NSA virus. How to remove? (Uninstall guide)

removal by Lucia Danes - -   Also known as NSA lock virus | Type: Ransomware
12

What is NSA virus?

NSA virus (also known as NSA Internet Surveillance Program virus) is a serious ransomware, which is used by cyber criminals to block down computers and make users pay for unblocking them. So, when PC gets infected with this cyber threat, user immediately loses Internet connection and finds himself/herself disabled when trying to launch legitimate programs. Besides, instead of typical desktop, NSA virus starts showing its professionally-made notification, which reports about various law violations and asks to pay the fine of $300. It presents as official notification from the National Security Agency and accuses users of storing and distributing child pornography, copyrighted content and similar activities. No matter how trustworthy this alert looks for you, you should never believe it. Instead of paying the fine and losing your money, you should remove NSA virus from the system. This is the only thing that helps to remove the block from the system.

HOW CAN I GET INFECTED WITH NSA VIRUS?

NSA virus is distributed via security vulnerabilities found. In most of occasions, it gets inside its target PC system with infected attachments that arrive in misleading emails presenting themselves as notifications from FedEx, eBay and similar companies. Once it gets inside the system, this Trojan horse modifies some of PC’s parameters and locks down the machine. After that, victim starts seeing such warning that covers entire PC’s desktop:

NSA Internet Surveillance Program
PRISM
Computer Crime Prosecution Section
Your Computer has been locked!
Your computer has been locked due to suspicions of illegal content downloading and distribution.
The downloaded content (photo and video files) was automatically classified as child pornograpjic materials.
(….)
Your case can be classified as occasional/unmotivated, according to 17 (U.S Code)
Thus it may be closed without prosecution.Your computer will be unblocked automatically.In order to resolve the situation in an above-mentioned way you should pay a fine of $300 (MoneyPak)

Please, do NOT believe this fake notification that is used to make people pay invented fine! We highly recommend ignoring it and also using a guide given below that will help you remove NSA virus from the system.

TYPICAL NSA VIRUS BEHAVIOUR

NSA virus locks down your computer and asks a ransom to unlock it. typical ransom sum is 300 USD. Computer is locked and you can not use. Users pay ransom out of desperate, but it dow not solve the problem. Virus stays on the system and ransom can be asked multiple times. you need to get rid of NSA virus manually of with automated help.

HOW TO REMOVE NSA VIRUS?

If you can’t connect to the internet because you are blocked by NSA virus, you have to follow one of these options:

* Flash drive method:

1. Take another machine and use it to download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with NSA virus once more and run a full system scan.

* Manual NSA virus removal:

  1. Reboot you infected PC to ‘Safe mode with command prompt’ to disable NSA virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus to remove remaining virus files.

If you can’t reboot your PC to Safe Mode or Safe Mode with networking, try these options:

* Users infected with NSA virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select ‘Deny’: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove NSA virus you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall NSA virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing NSA virus (2016-04-26)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing NSA virus (2016-04-26)
Hitman Pro
We have tested Hitman Pro's efficiency in removing NSA virus (2016-04-26)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing NSA virus (2016-04-26)

NSA virus manual removal:

Kill processes:
[random].exe

Delete files:
[random].exe

Manual NSA virus Removal Guide:

Remove NSA using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove NSA

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete NSA removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove NSA using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of NSA. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that NSA removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from NSA and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages


  • joey fazzolari

    hi my galaxy S is locked by the NSA scam virus iv been using the public libray i need my android bathis is my last resortPLEASE HELP ME!!!!