different ways.
How to remove Homeland Security virus
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Homeland Security virus but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Homeland Security virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Homeland Security virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of Homeland Security virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. Homeland Security virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Homeland Security virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Automatic Malware removal tools