Severity scale:  
  (99/100)

National Security Agency virus. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Ukash virus, Police virus | Type: Ransomware
12

What is National Security Agency virus?

National Security Agency virus is a dangerous ransomware, which is mostly spread in USA. It seems that this cyber threat belongs to the same, a well-known family of viruses, which is known as ‘Ukash’. As soon as it infiltrates computer, it blocks the system and starts showing a huge warning message. Beware that it is displayed just for making victims to pay a fine. Victims of NSA virus should be prepared for a requirement to pay $300 via GreenDot MoneyPak prepayment system. Of course, you should never do that because this is fake warning message, which lists invented crimes, such as the distribution of child pornography, the use of copyrighted content, etc. In reality, you can ignore this warning. However, in order to ‘unlock’ the system, you will have to remove National Security Agency virus from it.

UPDATE! There is a new version of NSA ransomware, which is capable of affecting Android devices. As soon as it infiltrates this OS, it blocks it and asks to pay a ransom of $500. This time, it asks to do that via PayPal My Cash Card. According to PC security experts, this threat is an updated version of SimpleLocker virus, which was noticed some time ago. Similarly to this ransomware, NSA virus can be downloaded as a legitimate app. Once it enters the system, it uses a legitimate messaging service called XMPP for communicating with its command and control network. However, the main thing what it seeks is to encrypt important victim’s files and make the victim to pay the ransom. If the screen of your Android device is covered with an officially-looking warning from National Security Agency, there is a huge chance that you are dealing with ransomware. In this case, you should install BullGuard Mobile Security and scan your device with this application.

NSA virus

How can National Security Agency virus infect my computer?

Just like NSA virus, National Security Agency virus is mostly distributed via Trojan horse, which can infiltrate computer without any sign. For avoiding it, please stay away from officially-looking emails that claim that they were sent by legitimate companies, such as fedex, ebay, Amazon and others. Besides, never click on links that offer updating programs. Instead of that, visit official software websites and download these updates. As soon as this trojan infects computer, it makes several changes in system settings and locks it down. As a result, victim starts seeing a legitimately-looking message, which is NOT related to NSA or other governmental authority. It claims “Your computer has been locked”, and asks to make a payment of $300 within 72 hours. Please, never follow this requirement because you will lose your money! In order to unlock your computer, you simply need to remove National Security Agency virus from the system ASAP.

How to remove National Security Agency virus?

If your computer is locked by National Security Agency virus, you are seriously infected. For unlocking the system and eliminating this virus, follow these instructions:

  1. Reboot your infected computer.
  2. Click Start -> Run and enter https://www.2-spyware.com/download/hunter.exe (if your are blocked by ransomware, press alt+tab and continue entering this address)
  3. A warning that belongs to ransomware may show up again. In this case, press Alt+Tab and “R” as much as needed.
  4. Install anti-malware and run a full system scan to remove malicious files from the system.

Manual National Security Agency virus removal:

  1. Reboot you infected PC to ‘Safe mode with command prompt’ to disable thisI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage or other reputable security software.

Flash drive method:

1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with National Security Agency virus once more and run a full system scan.

* Users infected with these ransomware threats are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select ‘Deny’: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

If you are infected with the NSA ransomware that is blocking your files and asking to pay a ransom in exchanges for the decryption key, you should use a guide below:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove National Security Agency virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall National Security Agency virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
National Security Agency virus snapshot
NSA virus (Android version)

National Security Agency virus manual removal:

Kill processes:
[random].exe

Delete files:
[random].exe

Manual National Security Agency virus Removal Guide:

Remove National Security Agency using Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove National Security Agency

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete National Security Agency removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove National Security Agency using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of National Security Agency. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that National Security Agency removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from National Security Agency and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

Removal guides in other languages


  • Valerie

    My son has this on his phone from trying to research marijuana for a school paper. It is the only screen that will show on the phone at all, do how can I download the suggested program when the phone will not allow me to get out of the NSA screen?