NSA virus  

NSA virus. How to remove? (Uninstall guide)

by ,   Also known as Ukash virus, Police virus | Type: Ransomware

NSA virus (also known as NSA Internet Surveillance Program virus) is a serious ransomware, which is used by cyber criminals to block down computers and make users pay for unblocking them. So, when PC gets infected with this cyber threat, user immediately loses Internet connection and finds himself/herself disabled when trying to launch legitimate programs. Besides, instead of typical desktop, NSA virus starts showing its professionally-made notification, which reports about various law violations and asks to pay the fine of $300. It presents as official notification from the National Security Agency and accuses users of storing and distributing child pornography, copyrighted content and similar activities. No matter how trustworthy this alert looks for you, you should never believe it. Instead of paying the fine and losing your money, you should remove NSA virus from the system. This is the only thing that helps to remove the block from the system.


NSA virus is distributed via security vulnerabilities found. In most of occasions, it gets inside its target PC system with infected attachments that arrive in misleading emails presenting themselves as notifications from FedEx, eBay and similar companies. Once it gets inside the system, this Trojan horse modifies some of PC’s parameters and locks down the machine. After that, victim starts seeing such warning that covers entire PC’s desktop:

NSA Internet Surveillance Program
Computer Crime Prosecution Section
Your Computer has been locked!
Your computer has been locked due to suspicions of illegal content downloading and distribution.
The downloaded content (photo and video files) was automatically classified as child pornograpjic materials.
Your case can be classified as occasional/unmotivated, according to 17 (U.S Code)
Thus it may be closed without prosecution.Your computer will be unblocked automatically.In order to resolve the situation in an above-mentioned way you should pay a fine of $300 (MoneyPak)

Please, do NOT believe this fake notification that is used to make people pay invented fine! We highly recommend ignoring it and also using a guide given below that will help you remove NSA virus from the system.


If you can't connect to the internet because you are blocked by NSA virus, you have to follow one of these options:

* Flash drive method:

1. Take another machine and use it to download SpyHunterSTOPzilla or Malwarebytes Anti Malware.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with NSA virus once more and run a full system scan.

* Manual NSA virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable NSA virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated SpyHunter or STOPzilla to remove remaining virus files.

If you can't reboot your PC to Safe Mode or Safe Mode with networking, try these options:

* Users infected with NSA virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
SpyHunter - remover Happiness
Compatible with Microsoft Windows
What to do if failed? If you failed to remove infection using Webroot SecureAnywhere AntiVirus SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.
SpyHunter is recommended to uninstall NSA virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of SpyHunter malware removal tool.

More information about this program can be found in SpyHunter review.

If you decided to select another anti-spyware, uninstall SpyHunter from your computer.
more than 40.000.000 downloads!
Webroot SecureAnywhere AntiVirus is recommended remover to uninstall NSA virus. You should confirm using free trial that it detects current version of parasite.
Not using OS X? Download a remover for Windows.
Alternate Software
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2013-09-24 05:06)

NSA virus manual removal

Kill processes:
Delete files:

Geolocation of NSA virus

Map reveals the prevalence of NSA virus. Countries and regions that have been affected the most are: United States.

Removal guides in other languages

Information updated:

Comments on NSA virus

joey fazzolari
hi my galaxy S is locked by the NSA scam virus iv been using the public libray i need my android bathis is my last resortPLEASE HELP ME!!!!

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)
Like us on Facebook