How to remove the Homeland Security virus – Removal Instructions (Ransomware)

Homeland Security virus

The Homeland Security virus, otherwise referred to as the Homeland Security National Cyber Security Division virus is dangerous malware categorized as ransomware that fraudulently restricts access to an infected computer system and displays a full screen window that claims to contain a message from the National Cyber Security Division of the United States Homeland Security to the computer owner. The message on the Homeland Security virus lock screen details that the work of the particular computer has been suspended on the grounds of the violation of the law of the United States of America and further details that an unnecessary fine of $300 must be paid in the allotted time of 48 hours via GreenDot MoneyPak credit services in order to unblock or unlock the computer system again and avoid imprisonment.

Homeland Security virus

DO NOT PAY THE FINE! This is a dangerous computer virus that is not associated with the United States Department of Homeland Security or any United States government department. Paying the fine will not remove this virus and may initiate further complications.

The Homeland Security computer virus lock screen notification also details that an attempt to unlock the computer by yourself will lead to full formatting the operating system in which the Homeland Security will delete all files, videos, photos, and documents. This message should be ignored as it is fake and does not derive from the Homeland Security. Though this actual cryptovirus may have capabilities to remove all content on a computer system, the real Homeland Security or any government department of the United States would never do this. There is no risk in removing the Homeland Security virus by yourself. You are only at risk if you allow this infection to remain on your computer.

Cyber crimes relating to severe ransomware infections include credit theft, extortion, and identity theft. In some cases malware and trojan horses used to introduce the Homeland Security ransomware infection to the computer system remain undetected and collect personal user activity. These particular infections, including the FBI virus we discovered in 2012 also have the ability to view a victim’s webcam video and audio. In some forms of ransomware the lock-screen may stream a user’s web camera back to the user, as well as play recorded audio.

Content from the fake Homeland Security virus lock-screen are detailed below and should be ignored:

Homeland Security
National Cyber Security Division
This computer has been blocked!
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Article - 184 Pornography involving children (under 18 years)
Imprisonment for the term of up to 10-15 years
(The use or distribution of pornographic files)

Article - 171 Copyright
Imprisonment for the the term of up to 2-5 years
(The use or sharing of copyrighted files)

Article - 113 The use of unlicensed software
Imprisonment for the term of up to 2 years
(The use of unlicensed software)

The first violation may not entail the criminal liability if the payment of the fine would be executed in connection with the law of loyalty to the people, on 1 March 2013. If repeated violations occur, the prosection is inevitable.

To unlock the computer you are obliged to pay a fine of $300. You must pay a fine by MoneyPak.

You have 48 hours to pay the fine. |If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine. The Department for the Fight against Cyberactivity will confiscate your computer and take you to court.

As you see, the message is not legitimate and is primarily used to frighten (scam) victims into paying the fake penalty fine. To remove this computer virus and unlock your computer please use the Homeland Security virus removal instructions further below.

How does the Homeland Security virus get onto a computer?

The Homeland Security virus and other forms of ransomware are primarily contracted from compromised and hacked websites, email spam, and torrent downloads that contain exploit kits and use vulnerabilities found on a computer system to install the infection without user consent or knowledge. The exploit kits and trojan horses utilizes by this infection may also be present in malicious advertisements, as well as freeware and shareware downloads.Once installed the Homeland Security virus will start every time a Microsoft Windows computer is booted.

Green Arrow Bullet   How to remove the Homeland Security virus

  1. Removal software (Automatic removal) – Detect and remove Homeland Security ransomware
  2. System Restore – Restore PC to date and time before Homeland Security ransomware infection

1. Homeland Security virus removal software

1. Install the free or paid version of Malwarebytes Anti-Malware software.

Border Ten

Malwarebytes Anti-Malware   Green Arrow Bullet Editor’s Choice

Malwarebytes Anti-Malware software

$24.95 USD (Lifetime) / FREE

Latest versions: Malwarebytes Anti-Malware PRO, Malwarebytes Anti-Malware Free
Release date: 2013

Purchase Malwarebytes PRO   Free Download

Border Ten

2. Once Malwarebytes is installed, open the Anti-Malware program. If you are using the free version of Malwarebytes you will be prompted to update the database, please do so.

3. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan (pictured below).

Malwarebytes Perform Full Scan

4.  Malwarebytes will automatically detect the Homeland Security virus and third-party malware on your computer. Once the scan is complete, Malwarebytes will prompt a message stating malicious objects were detected. Select (check) the malicious objects in the list and click the Remove Selected button to completely remove the fake Homeland Security malware from your computer (The image below shows a file that is NOT selected for removal – ‘Make sure the box is checked in’).

Malwarebytes Gadgetbox

2. System Restore

System Restore is an easy solution to restore an infected computer to a date and time before it became infected with the fraudulent Homeland Security computer virus. To learn more please select a link below:

Windows Recommended Restore And Choose A Restore Point

Homeland Security virus removal tips:

If the Homeland Security virus is difficult to remove there are several steps you can use to troubleshoot the removal process:

User accounts

Ransomware often infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.

  • Log into an additional account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware on all user accounts.
  • You can also delete the infected user account.
Denying flash

Some variants of ransomware use flash and symptoms of the infection can be halted by denying flash via Macromedia’s real-time options. To learn more and deny flash please visit:

Troubleshoot internet/network issues

Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.