Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Slow Computer

Homeland Security Virus

Homeland Security Virus is a ransomware infection which seeks to deceive you into paying a considerable sum of money. The threat is distributed by the Trojan Urausy which is known to be associated with a great variety of ransomware scams. Like in previous cases known to malware researchers, the Trojan locks the system down and displays a fraudulent full-screen message containing the heading Homeland Security: National Cyber Security Division and the logo U.S. Department of Homeland Security. Not surprisingly, there is also a statement, typical of other ransomware threats, which claims that the computer has been blocked. Very similar phrases you will find in the notification of FBI Virus, FBI Cybercrime Division Virus and other variants.

In the case of the infection in question, you are accused of being involved in pornography issues and of using copyrighted material and unlicensed software. Below you will find two statements which are present in the bogus notification:

To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPak.

We advise you to ignore the warning because you can unlock your compute by using a reliable spyware removal tool. The fact that the notification contains the credentials of an authoritative institution does not mean that the institution is somehow related to you and the lock-down of your PC. Cyber criminals tend to present various legal enforcement agencies in order to convince the victim that he/she has to react to the instructions given in the message. Moreover, in order variants of Homeland Security Virus, instead of MoneyPak you can find other such prepaid services as Ukash or Paysafecard.

If you ever find yourself in a very similar situation, contact the institution present in the notification to find out whether you are dealing with a legitimate notification. Now as you know that Homeland Security Virus is nothing but a scam, you should remove it from the PC immediately. The immediate actions are necessary in order to prevent system disorders initiated by the Trojan. The sooner you remove Homeland Security Virus, the sooner you regain access to the system, not to mention that the risk of getting the PC infected with new malware will be minimized.

How to remove Homeland Security Virus

Windows XP

  1. Restart the computer.
  2. Tap the F8 key once the BIOS startup screen loads.
  3. Using the arrow keys, select Safe Mode with Networking and press Enter.
  4. Click on Yes.
  5. Go to the Start menu.
  6. Launch Run.
  7. Type msconfig in the Open box.
  8. Press OK.
  9. Under the Startup tab, click on Disable All.
  10. Select Apply.
  11. Go to http://www.pcthreat.com/download-sph and download our spyware removal tool SpyHunter.
  12. Restart the PC.
  13. When the system loads, run the installer and remove Homeland Security Virus.

Windows Vista/7

  1. Restart the computer.
  2. Wait for the BIOS startup screen to load and then immediately start tapping the F8 key.
  3. In the Windows Advanced Options Menu, select Safe Mode with Networking using the up/down arrow key.
  4. Press Enter.
  5. Download SpyHunter from our website.
  6. Install the application and scan the PC to detect the infection.

Windows 8

  1. Press the Windows key to open your Metro UI.
  2. Open Internet Explorer.
  3. Enter http://www.pcthreat.com/download-sph and click on Run.
  4. Scan the PC to have the infection detected and remove.
  5. Restart the computer after the removal.
Download Spyware Removal Tool to Remove* Homeland Security Virus
  • Quick & tested solution for Homeland Security Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Homeland Security Virus

Files associated with Homeland Security Virus infection:

cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
ssntvs.exe
sqlncli.exe
najeoxtt.exe
obvwo.exe
pmstcdjwz.exe
bf8h8d02hf.exe
Other.res
%LOCALAPPDATA%\Temp
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
xlqbteeb.exe
Piranha.exe
wlsidten.exe
setex.exe
puozlkmyj.dll
securitywindrv.exe
p1.exe
install_0_msi.exe
%APPDATA%\updates
Firewallservice.exe
hwj3ba6j.dss
gcrwcoak.exe
ubvhynpxh.exe
questscan.dll
administration.exe
JfCqQ5JC.exe
00qbipeq.exe
Updating.exe
xmlfilter.exe
%LOCALAPPDATA%\lollipop
wpbt0.dll
%CommonProgramFiles%
DA0B.exe
brenasa.exe
WinSyncMetastore.exe
Task Scheduler.exe
msshell.exe
C87C.exe
dyjdl.exe
WINDED6.exe
msavfit.exe
Q3d38543.exe
%ALLUSERSPROFILE%
OmaSG21e.exe
wjthvwjb.dss
00b5d693.exe
n.
pYunY8m4VL3qLc.exe
%WINDIR%\system32
%ALLUSERSPROFILE%\Application Data
msn.exe
wgsdgsdgdsgsd.exe
%UserProfile%
yaiiwockc.dll
crack.exe
dtkmujvo.exe
rool0_pk.exe
87b2cb3916261d5c807bf44262755cb0.exe
mplayer2.exe
50E1.exe
svchost.exe
%AppData%
audipbrd.exe
ieudator.dll
DLL321.dll
comeo.exe
ifgxpers.exe
idiokbbrv.exe
wlsidten.dll
%TEMP%
96dddda4.dll
dqnbdq7.dss
%APPDATA%\Task Scheduler
skype.dat
msdtmsrd.exe
jsdhlexdqkllnbcxgai.bfg
rvcbcyks.exe
3511172082012Build.exe
systemcpl.exe
b34btbztdb0vavaw.exe
iner.exe
zqmkrehUkpoKfsafsaZg.exe
m2PythonLoader.exe
ex3b.dll
TimeDateMUICallback.exe
csrsss.exe
wahneaqa.exe
VaultSysUi.exe
UpdatePriv.exe
Nbt.exe
魔法桌面第三方主题破解补丁V1.1.exe
videotwisterSA.exe
msnmsgrr.exe
oygqyunapnp.exe
aPr0hY9.exe
ACEIEAddOn.dll
uenovfiu.exe
2084473.dll
ctfmon.exe
acuvzomo.exe
NTServiceManager.exe
UpgradeHelper.exe
SyncHostps.exe
%APPDATA%\system
bvhylsviw.exe
scvhost.exe
xaZYOVJW.exe
%SystemDrive%\????????????
xctqakcqbeo.dll
taskhost.exe.exe
secproc_isv.exe
%WINDIR%\Temp
MusicCollector.exe
bzsbkotiu.exe

Homeland Security Virus DLL's to remove:

96dddda4.dll
yaiiwockc.dll
wlsidten.dll
ACEIEAddOn.dll
puozlkmyj.dll
xctqakcqbeo.dll
ex3b.dll
wpbt0.dll
questscan.dll
ieudator.dll
2084473.dll
DLL321.dll

Homeland Security Virus processes to kill:

videotwisterSA.exe
m2PythonLoader.exe
zqmkrehUkpoKfsafsaZg.exe
svchost.exe
taskhost.exe.exe
install_0_msi.exe
pmstcdjwz.exe
ssntvs.exe
Firewallservice.exe
xaZYOVJW.exe
VaultSysUi.exe
SyncHostps.exe
dyjdl.exe
魔法桌面第三方主题破解补丁V1.1.exe
WinSyncMetastore.exe
scvhost.exe
00qbipeq.exe
bf8h8d02hf.exe
OmaSG21e.exe
audipbrd.exe
b34btbztdb0vavaw.exe
NTServiceManager.exe
Q3d38543.exe
pYunY8m4VL3qLc.exe
UpgradeHelper.exe
Piranha.exe
wahneaqa.exe
xmlfilter.exe
securitywindrv.exe
ifgxpers.exe
obvwo.exe
Task Scheduler.exe
najeoxtt.exe
oygqyunapnp.exe
bvhylsviw.exe
comeo.exe
MusicCollector.exe
uenovfiu.exe
ctfmon.exe
msavfit.exe
ubvhynpxh.exe
msnmsgrr.exe
87b2cb3916261d5c807bf44262755cb0.exe
50E1.exe
DA0B.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
Updating.exe
gcrwcoak.exe
systemcpl.exe
bzsbkotiu.exe
wlsidten.exe
csrsss.exe
idiokbbrv.exe
msdtmsrd.exe
WINDED6.exe
setex.exe
rvcbcyks.exe
C87C.exe
wgsdgsdgdsgsd.exe
Nbt.exe
3511172082012Build.exe
TimeDateMUICallback.exe
JfCqQ5JC.exe
UpdatePriv.exe
aPr0hY9.exe
dtkmujvo.exe
secproc_isv.exe
administration.exe
mplayer2.exe
rool0_pk.exe
acuvzomo.exe
msshell.exe
msn.exe
crack.exe
p1.exe
00b5d693.exe
iner.exe
brenasa.exe
sqlncli.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
xlqbteeb.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.