Homeland Security virus (can also be called as U.S. Department of Homeland Security virus) is dangerous ransomware, which belongs to cyber criminals. They have already became famous for their extremely dangerous Ukash parasites, such as FBI virus, FBI Cybercrime Division virus, FBI Moneypak virus and many other ones. While it may seem that they all attack USA, you should be aware that there are hundreds of similar threats that are spread in Europe and other regions.
So, when having Homeland Security virus on your computer, you should never think that its owner is a real U.S. Department. In reality, this program is used as a tool to extort the money from unaware PC users, That's why it is designed to block the whole system down as soon as it gets inside it and additionally show a misleading alert asking o pay the fine for malicious user's activities on the Internet. U.S. Department of Homeland Security virus will report about downloading and distributing pirated content, spreading spam, visiting malicious websites and similar activities. No matter that it looks trustworthy, you should never pay this fine of 300 dollars because this won't unblock your computer. You have to remove Homeland Security virus for that.
HOW CAN I GET INFECTED Homeland Security virus?
Just like its forerunners, Homeland Security virus is distributed by Trojan.LockScreen. This dangerous infections uses security vulnerabilities for getting inside undetected. Additionally, it blocks the whole system down and downloads those files that are needed for this ransomware. Once it is done, U.S. Department of Homeland Security virus gets ability to start its dirty campaign against the user. It replaces the desktop with a huge notification, which reports about various law violations detected. If you think that rebooting to Safe Mode/Safe Mode with Networking will help you to unblock your machine, you shouldn't because this ransomware doesn't allow these things. It only shows its fake alert on the desktop:
U.S. Department of Homeland Security
National Cyber Security Division
This computer has been blocked
THE WORK OF YOUR COMPUTER HAS BEEN SUSPENDED ON THE GROUNDS OF THE VIOLATION OF THE LAW OF THE UNITED STATES OF AMERICA.
Article 184. Pornography involving childrenImprisonment for the term of up to 10-15 years(The use or distribution of pornography material)
Artticle 171. CopyrightImprisonment for the term of up to 2-5 years. (The use or sharing copyrighted files)
Article 113. The use of unlicensed softwareImprisonment for the term of up to 2 years (The use of unlicensed software)
To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPAK.
You have 48 hours to pay the fine. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine.
The Department for the Fight Against Cyberactivity will confiscate your computer and take You to Court.
Please, stay away from this scam because you will lose your money and won't have your computer unblocked! For that, you have to ignore a misleading alert that belongs to Homeland Security virus and remove this scam ASAP.
HOW TO REMOVE Homeland Security virus?
When infected with Ukash parasites, the main task you have to do is to unblock the system. For that, we recommend trying to set the PC's date to the previous one If this hasn't been helpful with you, use these steps:
Flash drive method:
1. Take another machine and use it to download Reimage, Malwarebytes MalwarebytesCombo Cleaner or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Homeland Security virus once more and run a full system scan.
* Users infected with these ransomware threats are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual Homeland Security virus removal (special skills needed!):
- Reboot you infected PC to 'Safe mode with command prompt' to disable thisI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage to remove remaining files. We also recommend Malwarebytes MalwarebytesCombo Cleaner and Plumbytes Anti-MalwareMalwarebytes Malwarebytes.
Besides, you can also follow this removal video, which explains how to remove Ukash viruses: