Homeland Security Virus "This computer has been blocked" removal instructions
U.S. Department of Homeland Security (National Cyber Security Division) message - "THIS COMPUTER HAS BEEN BLOCKED" which asks to pay a fine of $300 for supposedly made law violations is a scam, it's a ransomware infection which shouldn't be trusted. PC users should understand that The Department of Homeland Security is not related to this message, the name of this authority is being exploited by Cyber criminals to make their deceptive message appear more legitimate and thus trick more unsuspecting PC users into paying this non existent fine of $300. The accusations of watching pornography involving children, using or sharing copyrighted files and using unlicensed software are totally false and are used to scare computer users into paying this fake fine. In reality if one would pay this fine using MoneyPak your money would be send to Cyber criminals and there are no guarantees if your computer will ever be unblocked.
This particular ransomware infection is targeted at PC users from United States of America and exploits the name of U.S. Department of Homeland Security. Other known ransomware infections targeted at computer users from USA uses the names of FBI, The ICE Cyber Crimes Center and many other. Computer users should know that none of the authorities around the world (including The Department of Homeland Security) are using such messages which blocks computer user's screen to collect fines for any law violations. Such messages are used by Cyber criminals to steal money from unsuspecting PC users - if you see such message on your computer's screen you can be sure that your PC is infected with a ransomware infection.
U.S. Department of Homeland Security MoneyPak scam is being distributed using various Trojans and drive-by downloads. Cyber criminals are able to exploit the found security vulnerabilities on one's computer and infiltrate it with such rogue message. Furthermore ransomware infections comes localized so computer users from different countries will see different deceptive messages which would use the names and graphics of local authorities. The best way of preventing ransomware infections is using legitimate antivirus and anti-spyware software, one should also keep your operating system and all of the installed software up-to-date. If your computer is already infected with The Department of Homeland Security scam you should use the provided removal instructions and eliminate this ransomware from your PC.
Fake message presented in U.S. Department of Homeland Security virus:
US Department of homeland Security
National Cyber Security Division
THIS COMPUTER HAS BEEN BLOCKED
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.
Article 164. Pornography involving children. Article 171. Copyright. Article 113. The use of unlicensed software.
To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPak. You have 48 hours to pay the fine. If the fine has not been paid, you will become the subject of criminal prosecution with ought the right to pay the fine. The Department for the Fight Against Cyber activity will confiscate your computer and that You to Court.
Homeland Security virus removal:
Windows XP and Windows 7 users: During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced startup options, in the opened "General PC Settings" window select Advanced startup. Click on "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into Startup Settings screen. Press "5" to boot in Safe Mode with Command Prompt.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Log in to the account that is infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
If you can't start your computer in safe mode with networking, try doing a system restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of U.S. Department of Homeland Security scam.
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing U.S. Department of Homeland Security virus from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Other tools known to remove U.S. Department of Homeland Security virus: