NSA Prism Virus Description
NSA Prism Virus is the latest police ransomware virus. Quite a large number of computers in United States of America have suffered from the attack of it. Usually, NSA Prism Virus takes the infected computer hostage and locks it completely, without giving users a chance to do anything. It says you are accused of watching child porn, downloading and distributing copyrighted contents, so it locked your computer. In order to unlock your machine, it asks you to pay a fine of $300 using Moneypak payment system. NSA Prism Virus displays this warning message everytime you start up Windows. In most cases, even you get in safe mode, it stills blocks the access to your desktop. Although, the message of NSA Prism Virus is very scary and convincing, it has nothing to do with the real NSA Internet Surveillance Program. You should realize that it is just a tactic designed by the team of cybercriminals that simply want your money. So, do not pay any money via moneypak into the pockets of these malware developers. All you need to do is to delete this ransomware from your computer as soon as possible. Please follow the detailed removal guide presented below. If you cannot login to safe mode, Have a Live Chat with Mitechmate Online Experts, we will steer you step by step.
NSA Prism Virus Screenshot
NSA Prism Virus Harmful Properties
1. NSA Prism Virus is a fake screen locker and blocks you from using PC
2. It is usually distributed via trojans and invades PC without your consent.
3. NSA Prism Virus displays fake warnings message to intimidate inexperienced computer users
4. It asks for money to unlock the infected computer
5. NSA Prism Virus might corrupt your system files
6. It can steal your computer privacy and compromises your security
NSA Prism Virus Removal Instructions
Step One: Stop NSA Prism Virus processes:
1. Restart your computer in safe mode with networking
2. Click the Start menu>choose Run.
3. Type taskmgr.exe into the Run command box, and click "OK." Task Manager will pop up.
4. Click Processes tab, and find out the malignant processes>right click them and select "End Process" to terminate NSA Prism Virus
Step Two: Manually Delete NSA Prism Virus Files
1. Click start menu, then click "Search."
2. A pop up will ask, "What do you want to search for?" Click "All files and folders."
3. Type the name of the malicious files in the search box, and select "Local Hard Drives."
4. Click "Search." Once any malicious file is found, delete it.
%LocalAppdata %\ NSA Prism Virus \uninstall\random.lnk
%ProgramFiles X86%\suspicious files
%Desktopdir%\ NSA Prism Virus.lnk
Step Three: Open the registry editor and remove NSA Prism Virus registry keys, backup your registry before editing it.
Click the Start menu>"Run." An "Open" field will appear. Type "regedit" and click "OK " to open up your Registry Editor. In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.
1. Registry Editor opens as a two-paned window: the left side lets you select registry keys, the right side shows the values of any selected registry key.
2. To find a NSA Prism Virus related registry key, select "Edit," then select "Find," and in the search bar type any of NSA Prism Virus's registry keys.
3. When the ransomware registry key appears, right-click it, and select "Modify," then select "Delete."
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ NSA Internet Surveillance Program virus HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DisplayIcon %AppData%\[random]\[random].exe,0
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Uninstall\DisplayName System Care Antivirus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Uninstall\ NSA Internet Surveillance Program virus \ShortcutPath “%AppData%\[random]\[random].exe” -u
HKEY_CURRENT_USER\Software\ NSA Internet Surveillance Program virus
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[*Random*].exe” /START “%1? %*’
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Uninstall\system\UninstallString “%AppData%\[random]\[random].exe” –u
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[*Random*].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’