Solved

homeland security virus

Posted on 2013-11-28
6
245 Views
Last Modified: 2013-12-26
I have a computer that I was told had the Homeland security virus. the user said when they booted the computer it went right to the Homeland security screen telling them they had to pay to unlock their comuter.

I brought it home and turned it on... Nothing happened. No traces of that virus.
I connected it to my internet and still nothing. Rebooted and still nothing.
I ran malwarebytes, spybot, norton 360 (this is what the user has) and nothing was detected.
I know this guy isnt lying and didn't attempt to remove it himself b efore he gave it to me.
The computer runs ok for a winxp maching with 1.5 GB of memory.
What gives? Can anyone tell me what files to look for and reg settings?
There is nothing in the run key except 3 expected entries.
Any help would be appreciated.
0
Comment
Question by:pauls681
6 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39683671
No, one antivirus will find and clean every malware, virus or trojan so you need to scan with multiple tools.


Download these free cleaning tools.
Boot the PC in safe mode then run each of these free cleaning tools until the problem has beed removed:
 

1. Malwarebytes http://www.malwarebytes.org/

2. Combo Fix http://www.bleepingcomputer.com/download/search/?keyword=combofix

3. Rogue Killer http://www.bleepingcomputer.com/download/roguekiller/

4. Hitman Pro http://www.surfright.nl/en/hitmanpro/

5. TDS Killer http://www.bleepingcomputer.com/download/tdsskiller/

6. SuperAntiSpyware www.superantispyware.com
0
 
LVL 24

Expert Comment

by:aadih
ID: 39683676
The quickest and easiest solution: Boot up in safe mode with command prompt and type rstrui.exe to restore to a time before this virus surfaced.

Optional: Then scan with Malwarebytes Antimalware.

Use a good real-time antivirus software (e.g., Avast, AVG, Avira, etc.)
0
 

Author Comment

by:pauls681
ID: 39684437
I'm looking for what files this drops. What directories or reg settings?
I can scan the crap out of this computer and still nothing shows.
Does anyone have any more info other than scan?
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 27

Accepted Solution

by:
tliotta earned 500 total points
ID: 39685256
Restoring to a point before the infection is the primary recommended solution. The advice for WinXP to run rstui.exe is correct. Malwarebytes and Hitman Pro are two known alternative removal methods.

However, if the system is booting normally, then it's almost certain that it's already been cleaned by one of the above methods... assuming that it ever was infected.

But this isn't really a "virus" to remove. Technically, it mostly just simply replaces some boot-up functions and results in kind of a bogus block of access to the system. By restoring to a previous state, the "virus" is "removed".

Scan all you want. You're not likely to find anything if the system acts as you say.

Tom
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 39688520
Curious if setting the computers date back would be of value here; NOT for points, just interested in this since a friend had similar experience and found help in a link he shared which is this.  http://www.2-spyware.com/remove-homeland-security-virus.html
0
 

Author Comment

by:pauls681
ID: 39740665
I concluded that there were no traces of a virus on his system. The antivirus he had was current and i am guessing it must have removed it. I couldnt go back because he wasn't sure when it happened. It wasnt a computer he used very much.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now