Solved

homeland security virus

Posted on 2013-11-28
6
247 Views
Last Modified: 2013-12-26
I have a computer that I was told had the Homeland security virus. the user said when they booted the computer it went right to the Homeland security screen telling them they had to pay to unlock their comuter.

I brought it home and turned it on... Nothing happened. No traces of that virus.
I connected it to my internet and still nothing. Rebooted and still nothing.
I ran malwarebytes, spybot, norton 360 (this is what the user has) and nothing was detected.
I know this guy isnt lying and didn't attempt to remove it himself b efore he gave it to me.
The computer runs ok for a winxp maching with 1.5 GB of memory.
What gives? Can anyone tell me what files to look for and reg settings?
There is nothing in the run key except 3 expected entries.
Any help would be appreciated.
0
Comment
Question by:pauls681
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39683671
No, one antivirus will find and clean every malware, virus or trojan so you need to scan with multiple tools.


Download these free cleaning tools.
Boot the PC in safe mode then run each of these free cleaning tools until the problem has beed removed:
 

1. Malwarebytes http://www.malwarebytes.org/

2. Combo Fix http://www.bleepingcomputer.com/download/search/?keyword=combofix

3. Rogue Killer http://www.bleepingcomputer.com/download/roguekiller/

4. Hitman Pro http://www.surfright.nl/en/hitmanpro/

5. TDS Killer http://www.bleepingcomputer.com/download/tdsskiller/

6. SuperAntiSpyware www.superantispyware.com
0
 
LVL 24

Expert Comment

by:aadih
ID: 39683676
The quickest and easiest solution: Boot up in safe mode with command prompt and type rstrui.exe to restore to a time before this virus surfaced.

Optional: Then scan with Malwarebytes Antimalware.

Use a good real-time antivirus software (e.g., Avast, AVG, Avira, etc.)
0
 

Author Comment

by:pauls681
ID: 39684437
I'm looking for what files this drops. What directories or reg settings?
I can scan the crap out of this computer and still nothing shows.
Does anyone have any more info other than scan?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Accepted Solution

by:
tliotta earned 500 total points
ID: 39685256
Restoring to a point before the infection is the primary recommended solution. The advice for WinXP to run rstui.exe is correct. Malwarebytes and Hitman Pro are two known alternative removal methods.

However, if the system is booting normally, then it's almost certain that it's already been cleaned by one of the above methods... assuming that it ever was infected.

But this isn't really a "virus" to remove. Technically, it mostly just simply replaces some boot-up functions and results in kind of a bogus block of access to the system. By restoring to a previous state, the "virus" is "removed".

Scan all you want. You're not likely to find anything if the system acts as you say.

Tom
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 39688520
Curious if setting the computers date back would be of value here; NOT for points, just interested in this since a friend had similar experience and found help in a link he shared which is this.  http://www.2-spyware.com/remove-homeland-security-virus.html
0
 

Author Comment

by:pauls681
ID: 39740665
I concluded that there were no traces of a virus on his system. The antivirus he had was current and i am guessing it must have removed it. I couldnt go back because he wasn't sure when it happened. It wasnt a computer he used very much.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question