Questions?
Toll Free: (866) 240-9755
12 Mar

U.S. Department of Homeland Security (MoneyPak Scam)

Posted by Dusty Wright on Mar 12, 2013

homeland-security-virus

The U.S. Department of Homeland Security virus is another variation of the MoneyPak Scams that have recently been prevalent. The virus is distributed via a “drive-by download” method that automatically downloads the virus to a victim’s computer without their consent through such channels as malicious websites or even legitimate websites that have been compromised recently. In addition, it can also be distributed via spam email containing infected attachments and/or links to other malicious websites, as well as tricking victims into downloading malicious software that appears to be useful in nature.

Those that are infected with the virus (known as Trojan Urausy) will notice that not only is their computer locked, but victims will also notice a large notification that reads, “This computer has been blocked,” complete with the seal of the U.S. Department of Homeland Security sitting to the left of the notification. The displayed screen will state that the victim must pay a fine of $300 via a Green Dot MoneyPak code. To scare infected victims even further, the virus will also access your the installed webcam and display what is happening in your room, thus providing the illusion that someone in the Department of Homeland Security is watching the victim’s every move.

Operating systems affected by U.S. Department of Homeland Security virus: Windows XP, Windows Vista, Windows 7, and Windows 8.

U.S. Department of Homeland Security Virus Warnings


THE WORK OF YOUR COMPUTER HAS BEEN SUSPENDED ON THE GROUNDS OF THE VIOLATION OF THE LAW OF THE UNITED STATES.

Article 184. Pornography involving children. Imprisonment for the term of up to 10-15 years (the use or distribution of pornography material.

Article 171. Copyright. Imprisonment for the term of up to 2-5 years (the use or sharing of copyrighted files.

Article 113. The use of unlicensed software. Imprisonment for the term of up to 2 years (The use of unlicensed software).

U.S. Department of Homeland Security Virus - To Unlock Your Computer

To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPAK. You have 48 hours to pay the fine. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine. The Department for the Fight Against Cyber activity will confiscate your computer and take You to Court.

Removal Options for U.S. Department of Homeland Security Virus


    Stop! Is your Data Backed up? Virus removal can be potentially damaging to your computer.
    If you are uncomfortable making changes to your operating system, please contact an Expert!
  1. Boot up Your Computer via ‘Safe Mode with Networking’

    The first thing we need to do is to shut the computer down. Make sure the computer is completely off! Once the computer is turned off, we need to turn it back on and boot into Safe Mode with Networking

    To do this, press the power button then immediately start tapping the F8 Key on your keyboard.

    Within a few seconds, you will notice the Windows Advanced Options Menu. Using your arrow keys to choose the Safe Mode with Networking option, press Enter. (Screenshot provided below)

  2. safemodebootup

  3. Log into Windows and View Desktop

    Safe Mode with Networking will then load a variety of files and drivers, so do not worry as this is perfectly normal. You will then see your account’s user icon. Once you see it, log into your account to view your Windows’ Desktop as normally.

  4. Open Your Web Browser (Internet)

    You will now need to open your web browser, and nearly any web browser will suffice: Internet Explorer, Firefox, or Google Chrome for starters.

  5. browser_icons

  6. Download Trusted Removal Software

    The easiest way to remove Win 7 Security Cleaner Pro is with Malwarebytes Anti-Malware. This is hands down the easiest and most effective tools available for malware removal (and it doesn’t cost anything to use!)

    Malwarebytes Anti-Malware

    • FREE / $24.95 USD (Lifetime)
    • Malware Scanner Utility (No Protection)
    • Malware Scanner + System Protection
  7. Install MalwareBytes Anti-Malware

    Install MalwareBytes Anti-Malware as you would any other program. Once the installation process begins, the software may download new definitions and update the program, so give it a few minutes and allow it to update appropriately. Once the updates are completely and you are viewing the following screen below, you are ready to use it:

  8. mb_fullscan_selected

  9. Run a Full Scan with MalwareBytes

    Select the Full Scan box, then select Scan to begin the scanning for malware. Ensure drive C: is selected, then select Scan once more.

  10. mb_scanning

  11. Look at the Infected Files

    Once the scan is finished, select OK to look at the files then select Show Results.

  12. mb_objects_detected

    mb_scan_completed

  13. Remove the Infected Files via MalwareBytes

    You will now notice a variety of infected files and registry keys. Ensure the detected objects are selected, then select Remove Selected.

  14. mb_infections

  15. Reboot Your PC

    MalwareBytes Anti-Malware will inform you that you must reboot. This is perfectly normal, and will provide the software with the opportunity to remove the infected files.

  16. mb_reboot_window

  17. Boot Back into Windows

    Your PC will now boot up as normally without the virus infected your machine. Open a few of your regularly-used software and ensure everything is working as normally.

  18. Congratulations! All Finished!

    We sincerely hope this guide has helped you. If you fixed your computer using our free guide, we ask that you support us by selecting one of our social share buttons or by commenting on our guide with your feedback below!

!
Thank the Author!

Operating as a freelance writer and reporter by day and an author by night, writing is what Dusty was"built to do" (we say "built" because he may or may not be a cyborg). Dusty resides in Columbia, MO with his wife and three dogs.

Posted 12.03.2013

Send the Author a Coffee

Thanks for supporting our work!

Was This Guide Helpful
U.S. Department of Homeland Security (MoneyPak Scam)
3 votes, 4.67 avg. rating (93% score)

Comments

24 comments

Thank you! You saved my a**. My computer was worthless, literally. Besides the “Homeland Security” virus it found 15 other “Trojans.” Now it works perfectly!

My computer has this same issue but will not make it 5 seconds on the windows desktop without getting the blue screen. What should I do?

same message pops up in safe mode. now what?

    Try Safe Mode with Command Prompt

The system I am cleaning is the worst Virus I have encountered in over ten years of Computer Repair. The Homeland Security Virus has made it so the computer will bsod when trying to get to Safe Mode as well as safe mode with command prompt… I am one that doesn’t immediately say, “There is a virus, lets reload windows.” I’m known for that… This one is driving me crazy… Is there any specific directory I can find the .exe for the virus I could remove with the drive hooked to another computer? Any ideas would be great.

Rikk
Don’t Panic PC Repair

    Rikk, I’m assuming it’s an XP system because of the crashing? Try Directory Services Restore Mode.

Dan! You are awesome. I hadn’t thought of that and it worked brilliantly.

Rikk

Malwarebytes seemed to take care of it for me. I was able to access everything as I did before the virus, but I read elsewhere that there may still be hidden files by which they can obtain info from my computer (credit account info, etc). Is there anything else I should do to protect myself from this?

    MalwareBytes Pro is excellent at blocking this type of stuff. You should also ensure you have solid anti-virus, run registry cleaners such as Glary Utilites, CCleaner, and also make sure plugins like Flash, Java, etc are updated. If you’re really concerned about it, I highly recommend having one of our professionals clean up your system. At least you have the peace of mind that it’s done properly. Hope this helps! :)

Easiest fix I found…restart…f8 tap…safe mode with command prompt…login…cd restore…type rstrui and press enter…follow instrux to reset to earlier version…then run ur ur antivirus software to be double sure

Easiest work around I have found is to create an admin account by booting up into “safe mode with command prompt” then type “net user administrator /active:yes

When you reboot normally, you will have an admin account to log into that will allow you to run your antivirus program and remove this startup program.

The FBI virus is one of the simplest infections out there, it simply creates a registry entry that makes the program load when computer is started and disables everything else.

Normally a 10 minute virus removal for us here with Hitman Pro in the Admin Account.

Notebook Tek

    If this methods works, that’s great. However, this does NOT fully remove the infected files and this should only be used to bootup and continue with removal software.

When in safe mode, it still comes up with the Homeland Security block after I log in. This is when I use safe mode with networking.

Not sure if virus has been changed to address your fixes. when i log into safe mode with command prompt, it goes to the login screen, not command prompt. when i click the administrator login, it starts to process, then says shutting down. it restarts into regular mode…. with virus screen

My windows 7 computer doing the same as last post on may 26 by Alan. I attempt to boot into safe mode, it prompts me for windows user password then once I put in password it says shutting down then throws me into a regular windows boot.
I know this virus is simply a displayswitch startup service I must disable to stop it from being my home screen so I can start malware program in a normal boot.
But without safe mode what can I do?

Please help!! I tried following these steps but my comp keeps restarting. I’m not good with computers. Is there a # to call?

Is there a phone number for “moneyPak” so I could be reimbursed for the $300 that I purchased for this card

    Cass, you will need to visit Green Dot’s MoneyPak website (moneypak dot com), select FAQs, scroll to the bottom, and select “Need Additional Help” under “Contact Us.” Select “Please email us,” and you will be able to email them directly, include your telephone number for them to contact you, and explain your situation to them within the email. Once they call you, you should explain your situation to them again just to clarify it with them so they can provide you with a refund.

your a lifesaver!!!!!!!!!!! thankyou!!!!!!

I ran the MalawareBytes free download in Safe Mode, just as directed. Took 31+ minutes, but detected no infected files, and I still have the Homeland Security lock on my laptop (using diff PC now, obviously). Is there a plan B here? Thank you.

It did NOT work for me. Followed instructions, which went without a hitch, but the Free Download found no infected files (!), and my laptop is still locked up with the Homeland Security page on my screen. What’s plan B? Thank you.

Did a System Restore (3 days prior to attack), and got my laptop back. So much for paying PC Wizard $200 ($130 to rid virus; $70 to restore files). Heck, PCW was hoping to extort me almost as much as “Homeland Security”.

Thanks so much! Your instructions worked great!

Windows 7 ultimate
Safe mode cant boot
Did system restore went to download malwarebytes and just as download finished homeland screen poped out again :/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>