homeland security virus

I have a computer that I was told had the Homeland security virus. the user said when they booted the computer it went right to the Homeland security screen telling them they had to pay to unlock their comuter.

I brought it home and turned it on... Nothing happened. No traces of that virus.
I connected it to my internet and still nothing. Rebooted and still nothing.
I ran malwarebytes, spybot, norton 360 (this is what the user has) and nothing was detected.
I know this guy isnt lying and didn't attempt to remove it himself b efore he gave it to me.
The computer runs ok for a winxp maching with 1.5 GB of memory.
What gives? Can anyone tell me what files to look for and reg settings?
There is nothing in the run key except 3 expected entries.
Any help would be appreciated.
pauls681Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
tliottaConnect With a Mentor Commented:
Restoring to a point before the infection is the primary recommended solution. The advice for WinXP to run rstui.exe is correct. Malwarebytes and Hitman Pro are two known alternative removal methods.

However, if the system is booting normally, then it's almost certain that it's already been cleaned by one of the above methods... assuming that it ever was infected.

But this isn't really a "virus" to remove. Technically, it mostly just simply replaces some boot-up functions and results in kind of a bogus block of access to the system. By restoring to a previous state, the "virus" is "removed".

Scan all you want. You're not likely to find anything if the system acts as you say.

Tom
0
 
Michael-BestCommented:
No, one antivirus will find and clean every malware, virus or trojan so you need to scan with multiple tools.


Download these free cleaning tools.
Boot the PC in safe mode then run each of these free cleaning tools until the problem has beed removed:
 

1. Malwarebytes http://www.malwarebytes.org/

2. Combo Fix http://www.bleepingcomputer.com/download/search/?keyword=combofix

3. Rogue Killer http://www.bleepingcomputer.com/download/roguekiller/

4. Hitman Pro http://www.surfright.nl/en/hitmanpro/

5. TDS Killer http://www.bleepingcomputer.com/download/tdsskiller/

6. SuperAntiSpyware www.superantispyware.com
0
 
aadihCommented:
The quickest and easiest solution: Boot up in safe mode with command prompt and type rstrui.exe to restore to a time before this virus surfaced.

Optional: Then scan with Malwarebytes Antimalware.

Use a good real-time antivirus software (e.g., Avast, AVG, Avira, etc.)
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
pauls681Author Commented:
I'm looking for what files this drops. What directories or reg settings?
I can scan the crap out of this computer and still nothing shows.
Does anyone have any more info other than scan?
0
 
Asta CuCommented:
Curious if setting the computers date back would be of value here; NOT for points, just interested in this since a friend had similar experience and found help in a link he shared which is this.  http://www.2-spyware.com/remove-homeland-security-virus.html
0
 
pauls681Author Commented:
I concluded that there were no traces of a virus on his system. The antivirus he had was current and i am guessing it must have removed it. I couldnt go back because he wasn't sure when it happened. It wasnt a computer he used very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.