NSA Internet Surveillance Program ransomware virus help

[keakar]

,

The NSA Internet Surveillance Program virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of a MoneyPak voucher. The malware’s authors prefer these payment services because transactions made through them cannot be reversed and are hard to trace.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus NSA Internet Surveillance Program notification shows what is happening in the room.

details on how to try to get rid of it after being infected: http://malwaretips.com/blogs/nsa-internet-surveillance-program-virus/

plus this virus encrypts your windows files so even after you disable and remove it, windows security systems seams unrepairable and I find it takes less time to just reinstall windows since all the complicated directions to re-edit half your registry only to find missing or disabled .dll files still wont let some things work like windows security, task manager, system restore, and functions that let you look into the registry and repair it.

this is old news to many of you im sure but my question is this, since our government has mandated the back door be left wide open so a truck can drive in and steal your computer, is there a way we can lock this door ourselves? it seams no spyware or anti-virus can detect or stop the NSA virus because it comes in as our government wanting access and is allowed. is there something that can be done to block this security loophole?

I use avast anti-virus and it stops more virus then anything else I ever used so I dont think its just a weak anti-virus thing but this one virus seams immune from detection or being blocked and it seams without fail at least once a year this damn thing finds its way back on my computer and it is frustrating to no end.

can anyone offer a way to block this thing?

 

[xvi]

Off the shelf router/firewall and keep up to date on Windows Updates should do the trick for the most part. Also, be careful what you restore from a backup.

 

[Maban]

The best way to block it is education. If you can learn to spot malware and take common sense steps to prevent it, then you have the best antivirus there is.

 

[keakar]

The best way to block it is education. If you can learn to spot malware and take common sense steps to prevent it, then you have the best antivirus there is.

the above advice is accurate and well founded for most things and amateurs should head this advice carefully but even this advice would not prevent this type of virus, it gets on your computer through the browser and you click on or open nothing to get it. its not about clicking on a box to open something you don't understand.

I got my last infection opening yahoo mail as an example, another time last year it was when I opened this website, its not like im clicking on a bunch of crap or opening porn or anything. this thing attacks you simply by being online hooked to the internet by a browser

 

[bubbleawsome]

Also, to be fair, avast isn't the best. It leave many things undetected and hogs resources. Things like malwarebytes are much better.

 

[Heaven7]

The best way to block it is education. If you can learn to spot malware and take common sense steps to prevent it, then you have the best antivirus there is.

+1, this malware has been around for so long, everyone should have heard of it by now. Those new "CryptoLocker" variants do a lot more damage though, even if you are educated enough not to pay the "fine"... Your only weapon is a reliable & complete system image, one that you thoroughly checked before making the backup. A windows reinstall should only be your absolute last resort, only recommended if you really don't have even one clean sys image ready. The repair link above says it all, it always works but it can't decrypt your files I'm very interested in this malware, as it's so common now and I've tried deliberately to let this loose on several of my VMs, even my main OS for testing. It was only possible after I deactivated each and every security measure. keakar, if your Avast! let this through, it is not up to the task! There might also be other reasons, browser configuration or system security settings. A decent AV however should always detect this well-known malware.
As for blocking this thing - Malwarebytes and Spybot S&D both offer "Resident Protection" against malware (Spybot for free, Malwarebytes in their PRO-version), this might help but I haven't tried any of these yet. I do believe it could give you some extra layer of protection, though.

 

[keakar]

Off the shelf router/firewall and keep up to date on Windows Updates should do the trick for the most part. Also, be careful what you restore from a backup.

I have a double router and modem, all with firewalls (that's 3) plus windows firewall (4) and up to date good anti-virus and spyware tools.

I don't think you guys understand what this thing is, it comes in using a designed back door used by law enforcement/NSA to access your computer remotely. its built into windows on purpose and bypasses firewall protections. it was installed in older versions of windows by windows updates
as mandated by the US government through the 9-11 act where they were granted unlimited access to all US computers and computer systems on demand.

 

[rtwjunkie]

It's not his Avast! antivirus. If it were not up to the task, then I would also have. Avast! is a very good AV. It may not be #1, but it's reliable and effective, and uses only a small amount of resources (it's alot less than older versions). Personally I would say browsing habits will be the primary contributor to not getting this. It's still pretty rare, because neither I nor anyone I know has gotten it.

 

[Heaven7]

I don't think you guys understand what this thing is, it comes in using a designed back door used by law enforcement/NSA to access your computer remotely. its built into windows on purpose and bypasses firewall protections. it was installed in older versions of windows by windows updates
as mandated by the US government through the 9-11 act where they were granted unlimited access to all US computers and computer systems on demand.

You do realize that this a very well-known scam, using anything from government agencies, the police, media copyright holders etc. to make it look legitimate? There are thousands of variants, each of them sharing the same goal: to get your money (or just wreak havoc on your PC). The example in the link you provided is just one of them. If the NSA really were to infiltrate your system, they wouldn't be so stupid as to ask for 300 bucks and prevent your PC from booting. They would do it without you ever knowing... I for myself don't believe also that any updates will fix this malware (however even Microsoft Security Essentials managed to detect this for me), but I do not think there's any dark conspiracy going on - least I hope so
@ rtwjunkie: I didn't mean to trash Avast! - Like you mentioned, it's probably lousy security settings in keakar's browser - please tell us more details, keakar, we might be able to help.

 

[REAYTH]

Did you check your MBR for a root kit? A properly locked system this should be a non-issue.

 

[rtwjunkie]

@ rtwjunkie: I didn't mean to trash Avast! - Like you mentioned, it's probably lousy security settings in keakar's browser - please tell us more details, keakar, we might be able to help.

Not a problem, I didn't take it badly! I was just adding my viewpoint. We all have our own based on our experiences or observances. We have 3 different AV on 3 different computers in the house, so I'm not a complete brandboy!

 

[Heaven7]

Did you check your MBR for a root kit? A properly locked system this should be a non-issue.

This malware doesn't need the MBR. It's just a few registry/autostart entries. Both MBAM and MBAR can easily remove this. Remember, rootkits above anything else, try to remain undetected.

 

[REAYTH]

This malware doesn't need the MBR. It's just a few registry/autostart entries. Both MBAM and MBAR can easily remove this. Remember, rootkits above anything else, try to remain undetected.

He keeps getting re-infected. Something is letting it in OR his system doesn't have a proper AV.

 

[rtwjunkie]

He keeps getting re-infected. Something is letting it in OR his system doesn't have a proper AV.

If he has System Restore running whatever gets cleaned out is still in there and will reinfect the system.

 

[Heaven7]

If he has System Restore running whatever gets cleaned out is still in there and will reinfect the system.

+1! The first thing you should disable! Convenient for small issues, but a lifesaver for malware! Take the time to do a complete backup (again, check everything's clean), and you should be out of trouble.

 

[REAYTH]

If he has System Restore running whatever gets cleaned out is still in there and will reinfect the system.

Time for the Umpa Lumpas to do some Low level format dancing.


ALSO system restore points are never a year old. They get recycled.

 

[keakar]

He keeps getting re-infected. Something is letting it in OR his system doesn't have a proper AV.

its not as bad as it sounds but I have got it 3 times in the last 5 years and each time its a simple matter to remove it but the corrupted files left behind mean windows is permanently corrupted for "some" fuctions.
most often its task manager wont work or missing boot files but this time with this variant its system restore and security systems wont work

You do realize that this a very well-known scam, using anything from government agencies, the police, media copyright holders etc. to make it look legitimate? There are thousands of variants, each of them sharing the same goal: to get your money (or just wreak havoc on your PC). The example in the link you provided is just one of them. If the NSA really were to infiltrate your system, they wouldn't be so stupid as to ask for 300 bucks and prevent your PC from booting. They would do it without you ever knowing... I for myself don't believe also that any updates will fix this malware (however even Microsoft Security Essentials managed to detect this for me), but I do not think there's any dark conspiracy going on - least I hope so
@ rtwjunkie: I didn't mean to trash Avast! - Like you mentioned, it's probably lousy security settings in keakar's browser - please tell us more details, keakar, we might be able to help.

I probably have the wrong impression what this thing is and how it works but internet posts make it sound unstoppable and there is nothing you can do once you get it.

I guess im just pms'ing over this because you would think even the most basic antivirus or spyware remover would have a way to block this stuff but mainly im mad because I was stupid and forgot to turn on my backup software so im screwed and cant do a backup restore.

as to my setup and situation, call my an novice (that knows better but didn't) I just used default installed settings for windows 7 as installed and the only thing I do is turn off the permission and notification box thing about making changes to the computer so maybe that's my whole problem.

I am mad at myself and feeling stupid because maybe turning that off or just not learning everything I need to do is my problem.

I used to know (mostly learned here at this website years ago) all the settings to go into xp and turn off access and things and such to make the computer secure but I have gotten lazy after win 7 and just used default settings.

ok so lets pick this up at the beginning of a new day then:

if you don't mind lets assume I am starting from scratch (since now I will be after format and reinstall) so please advise on step by step things and settings I need to change after installing windows 7 home premium 64 bit for best security and safety as well as optimum performance.

also

can you advise the best antivirus that is not bloated with extras you don't need?

can you advise the best spyware remover that is not bloated with extras you don't need?

can you advise the best antispyware that is not bloated with extras you don't need?

can you give your opinion on Microsoft essentials, if they are any good or not worth using because other things are better?

basic stuff you would advise a novice what they need to best protect their computer.

please re-educate me on the best ways and things to use to protect my computer.

by the way I use "AOMEI Backupper" as my backup utility and find it very easy and simple to use without being confusing.

 

[Heaven7]

Whoa! This might take some time... Don't worry, people around here gladly will help you out. Like rtwjunkie said, people will offer you their suggestions based on their experiences - so don't be afraid to get different answers to your questions I'll try to restrain my brandboy self as best as I can...

 

[keakar]

Whoa! This might take some time... Don't worry, people around here gladly will help you out. Like rtwjunkie said, people will offer you their suggestions based on their experiences - so don't be afraid to get different answers to your questions I'll try to restrain my brandboy self as best as I can...

I understand and throw it at me guys, I realize everyone has their favorites so I will take all the suggestions and decide from the most popular choices

 

[rtwjunkie]

I'm getting ready to be away from TPU for most of evening, so I'll have to get on this tomorrow. Hopefully by then you still need some suggestions!

 

[Heaven7]

Ok, so I'm first? Let's go, then.

First off, you should consider buying an SSD for installing your OS, this will make you happy every day. Install Windows 7, check automatic updates - after completion this is the first thing you'll want to do - update.
Next, disable the "remote registry service". Press the Windows key + R, type in "services.msc" and set this service to "disabled". Turning off the "Remote differential compression" under "Programs and Features" -> "Install/uninstall Windows Programs" will enhance speed (it did for me, at least).
Then, disable System Restore an ALL drives (go to the control panel to do so).
Basic installation awareness: Do not opt to participate in any "improvement programs" nor should you allow any automatic "error reporting". ALWAYS check every option you selected. If you are offered a "Custom Install", DO it.
Then you absolutely need to make your browsing more secure! I recommend Firefox, download it and get the following vital add-ons:
AdBlockPlus, Ghostery, HTTPS Everywhere and NoScript. Set it as your default browser and do not use Internet Explorer, if you can.
Get your AV! I personally recommend AVG, their free version is OK, however you really should invest the few extra bucks for the paid Internet Security version. Update it and allow "in the cloud" verification. Then perform a full scan, be careful to enable "scan for PUPs", "enable thorough scanning" and "enhanced set of PUPs" in the advanced options under "Scans".
Malwarebytes Anti-Malware is your friend out there. Install it and don't choose the free PRO-trial, unless you want that extra protection. I can't tell you if this will interfere with your AV, though - never tried it.
Spybot S&D is the second tool of my choice. Download version 1.6.2 (and this version only!), it can "immunize" your hosts-file, blocking the most atrocious & well-known badsites from being accessed. It also is a little more thorough than Malwarebytes, if it can't detect this and that. Set it to scan "all file sets". Forget Microsoft Security Essentials, bottom-of-the-line, IMO.
Install Priform's "Ccleaner" to rid your system of junk, one of the most popular downloads out there Check it out!
Set Windows Backup to automatically run (best on an external disk, if available) and let it "include a system image". If you have a blank DVD handy and you don't have an original Win7 disc, use the "Create a system repair disc" feature now. I personally use "DriveImage XML", a wonderful lightweight backup program, should you need an alternative.
After that, install all programs that you need (duh!), the FlashPlayer for your browser should ONLY be downloaded from www.adobe.com ! Don't klick on anything that says "Klick! "Klick me!" "Free offer! "Yu win 5 milion dolarsc!" Be rational and alert while on the internet. You know that, of course.
Run regular scans with your AV and the anti-malware programs, and if you're certain your system is clean, back it up now!
Those are my personal "brandboy" recommendations I'm sure others may disagree, but you have the advantage of getting a variety of (hopefully) good alternatives. Hang in there, keakar!

 

[FireFox]

,

it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of a MoneyPak voucher.

It happened to my once, all what i did was Re-install windows.

 

[Heaven7]

It happened to my once, all what i did was Re-install windows.

I guess that means you didn't have a reliable backup available, then?

 

[FireFox]

I guess that means you didn't have a reliable backup available, then?

thats right.

 

[Heaven7]

Sorry to hear about it Hopefully you didn't have to waste too much time getting your system back up again... I've done it many times in the past - nowadays I love a good backup