General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThis just happened to my daugter's computer. Be aware!
Has anyone experienced this? Can the screen be unlocked without having to pay for repairs?
If your computer is locked, and you are seeing a This computer has been blocked! notification from the U.S. Department of Homeland Security, then your computer is infected with a piece of malware known as Trojan Urausy.
This threat is distributed through several means. Malicious websites, or legitimate websites that have been compromised, may drop this Trojan onto a compromised computer. This drive-by-download often happens surreptitiously. Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software.
The U.S. Department of Homeland Security virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.
Once installed on your computer, the U.S. Department of Homeland Security virus will display a bogus notification that pretends to be from a law enforcement agency, and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The U.S. Department of Homeland Security virus will lock you out of your computer and applications, so whenever youll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of a Green dot MoneyPak code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus U.S. Department of Homeland Security notification shows what is happening in the room.
The U.S. Department of Homeland Security virus locks the computer and, depending on the users current location, displays a localized webpage that covers the entire desktop of the infected computer and demands payment for the supposed possession of illicit material.
http://malwaretips.com/blogs/u-s-department-of-homeland-security-virus/
PowerToThePeople
(9,610 posts)Me@MyComp:~/Desktop$ uname
Linux
http://distrowatch.com/
tridim
(45,358 posts)Not saying your daughter is one.
Thanks for the post.
hobbit709
(41,694 posts)Boot up in safe mode with networking. If you don't already have it, download Malwarebytes Antimalware and install. Run it to clean out system,. Also disable Javascript-that's how it gets in.
matthews
(497 posts)their Grandmother about it. Including the FCC and the FBI (because this was an impersonation of a government agency). They told me this comes from 'overseas' and there's nothing the can do about it, and it's been going around for a long time.
That makes me laugh. The government can capture all our information, demand it from e-mail providers and snag all our phone calls, practically tell you what color and brand of undies you're wearing. But they can't stop this virus.
riqster
(13,986 posts)It makes you wonder if they really CAN gather all the data that is claimed, or if it's just an intimidation campaign.
matthews
(497 posts)riqster
(13,986 posts)Organizations work from priorities.
If I wanted to scare a citizenry, I could develop a TIA-like system to monitor their every online or broadcast move. OR,
I could build part of it, and use that to outrage, intimidate, and distract the populace. The second option would be far cheaper, easier to control, and just as effective.
Either way, these programs have got to go.
mfcorey1
(11,001 posts)riqster
(13,986 posts)In this case, for example.
Dash87
(3,220 posts)This can't be admitted, though, because that's when the funding dries up.
dipsydoodle
(42,239 posts)search topic and you should a video which tell you how to restore to normal without too much effort.
frylock
(34,825 posts)Use combofix as a last resort.
cthulu2016
(10,960 posts)In one of the application data folders within one of the identities under Documents and Settings is a program named *.exe where * is a string of random numbers and letters, that was created the day the problem started.
A typical place would be DOCUMENTS AND SETTINGS/ADMINISTRATOR/LOCAL SETTINGS/APPLICATION DATA, but it can be elsewhere.(There are several different application data folders)
Delete sf76f98dsfn.exe (whatever it has named itelf) and restart and run your antivirus program to clean up stray garbage left behind. (Like it being one of the programs that runs at startup).
The justice department one is just a different face on the "anti-virus scanner" scam, where the virus breaks the computer in order to sell you fix.
(BTW, if you bought the fix it would probably be yet another virus.)
These things are pretty simple but when active they disable the functions you need to shut them down. (file browsing, ctrl+alt+del, virus scans), thus you have to shut down and open in safe mode to get at them.
dionysus
(26,467 posts)to get around it, I threw in a different hard drive as the primary, and put the infected drive as the secondary HD. since the infected drive was not the boot drive, the virus didn't start.. so I was able to find the files and delete them.
Then I switched the drives back and I was good to go.
a kennedy
(29,703 posts)wants to "fix" my computer. I do have a mac, but sheesh, I wouldn't have the foggiest idea on how to do what you just did.
Rex
(65,616 posts)floating around in the cloud. The hackers even stole the FBI's REAL Lock out page from their own servers! Looked dam real, but once again just a malware front that the ordinary person would have no idea how do disengage from.
AllINeedIsCoffee
(772 posts)A few less dollars in the libertarian coffers for the fools that fall for it.