Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Homeland Security Ransomeware virus on my computer. Please Help me remove it!

This is a discussion on Homeland Security Ransomeware virus on my computer. Please Help me remove it! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi! My computer has been infected by the homeland security virus. There is a screen that comes up which asks


 
 
Thread Tools Search this Thread
Old 06-27-2013, 06:14 AM   #1
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi!

My computer has been infected by the homeland security virus. There is a screen that comes up which asks me to pay $300 within 48 hours or my computer will be confiscated and I will be prosecuted criminally.

Please help me remove this virus!

Thanks!
N

__________________
fashionista00 is offline  
Old 06-27-2013, 01:06 PM   #2
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hi there!

First of all: Do not pay!
Second: Please tell us which version of windows you have in order to provide you suitable instructions.

Thank you.

__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-27-2013, 02:08 PM   #3
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Thank you so much for responding to my request for help. My computer runs windows xp service pack 3
__________________
fashionista00 is offline  
Old 06-28-2013, 06:40 AM   #4
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hello fashionista00!

I'm going to help you with your malware related problem. Please read the following carefully, since it will help both of us to finish the job as fast as possible :)

  • Sometimes I will give you several steps for you to process. Please handle them in the mentioned order and copy either the logfile that is created into your thread or report if the step went well or what happened. If you don't understand either one step or a part of it: Please ask. Usually the people who ask for help are no computer experts and we are very good in explaining of what to do. :)
  • It is very important for me that your system does not change fast. Don't install or remove programms, don't run scans you were not instructed to either by me or a team member of TechSupportForum.
  • Please follow my instructions until the end. Even if you think the symptoms went away, the infection might still be present. I will tell you explicit once we are finished and will add tips for you how you can avoid future infections with malware.
  • We expect you to answer within 48 hrs after my last answer. Please be sure to subscribe to your thread so the forum will send you an email if a new answer has been written. In the case I won't answer within two days after your last answer please notify me by sending me a private message.
  • At last please note that I am not a native speaker (my mother language is German). So please avoid any slang words or odd expressions, because I won't understand them. Thank you!


First of all: We need to scan your locked machine.


Step 1:
Please download DDS from a non locked computer to a flash drive from this link:
DDS Download

Now disconnect your infected computer from the internet.

Step 2:
Boot into Safemode with Command Prompt
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode with Command Prompt from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account.


Step 3:
Plug in the prepared flash drive in your locked computer.


Step 4:
Now type "explorer", find your flash drive and start DDS by doubleclick. The Logfile will be on the drive after DDS finished. Please copy it into this thread.



It may be possible that the malware prevents you from doing what I asked you for. In this case please report what happens.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-28-2013, 12:30 PM   #5
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi Ryder,

I logged in to my computer using the safe mode with command prompt. I typed in explorer and as soon as I hit enter, I get a message which essentially tells me that windows is running in safe mode. If you are trying to to run a diagnostic in safe mode then click yes or else click no if you want to perform system restore.

I get the virus screen from homeland security no matter which option I select or even if I don't select anything.

I also want to add that my computer has 2 login's... one is my account and the other is an administrator account. The same thing happens in both the logins.

Thanks,
N
__________________
fashionista00 is offline  
Old 06-28-2013, 01:25 PM   #6
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Please try the following in safe mode with command prompt:

Type in: d:\dds.exe (maybe try other letters like e,f, and so on)
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-28-2013, 03:03 PM   #7
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi Ryder,

d:\dds.exe give me a message that says "the device is not ready"

e, f, g....q gives me a message that "The system cannot find the drive specified"

Thanks,
N
__________________
fashionista00 is offline  
Old 06-29-2013, 07:57 AM   #8
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Okay we will go a different way now.

Please try to unlock your machine with Hitman pro Kickstart.

HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

Please read this webpage and watch the videos for instructions how to unlock your computer. Please report how it went.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-29-2013, 09:18 AM   #9
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi Ryder,

I followed your instructions and downloaded Hitman Pro 64 bit version on a USB flash drive. I then inserted the USB drive on my infected computer and then pressed the F12 key to boot it. It then gives me a couple of options to select where I select removable drive and hit enter. Then a blank screen with the cursor blinking at the very top comes up and that is how it remains.

I am not sure whether for my machine I need to download the Hitman Pro 32 bit version. Please advice.

Thanks,
N
__________________
fashionista00 is offline  
Old 06-29-2013, 09:26 AM   #10
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



I tried all the steps using Hitman Pro version 32 bit. When I select the option to boot from USB mass storage device, I get 3 different options. I selected option 1 "Bypass Master Boot Record [default]".

I get the following message:

HitmanPro.Kickstart booting
MBR Read
Non-NTFS partition or encrypted disk detected
Failed to boot!


Should I try option 2 "Regular boot (when bypass failed)"?

Thanks,
N
__________________
fashionista00 is offline  
Old 06-29-2013, 10:07 AM   #11
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Yes please try the other option. Do you have an encrypted disk?
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-29-2013, 03:29 PM   #12
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Yes Ryder, I do have an encrypted disk.

I selected option 2 "Regular boot" and then I get the following message:

Hitman Pro Kickstarting
MBR Read. Starting bootcode
Bootcode loading...

And after that a blank screen comes up...
__________________
fashionista00 is offline  
Old 06-30-2013, 01:19 AM   #13
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hey fashionista00,

with an encrypted disk this could be an unsolveable problem. But maybe you can give me a picture of your lockscreen? In some cases there are one or two tricks left.

Please also tell me if an install disc is available. Maybe we can use its repairtools.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 07-01-2013, 08:09 AM   #14
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi Ryder,

I have uploaded the pics: one of the encryption login page and another of the login page. I am not sure which one you were asking for.

Also, I have downloaded the repair disk on my other computer (is it usually a .iso extension). So we can try resolving this issue using that.

Thanks,
N
Attached Thumbnails
Click image for larger version

Name:	Encryption login.jpg
Views:	40
Size:	152.1 KB
ID:	126493   Click image for larger version

Name:	Login screen.jpg
Views:	33
Size:	154.9 KB
ID:	126494  
__________________
fashionista00 is offline  
Old 07-01-2013, 11:20 AM   #15
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hi there,

I did mean the screen which is shown by the ransomware that locks your computer.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 07-01-2013, 02:12 PM   #16
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Sorry, my bad .

Please find attached the locked screen image.

Thanks,
N
Attached Thumbnails
Click image for larger version

Name:	virus lock screen.jpg
Views:	48
Size:	216.4 KB
ID:	126507  
__________________
fashionista00 is offline  
Old 07-02-2013, 05:46 AM   #17
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hi fasionista00

this is a hard case. Disk encryption doesn't make it easy for us. Please have another try to run DDS from the command prompt:

  • Type in "notepad" and press Enter
  • Use the File > Open dialoge to find the driveletter of your flash drive.
  • Close notepad.
  • Type in "d:" or whatever driveletter you found
  • type in "dir" ... you should see now a list of files also dds
  • if you see that type "dds.com" or "dds.exe" and press enter.
Please report how that went.


If nothing of that works: For this encryption tool you might have a disc you can boot from to access your files? Do you have one?
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 07-02-2013, 07:02 AM   #18
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



Hi Ryder,

I followed your instructions and found out the hitman pro flash drive was in the E drive of the infected computer. On checking the contents of the flash drive there was no DDS.com or DDS.exe file. I figured that when I had created the HitmanPro flash drive, my flash drive had been formatted so the previously downloaded DDS file was lost.

Anyways, my bad... So I have downloaded DDS on the flash drive and have run in on the infected computer. Please find the DDS and Attach logs that I have uploaded.

Thanks,
N
Attached Files
File Type: txt dds.txt (9.9 KB, 42 views)
File Type: txt attach.txt (15.4 KB, 23 views)
__________________
fashionista00 is offline  
Old 07-02-2013, 07:04 AM   #19
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Thanks a lot! I will come back with instructions shortly for you. Your chances of recovering your computer just increased a lot :)
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 07-02-2013, 10:41 AM   #20
Registered Member
 
Join Date: Jun 2013
Posts: 18
OS: Windows XP service pak 3



YAY!!!

Thanks for all your help!

__________________
fashionista00 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
~*~Mixed Bag of Problems~*~
Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the...
TabbyCat725 Virus/Trojan/Spyware Help 156 07-09-2012 07:50 PM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:42 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts