Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Slow Computer

Homeland Security Virus

Homeland Security Virus is a ransomware infection which seeks to deceive you into paying a considerable sum of money. The threat is distributed by the Trojan Urausy which is known to be associated with a great variety of ransomware scams. Like in previous cases known to malware researchers, the Trojan locks the system down and displays a fraudulent full-screen message containing the heading Homeland Security: National Cyber Security Division and the logo U.S. Department of Homeland Security. Not surprisingly, there is also a statement, typical of other ransomware threats, which claims that the computer has been blocked. Very similar phrases you will find in the notification of FBI Virus, FBI Cybercrime Division Virus and other variants.

In the case of the infection in question, you are accused of being involved in pornography issues and of using copyrighted material and unlicensed software. Below you will find two statements which are present in the bogus notification:

To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPak.

We advise you to ignore the warning because you can unlock your compute by using a reliable spyware removal tool. The fact that the notification contains the credentials of an authoritative institution does not mean that the institution is somehow related to you and the lock-down of your PC. Cyber criminals tend to present various legal enforcement agencies in order to convince the victim that he/she has to react to the instructions given in the message. Moreover, in order variants of Homeland Security Virus, instead of MoneyPak you can find other such prepaid services as Ukash or Paysafecard.

If you ever find yourself in a very similar situation, contact the institution present in the notification to find out whether you are dealing with a legitimate notification. Now as you know that Homeland Security Virus is nothing but a scam, you should remove it from the PC immediately. The immediate actions are necessary in order to prevent system disorders initiated by the Trojan. The sooner you remove Homeland Security Virus, the sooner you regain access to the system, not to mention that the risk of getting the PC infected with new malware will be minimized.

How to remove Homeland Security Virus

Windows XP

  1. Restart the computer.
  2. Tap the F8 key once the BIOS startup screen loads.
  3. Using the arrow keys, select Safe Mode with Networking and press Enter.
  4. Click on Yes.
  5. Go to the Start menu.
  6. Launch Run.
  7. Type msconfig in the Open box.
  8. Press OK.
  9. Under the Startup tab, click on Disable All.
  10. Select Apply.
  11. Go to http://www.pcthreat.com/download-sph and download our spyware removal tool SpyHunter.
  12. Restart the PC.
  13. When the system loads, run the installer and remove Homeland Security Virus.

Windows Vista/7

  1. Restart the computer.
  2. Wait for the BIOS startup screen to load and then immediately start tapping the F8 key.
  3. In the Windows Advanced Options Menu, select Safe Mode with Networking using the up/down arrow key.
  4. Press Enter.
  5. Download SpyHunter from our website.
  6. Install the application and scan the PC to detect the infection.

Windows 8

  1. Press the Windows key to open your Metro UI.
  2. Open Internet Explorer.
  3. Enter http://www.pcthreat.com/download-sph and click on Run.
  4. Scan the PC to have the infection detected and remove.
  5. Restart the computer after the removal.
Download Spyware Removal Tool to Remove* Homeland Security Virus
  • Quick & tested solution for Homeland Security Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Homeland Security Virus

Files associated with Homeland Security Virus infection:

msshell.exe
aPr0hY9.exe
systemcpl.exe
brenasa.exe
oygqyunapnp.exe
skype.dat
Nbt.exe
xctqakcqbeo.dll
dyjdl.exe
WinSyncMetastore.exe
securitywindrv.exe
questscan.dll
00b5d693.exe
mplayer2.exe
comeo.exe
pmstcdjwz.exe
secproc_isv.exe
%WINDIR%\Temp
OmaSG21e.exe
hwj3ba6j.dss
xmlfilter.exe
administration.exe
2084473.dll
%APPDATA%\updates
TimeDateMUICallback.exe
scvhost.exe
xlqbteeb.exe
%APPDATA%\system
%TEMP%
najeoxtt.exe
%LOCALAPPDATA%\Temp
C87C.exe
dqnbdq7.dss
msavfit.exe
UpdatePriv.exe
sqlncli.exe
pYunY8m4VL3qLc.exe
msnmsgrr.exe
uenovfiu.exe
%LOCALAPPDATA%\lollipop
JfCqQ5JC.exe
%ALLUSERSPROFILE%
wpbt0.dll
%UserProfile%
Task Scheduler.exe
Piranha.exe
jsdhlexdqkllnbcxgai.bfg
87b2cb3916261d5c807bf44262755cb0.exe
ieudator.dll
SyncHostps.exe
audipbrd.exe
Firewallservice.exe
%ALLUSERSPROFILE%\Application Data
Other.res
UpgradeHelper.exe
videotwisterSA.exe
NTServiceManager.exe
crack.exe
idiokbbrv.exe
m2PythonLoader.exe
Updating.exe
bvhylsviw.exe
taskhost.exe.exe
MusicCollector.exe
50E1.exe
iner.exe
obvwo.exe
setex.exe
wlsidten.exe
gcrwcoak.exe
ssntvs.exe
%SystemDrive%\????????????
svchost.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
msdtmsrd.exe
puozlkmyj.dll
WINDED6.exe
%APPDATA%\Task Scheduler
%CommonProgramFiles%
%AppData%
acuvzomo.exe
wgsdgsdgdsgsd.exe
zqmkrehUkpoKfsafsaZg.exe
rool0_pk.exe
csrsss.exe
rvcbcyks.exe
wjthvwjb.dss
xaZYOVJW.exe
ACEIEAddOn.dll
DA0B.exe
wlsidten.dll
DLL321.dll
ubvhynpxh.exe
bf8h8d02hf.exe
Q3d38543.exe
ex3b.dll
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
ifgxpers.exe
install_0_msi.exe
dtkmujvo.exe
ctfmon.exe
p1.exe
96dddda4.dll
00qbipeq.exe
wahneaqa.exe
魔法桌面第三方主题破解补丁V1.1.exe
yaiiwockc.dll
VaultSysUi.exe
3511172082012Build.exe
%WINDIR%\system32
msn.exe
bzsbkotiu.exe
n.
b34btbztdb0vavaw.exe

Homeland Security Virus DLL's to remove:

ieudator.dll
yaiiwockc.dll
puozlkmyj.dll
ACEIEAddOn.dll
DLL321.dll
questscan.dll
wpbt0.dll
2084473.dll
wlsidten.dll
xctqakcqbeo.dll
96dddda4.dll
ex3b.dll

Homeland Security Virus processes to kill:

cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
魔法桌面第三方主题破解补丁V1.1.exe
OmaSG21e.exe
p1.exe
Firewallservice.exe
setex.exe
dtkmujvo.exe
bf8h8d02hf.exe
acuvzomo.exe
sqlncli.exe
dyjdl.exe
idiokbbrv.exe
brenasa.exe
NTServiceManager.exe
TimeDateMUICallback.exe
bvhylsviw.exe
svchost.exe
msavfit.exe
mplayer2.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
comeo.exe
pmstcdjwz.exe
DA0B.exe
3511172082012Build.exe
obvwo.exe
WinSyncMetastore.exe
audipbrd.exe
xaZYOVJW.exe
najeoxtt.exe
pYunY8m4VL3qLc.exe
JfCqQ5JC.exe
csrsss.exe
aPr0hY9.exe
ctfmon.exe
wgsdgsdgdsgsd.exe
install_0_msi.exe
wahneaqa.exe
xmlfilter.exe
C87C.exe
msdtmsrd.exe
crack.exe
iner.exe
zqmkrehUkpoKfsafsaZg.exe
administration.exe
wlsidten.exe
msshell.exe
msnmsgrr.exe
msn.exe
bzsbkotiu.exe
xlqbteeb.exe
SyncHostps.exe
Piranha.exe
ubvhynpxh.exe
Nbt.exe
Task Scheduler.exe
taskhost.exe.exe
securitywindrv.exe
WINDED6.exe
m2PythonLoader.exe
gcrwcoak.exe
00qbipeq.exe
b34btbztdb0vavaw.exe
ifgxpers.exe
videotwisterSA.exe
ssntvs.exe
oygqyunapnp.exe
MusicCollector.exe
uenovfiu.exe
scvhost.exe
rool0_pk.exe
UpdatePriv.exe
00b5d693.exe
50E1.exe
Q3d38543.exe
rvcbcyks.exe
systemcpl.exe
VaultSysUi.exe
87b2cb3916261d5c807bf44262755cb0.exe
UpgradeHelper.exe
secproc_isv.exe
Updating.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.