Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

homeland security virus

Posted on 2013-11-28
6
246 Views
Last Modified: 2013-12-26
I have a computer that I was told had the Homeland security virus. the user said when they booted the computer it went right to the Homeland security screen telling them they had to pay to unlock their comuter.

I brought it home and turned it on... Nothing happened. No traces of that virus.
I connected it to my internet and still nothing. Rebooted and still nothing.
I ran malwarebytes, spybot, norton 360 (this is what the user has) and nothing was detected.
I know this guy isnt lying and didn't attempt to remove it himself b efore he gave it to me.
The computer runs ok for a winxp maching with 1.5 GB of memory.
What gives? Can anyone tell me what files to look for and reg settings?
There is nothing in the run key except 3 expected entries.
Any help would be appreciated.
0
Comment
Question by:pauls681
6 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39683671
No, one antivirus will find and clean every malware, virus or trojan so you need to scan with multiple tools.


Download these free cleaning tools.
Boot the PC in safe mode then run each of these free cleaning tools until the problem has beed removed:
 

1. Malwarebytes http://www.malwarebytes.org/

2. Combo Fix http://www.bleepingcomputer.com/download/search/?keyword=combofix

3. Rogue Killer http://www.bleepingcomputer.com/download/roguekiller/

4. Hitman Pro http://www.surfright.nl/en/hitmanpro/

5. TDS Killer http://www.bleepingcomputer.com/download/tdsskiller/

6. SuperAntiSpyware www.superantispyware.com
0
 
LVL 24

Expert Comment

by:aadih
ID: 39683676
The quickest and easiest solution: Boot up in safe mode with command prompt and type rstrui.exe to restore to a time before this virus surfaced.

Optional: Then scan with Malwarebytes Antimalware.

Use a good real-time antivirus software (e.g., Avast, AVG, Avira, etc.)
0
 

Author Comment

by:pauls681
ID: 39684437
I'm looking for what files this drops. What directories or reg settings?
I can scan the crap out of this computer and still nothing shows.
Does anyone have any more info other than scan?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 27

Accepted Solution

by:
tliotta earned 500 total points
ID: 39685256
Restoring to a point before the infection is the primary recommended solution. The advice for WinXP to run rstui.exe is correct. Malwarebytes and Hitman Pro are two known alternative removal methods.

However, if the system is booting normally, then it's almost certain that it's already been cleaned by one of the above methods... assuming that it ever was infected.

But this isn't really a "virus" to remove. Technically, it mostly just simply replaces some boot-up functions and results in kind of a bogus block of access to the system. By restoring to a previous state, the "virus" is "removed".

Scan all you want. You're not likely to find anything if the system acts as you say.

Tom
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 39688520
Curious if setting the computers date back would be of value here; NOT for points, just interested in this since a friend had similar experience and found help in a link he shared which is this.  http://www.2-spyware.com/remove-homeland-security-virus.html
0
 

Author Comment

by:pauls681
ID: 39740665
I concluded that there were no traces of a virus on his system. The antivirus he had was current and i am guessing it must have removed it. I couldnt go back because he wasn't sure when it happened. It wasnt a computer he used very much.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question