Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Slow Computer

Homeland Security Virus

Homeland Security Virus is a ransomware infection which seeks to deceive you into paying a considerable sum of money. The threat is distributed by the Trojan Urausy which is known to be associated with a great variety of ransomware scams. Like in previous cases known to malware researchers, the Trojan locks the system down and displays a fraudulent full-screen message containing the heading Homeland Security: National Cyber Security Division and the logo U.S. Department of Homeland Security. Not surprisingly, there is also a statement, typical of other ransomware threats, which claims that the computer has been blocked. Very similar phrases you will find in the notification of FBI Virus, FBI Cybercrime Division Virus and other variants.

In the case of the infection in question, you are accused of being involved in pornography issues and of using copyrighted material and unlicensed software. Below you will find two statements which are present in the bogus notification:

To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPak.

We advise you to ignore the warning because you can unlock your compute by using a reliable spyware removal tool. The fact that the notification contains the credentials of an authoritative institution does not mean that the institution is somehow related to you and the lock-down of your PC. Cyber criminals tend to present various legal enforcement agencies in order to convince the victim that he/she has to react to the instructions given in the message. Moreover, in order variants of Homeland Security Virus, instead of MoneyPak you can find other such prepaid services as Ukash or Paysafecard.

If you ever find yourself in a very similar situation, contact the institution present in the notification to find out whether you are dealing with a legitimate notification. Now as you know that Homeland Security Virus is nothing but a scam, you should remove it from the PC immediately. The immediate actions are necessary in order to prevent system disorders initiated by the Trojan. The sooner you remove Homeland Security Virus, the sooner you regain access to the system, not to mention that the risk of getting the PC infected with new malware will be minimized.

How to remove Homeland Security Virus

Windows XP

  1. Restart the computer.
  2. Tap the F8 key once the BIOS startup screen loads.
  3. Using the arrow keys, select Safe Mode with Networking and press Enter.
  4. Click on Yes.
  5. Go to the Start menu.
  6. Launch Run.
  7. Type msconfig in the Open box.
  8. Press OK.
  9. Under the Startup tab, click on Disable All.
  10. Select Apply.
  11. Go to http://www.pcthreat.com/download-sph and download our spyware removal tool SpyHunter.
  12. Restart the PC.
  13. When the system loads, run the installer and remove Homeland Security Virus.

Windows Vista/7

  1. Restart the computer.
  2. Wait for the BIOS startup screen to load and then immediately start tapping the F8 key.
  3. In the Windows Advanced Options Menu, select Safe Mode with Networking using the up/down arrow key.
  4. Press Enter.
  5. Download SpyHunter from our website.
  6. Install the application and scan the PC to detect the infection.

Windows 8

  1. Press the Windows key to open your Metro UI.
  2. Open Internet Explorer.
  3. Enter http://www.pcthreat.com/download-sph and click on Run.
  4. Scan the PC to have the infection detected and remove.
  5. Restart the computer after the removal.
Download Spyware Removal Tool to Remove* Homeland Security Virus
  • Quick & tested solution for Homeland Security Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Homeland Security Virus

Files associated with Homeland Security Virus infection:

DA0B.exe
wahneaqa.exe
questscan.dll
idiokbbrv.exe
UpgradeHelper.exe
ACEIEAddOn.dll
zqmkrehUkpoKfsafsaZg.exe
dyjdl.exe
%CommonProgramFiles%
%LOCALAPPDATA%\lollipop
%WINDIR%\system32
Task Scheduler.exe
TimeDateMUICallback.exe
administration.exe
rool0_pk.exe
msnmsgrr.exe
wlsidten.dll
iner.exe
dtkmujvo.exe
jsdhlexdqkllnbcxgai.bfg
secproc_isv.exe
%APPDATA%\system
WINDED6.exe
aPr0hY9.exe
crack.exe
DLL321.dll
%APPDATA%\updates
rvcbcyks.exe
xctqakcqbeo.dll
%TEMP%
mplayer2.exe
Updating.exe
ctfmon.exe
obvwo.exe
install_0_msi.exe
gcrwcoak.exe
xmlfilter.exe
acuvzomo.exe
%LOCALAPPDATA%\Temp
%APPDATA%\Task Scheduler
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
2084473.dll
b34btbztdb0vavaw.exe
sqlncli.exe
wpbt0.dll
xlqbteeb.exe
msshell.exe
csrsss.exe
JfCqQ5JC.exe
oygqyunapnp.exe
OmaSG21e.exe
msdtmsrd.exe
securitywindrv.exe
videotwisterSA.exe
3511172082012Build.exe
C87C.exe
uenovfiu.exe
systemcpl.exe
wlsidten.exe
ssntvs.exe
ifgxpers.exe
n.
scvhost.exe
MusicCollector.exe
najeoxtt.exe
Other.res
%SystemDrive%\????????????
SyncHostps.exe
bzsbkotiu.exe
p1.exe
bvhylsviw.exe
%UserProfile%
87b2cb3916261d5c807bf44262755cb0.exe
setex.exe
yaiiwockc.dll
Nbt.exe
UpdatePriv.exe
skype.dat
Firewallservice.exe
00b5d693.exe
msn.exe
audipbrd.exe
comeo.exe
msavfit.exe
NTServiceManager.exe
bf8h8d02hf.exe
dqnbdq7.dss
taskhost.exe.exe
brenasa.exe
%WINDIR%\Temp
hwj3ba6j.dss
puozlkmyj.dll
wgsdgsdgdsgsd.exe
%ALLUSERSPROFILE%\Application Data
50E1.exe
%AppData%
%ALLUSERSPROFILE%
Q3d38543.exe
ieudator.dll
svchost.exe
wjthvwjb.dss
m2PythonLoader.exe
00qbipeq.exe
WinSyncMetastore.exe
pmstcdjwz.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
魔法桌面第三方主题破解补丁V1.1.exe
ex3b.dll
Piranha.exe
ubvhynpxh.exe
xaZYOVJW.exe
VaultSysUi.exe
96dddda4.dll
pYunY8m4VL3qLc.exe

Homeland Security Virus DLL's to remove:

yaiiwockc.dll
puozlkmyj.dll
2084473.dll
questscan.dll
wpbt0.dll
ieudator.dll
ex3b.dll
xctqakcqbeo.dll
96dddda4.dll
ACEIEAddOn.dll
wlsidten.dll
DLL321.dll

Homeland Security Virus processes to kill:

oygqyunapnp.exe
securitywindrv.exe
Updating.exe
UpgradeHelper.exe
bvhylsviw.exe
WINDED6.exe
xmlfilter.exe
Piranha.exe
50E1.exe
Firewallservice.exe
VaultSysUi.exe
msnmsgrr.exe
WinSyncMetastore.exe
msdtmsrd.exe
secproc_isv.exe
videotwisterSA.exe
JfCqQ5JC.exe
00qbipeq.exe
Task Scheduler.exe
wgsdgsdgdsgsd.exe
ctfmon.exe
NTServiceManager.exe
3511172082012Build.exe
87b2cb3916261d5c807bf44262755cb0.exe
dtkmujvo.exe
rvcbcyks.exe
ifgxpers.exe
00b5d693.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
taskhost.exe.exe
sqlncli.exe
OmaSG21e.exe
wlsidten.exe
SyncHostps.exe
魔法桌面第三方主题破解补丁V1.1.exe
mplayer2.exe
ubvhynpxh.exe
MusicCollector.exe
msshell.exe
zqmkrehUkpoKfsafsaZg.exe
bf8h8d02hf.exe
msavfit.exe
najeoxtt.exe
pYunY8m4VL3qLc.exe
aPr0hY9.exe
wahneaqa.exe
install_0_msi.exe
UpdatePriv.exe
p1.exe
Nbt.exe
dyjdl.exe
bzsbkotiu.exe
xaZYOVJW.exe
TimeDateMUICallback.exe
xlqbteeb.exe
DA0B.exe
ssntvs.exe
C87C.exe
iner.exe
rool0_pk.exe
administration.exe
gcrwcoak.exe
csrsss.exe
uenovfiu.exe
systemcpl.exe
brenasa.exe
pmstcdjwz.exe
crack.exe
idiokbbrv.exe
acuvzomo.exe
m2PythonLoader.exe
msn.exe
audipbrd.exe
b34btbztdb0vavaw.exe
setex.exe
comeo.exe
Q3d38543.exe
obvwo.exe
svchost.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
scvhost.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.