NSA virus - How to remove?
NSA virus (or NSA Internet Surveillance Program virus) is a ransomware program that was designed by cyber criminals in order to rip off random computer users. It’s a malware that blocks access to all programs of infected computers, accuses users of violating the United States law and demands paying a fine for that.
NSA virus infiltrates into computers with a help of Trojan viruses. Once inside, it locks all programs and displays a message in the middle of the screen claiming that your system has been blocked because of law violations and you have to take responsibility for that and pay a fine as soon as possible. The message by NSA virus looks like this:
NSA Internet Surveillance Program
Computer Crime Prosecution Section
Your Computer has been locked!
Your computer has been locked due to suspicions of illegal content downloading and distribution.
Your case can be classified as occasional/unmotivated, according to 17 (U.S Code)
Thus it may be closed without prosecution.
Your computer will be unblocked automatically.
In order to resolve the situation in an above-mentioned way you should pay a fine of $300 (MoneyPak)
As you see, it looks like it is sent by the U.S. police. Despite its scary appearance, it has nothing to do with any law institution as it was designed by cyber criminals. It’s a scam that was developed only for financial benefits. You should never believe what NSA virus message claims as you will only lose your money.
Pay attention that it tells you to pay a fine using MoneyPak payment system which allow you to make quick transfers using pre-paid cards. It is completely impossible that police would use this method to collect fines. Do not trust this message and remove NSA virus immediately after getting your system blocked.
If your system has been locked, remove NSA virus as soon as you detect it on your computer. It is a tricky virus so removal of it can be a little bit complicated. If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for NSA virus but some others might be used.
- Restart the system once again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify NSA virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for NSA virus files and delete the registry keys referencing the files
- Try to reboot and scan with Reimage, SpyHunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of NSA virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. NSA virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of NSA virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and http://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.