NSA virus (PRISM) ransomware
The NSA virus is a term for dangerous malware categorized as ransomware alike the FBI virus we discovered in 2012 that locks computer screens and claims to contain a message from the NSA (NSA Internet Surveillance Program PRISM Computer Crime Prosecution Section) that states the computer has been locked due to the suspicion of illegal content downloading and distribution. The NSA virus futher claims in order to resolve the situation (unblock your computer) a fine of around $300 must be paid via Green Dot Moneypak cards and other credit services.
Do not pay the fine! The claims made on the NSA lock screen should be ignored, you are not in trouble with the law. This is a computer virus that is in no way associated with the government of the United States and the National Security Agency.
Details from the NSA malware lock screen are detailed below:
NSA INTERNET SURVEILLANCE PROGRAM PRISM COMPUTER CRIME PROSECUTION SECTION YOUR COMPUTER HAS BEEN LOCKED! Your computer has been locked due to suspicion of illegal content downloading and distributing The illegal content (414 Mb of photo and video files) was automatically classified as child pornographic materials. The downloading and distribution of illegal content, in whole or in in part, violate the following U.S. Federal Laws (botcrawl.com): 18 U.S.C. 2251 Sexual exploitation of children (Production of child pornography) 18 U.S.C. 2252 Certain actives relating to material involving the sexual exploitation of minors (Possession, distribution and receipt of child pornography) 18 U.S.C. 2252A Certain activities relating to material constituting or containing child pornography Any individual who violates, or attempts to violate, or conspires to violate mentioned laws shall be sentenced to mandatory term of imprisonment from 6 month to 10 years and shall be fined up to $250,000
In some cases the NSA virus screen claims illegal content has been found and displays child pornography images, similar to other forms of ransomware.
If your computer is infected with the NSA virus ignore the message and images displayed on the screen and use the free removal instructions further below to remove this dangerous computer virus and third-party malware from your computer.
How does the NSA virus (PRISM) infect a computer?
NSA ransomware is contracted via exploit kits and trojan horses often present on compromised websites, email spam, torrents, and compromised social media content.
In most cases malware can remain undetected and collect sensitive user information. Cyber crimes relating to ransomware infections include credit theft, extortion, and identity theft.
How to remove the NSA virus (Ransomware)
- Removal software (Automatic removal) – Detect and remove NSA ransomware
- System Restore – Restore PC to date and time before NSA ransomware infection
1. NSA virus removal software
1. Install the free or paid version of Malwarebytes Anti-Malware software.
Malwarebytes Anti-Malware Editor’s Choice
Latest versions: Malwarebytes Anti-Malware PRO, Malwarebytes Anti-Malware Free
Release date: 2013
2. Once Malwarebytes is installed, open the Anti-Malware program. If you are using the free version of Malwarebytes you will be prompted to update the database, please do so.
3. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan (pictured below).
4. Malwarebytes will automatically detect the NSA virus and third-party malware on your computer. Once the scan is complete, Malwarebytes will prompt a message stating malicious objects were detected. Select (check) the malicious objects in the list and click the Remove Selected button to completely remove the fake NSA malware from your computer (The image below shows a file that is NOT selected for removal – ‘Make sure the box is checked in’).
2. System Restore
A System Restore is an easy solution to restore an infected computer to a date and time before it became infected with NSA virus. To learn more please select a link below.
NSA (PRISM) virus removal tips:
If the NSA virus is difficult to remove there are several steps you can use to troubleshoot the removal process:
Ransomware often infects 1 user account on Windows systems at a time. Here are some tips to remove NSA virus using different user accounts.
- Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
- You can also delete the infected account.
- Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.
Some variants of ransomware use flash and symptoms of the infection can be halted by denying flash via Macromedia’s real-time options. To learn more and deny flash please visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html
Troubleshoot internet/network issues
Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.