The following article provides information on how to remove the Homeland Security infection from your Dell PC. Please be aware that most of the steps here are not covered under your warranty and are carried out at your own risk.
The Homeland Security Malware is a PC infection that locks your system until you're ready to pay to get rid of it. This infection pretends to be an alert from the US Department of Homeland Security National Cyber Security Division. It advises that you've transgressed one of several scenarios, such as distributing copyrighted media, child pornography or using pirated software. The malware demands you pay a fine of $300 in order to avoid criminal prosecution. They want paid by a MoneyPak voucher and demand payment within 48 hours to let you back on your PC. It is important to remember that this is NOT a fine by a legitimate government agency.
The surest way to resolve this issue is to either perform a factory restore or a clean Operating system install on your system. Taking you through this reinstall is what is covered under your pro support warranty. You can also find articles taking you through this for your particular operating system and situation on the link pages below.
(Fig.1 Ransom Screen)
This infection usually comes from visiting web sites that have been hacked and contain exploit kits. These kits look for vulnerable spots on your PC. It doesn't need your permission to install on your PC. Once it installs, it automatically starts whenever you login to your system. You'll get an online alert message which will look something like:
Ignore anything it displays, as this malware was created with the sole purpose of getting your money.
Because the Ransomware locks your desktop, you will need to create a bootable USB drive that contains the removal software. In this case I'm using HitmanPro.Kickstart program as it's the program I'm most familiar with. You can find another program that does the same job as HitmanPro and use that program instead, However the steps below will be for HitmanPro. Please download the cleaner program to your desktop. We will boot your PC using a bootable USB drive and clean the infection from outside the operating System (OS).
You can download HitmanPro from the following link and save it to the desktop of a working PC.
When you go to the download page, please select the correct type for your Version of Windows. (32 Vs 64) you will be using it to create the Kickstart USB drive. Once HitmanPro has been downloaded, please insert the USB key.
Double-click on the file named HitmanPro.exe (32 bit) or HitmanPro_x64.exe (64 bit).
(Fig.2.1 Hitman Download Screen)
Click on the icon of the person performing a kick at the bottom of the screen to open an information screen on how to create the kickstart USB drive.
(Fig.2.2 Hitman Install Screen)
It should list any USB drives currently attached to your PC. Choose the USB drive that you want to use and click the Install Kickstart button.
An alert states the USB drive will be erased. Click on the Yes button to proceed. The program will download the needed files and install them to the USB Drive. When its complete, click on the Close button to shut the program down.
Remove the Kickstart USB drive and plug it into the infected computer. Turn the infected PC on and tap rapidly on the F12 key to bring up the boot once menu.
(Fig.2.3 Dell Splash Screen)
Select the USB option from the menu. Your PC will automatically load the HitmanPro.Kickstart program from the USB drive. A screen pops up asking you to make a selection from a menu.
(Fig.2.4 Boot Once Menu)
Please press the 1 key on your keyboard and it should begin to load Windows. Please login as normal when Windows starts up. The ransomware will load, but after about 30 seconds the removal application will appear on top of the screen.
(Fig.2.5 Hitman Application)
Click the Next button to start the cleaning process. The HitmanPro setup screen pops up, please ensure that it's set to to the option No, I only want to perform a one-time scan to check this computer.
(Fig.2.6 Hitman Setup)
Click on the Next button to proceed. The cleaner scans your PC for infections. It will display a list of everything it's found when it's finished.
(Fig.2.7 Hitman Report Screen)
Click the Next button to remove the detected infections. A Removal Results screen shows the results when it's done. Click the Next button again to bring up the last screen and click on the Reboot button.
Once your PC restarts you should be back on your desktop as normal.
Your computer should now be free of the Homeland Security infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the licensed version of HitmanPro or another similar program in order to protect against these types of threats in the future.
If you are still having problems with your PC once this guide has been completed, then you are left with two options. The first one is to use the reinstall guides at the start of the article to wipe your PC and start again. The other is to join one of the many forums such as BleepingComputers, Tech Guys or Tech Forum and put a request out for help. (Try and include as much information as possible in the request. Such as OS type and version, what's already been done and any logs or errors seen.)
refers to the Application Data folder for the All Users profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7 and Windows 8.
To minimise the risk of a repeat infection, make sure that you have a real-time antivirus program running on your PC and see that it stays updated. If you don't want to spend money on a paid service, then you can install one of the free programs that are available.
In addition to installing traditional antivirus software, you might consider consider reading the guide below for some basic rules for safe surfing online.
Always double check any online accounts such as online banking, webmail, email, and social networking sites. Look for suspicious activity and change your passwords, you can't tell what info the malware might have passed on.
If you have an automatic backup for your files you will want to run virus scans on the backups to confirm that it didn't backup the infection as well. If virus scans aren't possible such as online backups, you will probably want to delete your old backups and save new versions.
Keep your software current. Make sure that you update then frequently. If you receive any messages about this and aren't sure of their validity, then always contact the company in questions support to clarify it.
Article ID: SLN284240
Last Date Modified: 09/11/2017 06:47 AM