Solved

homeland security virus

Posted on 2013-11-28
6
248 Views
Last Modified: 2013-12-26
I have a computer that I was told had the Homeland security virus. the user said when they booted the computer it went right to the Homeland security screen telling them they had to pay to unlock their comuter.

I brought it home and turned it on... Nothing happened. No traces of that virus.
I connected it to my internet and still nothing. Rebooted and still nothing.
I ran malwarebytes, spybot, norton 360 (this is what the user has) and nothing was detected.
I know this guy isnt lying and didn't attempt to remove it himself b efore he gave it to me.
The computer runs ok for a winxp maching with 1.5 GB of memory.
What gives? Can anyone tell me what files to look for and reg settings?
There is nothing in the run key except 3 expected entries.
Any help would be appreciated.
0
Comment
Question by:pauls681
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39683671
No, one antivirus will find and clean every malware, virus or trojan so you need to scan with multiple tools.


Download these free cleaning tools.
Boot the PC in safe mode then run each of these free cleaning tools until the problem has beed removed:
 

1. Malwarebytes http://www.malwarebytes.org/

2. Combo Fix http://www.bleepingcomputer.com/download/search/?keyword=combofix

3. Rogue Killer http://www.bleepingcomputer.com/download/roguekiller/

4. Hitman Pro http://www.surfright.nl/en/hitmanpro/

5. TDS Killer http://www.bleepingcomputer.com/download/tdsskiller/

6. SuperAntiSpyware www.superantispyware.com
0
 
LVL 24

Expert Comment

by:aadih
ID: 39683676
The quickest and easiest solution: Boot up in safe mode with command prompt and type rstrui.exe to restore to a time before this virus surfaced.

Optional: Then scan with Malwarebytes Antimalware.

Use a good real-time antivirus software (e.g., Avast, AVG, Avira, etc.)
0
 

Author Comment

by:pauls681
ID: 39684437
I'm looking for what files this drops. What directories or reg settings?
I can scan the crap out of this computer and still nothing shows.
Does anyone have any more info other than scan?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 27

Accepted Solution

by:
tliotta earned 500 total points
ID: 39685256
Restoring to a point before the infection is the primary recommended solution. The advice for WinXP to run rstui.exe is correct. Malwarebytes and Hitman Pro are two known alternative removal methods.

However, if the system is booting normally, then it's almost certain that it's already been cleaned by one of the above methods... assuming that it ever was infected.

But this isn't really a "virus" to remove. Technically, it mostly just simply replaces some boot-up functions and results in kind of a bogus block of access to the system. By restoring to a previous state, the "virus" is "removed".

Scan all you want. You're not likely to find anything if the system acts as you say.

Tom
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 39688520
Curious if setting the computers date back would be of value here; NOT for points, just interested in this since a friend had similar experience and found help in a link he shared which is this.  http://www.2-spyware.com/remove-homeland-security-virus.html
0
 

Author Comment

by:pauls681
ID: 39740665
I concluded that there were no traces of a virus on his system. The antivirus he had was current and i am guessing it must have removed it. I couldnt go back because he wasn't sure when it happened. It wasnt a computer he used very much.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Read about achieving the basic levels of HRIS security in the workplace.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question