Remove Nusar Ransomware (.nusar Decryption)

Nusar ransomware is a hazardous virus with file-locking as its integral part of attack mechanism. The infection with this virus usually commence when user executes malicious attachment from a spam email messages. Though, users can only be blame partly because this malicious mass-mail campaign perpetuated by Nusar authors are cleverly disguising to be coming from a prominent brand or organization, which contains messages that can easily persuade users to open the attach file.

On some instances, Nusar can penetrate a computer when web users interacts with malicious advertising campaign run by cyber crooks to disseminate their ransomware codes. Pop-up advertisements, social engineering modus, deceitful banners, and fake software update are just some set of techniques that Nusar creators are utilizing to persuade users into downloading their executable file.

Once obtained and run, the malware will inject several malicious files on the computer and most of it are placed on System folder that routinely executes through a couple of registry entries. On the final stage of Nusar ransomware attack, the virus searches the computer for target file types and encrypts them with complex algorithm. Infected files can be easily distinguished due to appended .nusar extension. Keep in mind that Nusar does not just rename the data and reversing these changes will never be helpful to regain access. As stated in the ransom note, “The only method of recovering files is to purchase decrypt tool and unique key for you.” This is true especially if malware researchers have yet to create a free decryption tool for .nusar-infected files. See the screenshot image below for ransom note generated by Nusar ransom virus.

Screenshot of Nusar Ransom Note

The general recommendation of security professionals is to avoid dealing with authors of Nusar ransomware, instead, temporary archive infected files while waiting for the decryption tool. They insist that paying the ransom money will never guaranteed the recovery of files because victims are dealing with cyber criminals that usually flee after receiving the payment.

Nusar Removal Procedure

Below is a systematic instruction that is very useful in getting rid of the Adware on compromised Windows computers. Aside from removing the malicious browser extension, this guide is also helpful for deleting pop-ups and redirects. In order to totally eliminate the threat, it is vital to follow the process in exact manner

Quick Fix - Scan the PC with Combo Cleaner for Windows

Combo Cleaner is a trusted PC security and optimization tool equipped with a powerful virus and malware detection engine. This program can get rid of adware like Nusar through this procedure.

1. Download the application from the following page:

2. Save the file to your preferred location.

3. Double-click the downloaded file CCSetup.exe and install with the default settings.

CC for Windows Installation

4. At the end of the setup process, click Finish to run Combo Cleaner.

5. The tool will update the signature file; please wait for this process to complete.

6. To begin checking for threats like Nusar, click on the Start Scan button. Wait for this scan to finish.

CC for Windows Start Scan

7. At the end of the scan process, click on Remove all threats to delete Nusar adware, including all malicious objects from the computer.

Free features of Combo Cleaner for Windows include Disk Cleaner, Big Files finder, Duplicate files finder, and Uninstaller. To use antivirus, privacy scanner, and to delete identified threats, users have to upgrade to a premium version.

Please continue with the succeeding removal procedures if you are comfortable manually getting rid of the threat and malicious items linked to it.

Step 1 : Turn Off Sync on Google Chrome

At this point, it is crucial to turn off Google Sync to prevent Nusar from restoring if in case it has exploited this feature. Follow the procedures below to sign out and turn off sync.

1. Open Google Chrome application.

2. On top address bar, please type the following:

chrome://settings/syncSetup

3. Once you are in the Sync and Google Services, click on the Turn Off button.

Google Chrome Sync Turn Off Image

4. If it prompts for the confirmation, click on Turn Off once again.

5. The process will turn off the sync and logout the Google account as well. Please restart Google Chrome browser and proceed with the remaining steps.

Remove the Nusar Extension from Google Chrome

1. Open your Google Chrome browser.

2. Type chrome://extensions/ in the address bar and press Enter on the keyboard.

Chrome URL

3. Find Nusar or any relevant entry and remove it from the Google Chrome browser.

Uninstall the Nusar Extension from Mozilla Firefox

1. Open the Mozilla Firefox browser.

2. Type about:addons in the address bar and press Enter on the keyboard.

Firefox URL

3. Choose Extensions from the sidebar menu.

4. Look for an object that pertains to Nusar and remove it from the browser.

After deleting the malicious browser extension, it is expected that pop-ups and other troubles will be gone from the internet browser.

Remove Nusar from Microsoft Windows and Edge Browser

1. On your keyboard, press Windows Key + R and then, type the appwiz.cpl command.

2. The Program and Features window will open. Arrange the list in a chronological manner, with recently installed applications on top. To do this, click on the 'Installed On' column.

Add-Remove Malware

3. Select Nusar or a recently installed unwanted entry. Then, click on Uninstall to remove it from the Windows system.

If Nusar is still present on the browser and there are still homepage and pop-ups, another option is to remove the adware from the browser settings.

4. Open the Microsoft Edge program.

5. Input edge://extensions/ in the URL bar and press Enter on the keyboard.

6. Look for and Remove or Disable entries for Nusar from the Installed Extensions area. Additionally, delete the same object from the Search Providers section by executing the Hijacker Removal Procedure for Edge.

7. Close the window and restart Microsoft Edge.

Step 3 : Scan the computer with Sophos Antivirus

To remove Nusar automatically, scanning the computer with this powerful virus and malware removal tool is recommended. This scanner does not just uncover known threats like viruses or malware; it is also effective in discovering adware like Nusar.

1. Download the Sophos Virus Removal Tool from the link below. Save the file on your computer where you can easily access it.

2. Once the download completes, browse the location of the file. Double-click to run the program and begin the installation process.

3. On the first window of the installation wizard, click Next to continue. Then, it will display the program’s License Agreement. You need to Accept the terms in order to proceed. If Windows prompts for User Account Control, please click Yes to proceed.

4. On succeeding windows, click Next or Continue to carry on with the installation. After completing the installation process, Launch the Sophos Virus Removal Tool.

5. An internet connection is required when running this scanner in order to download important updates. Make sure that everything is up-to-date to effectively remove adware like Nusar.

6. Click the button to carry out the Scan. This will check the system for the presence of malicious objects, malware, and viruses. The tool reveals items that were found linked to Nusar and other suspicious entities. Be sure to remove all identified threats.

Screenshot of Sophos Virus Scan

The above procedures should have totally eliminated the Nusar adware. However, if you find that there are still remnants of the threat, please proceed to the succeeding procedures below.

Step 4 : Scan and Delete Adware with AdwCleaner

In addition to the procedure, we suggest scanning the computer with the AdwCleaner tool. Possibly, there are some traces of Nusar on the browser that were not deleted during the preceding steps. This tool will scan the computer and check for the presence of malicious applications as well as invalid browser entries that produce annoying pop-ups.

1. Follow the link below to download the tool called AdwCleaner.

2. When the download has completed, please close all running programs on the computer, especially browsers affected by Nusar.

3. Browse to the location of the downloaded file and double-click on adwcleaner_Ver.exe to start running the tool. Then, click on the Scan button.

Image of AdwCleaner Dashboard

4. AdwCleaner searches the computer for malicious programs, extensions, plug-ins, adware, and any items that may be associated with Nusar. It will also check for suspicious entries in browser settings.

5. Clean or Remove all suspicious and harmful items identified after the thorough scan.

6. After the cleanup procedure, rebooting the computer is required to finalize the removal of the detected threats.

Check if your internet browser application is no longer being bothered by Nusar. If the adware still persists, please continue with the steps below to reset internet programs to their default settings.

Optional : Reset Internet Browser Program

Cleaning your internet browser from clutter and unwanted add-on/extension is a must when dealing with Nusar. The procedure below discusses on resetting various browsers to their default state.

Restore Google Chrome to Default Settings

Resetting Google Chrome to its default settings is helpful in deleting hard-to-remove extensions, such as Nusar. This method is highly advisable to perform if you have difficulty removing unwanted extensions.

1. Open the Google Chrome internet browser.
2. On the address bar, type chrome://settings/reset and press the Enter key.
3. Click on Reset Settings on the sidebar and choose Restore settings to their original defaults.
4. On the confirmation window, click the Reset settings button to clear all entries for Nusar.
5. Close the existing tab and restart Google Chrome. That should have removed the Nusar extension and associated objects.

Reset Mozilla Firefox to Default

This section describes how to remove unwanted extensions from Firefox that may be related to Nusar. This process can fix many browser issues by restoring Firefox to factory settings without affecting your essential information (bookmarks, browsing history, passwords, and Internet cookies) on the browser. If you desire to remove only a specific extension, please see the manual removal of add-ons from Firefox.

1. Input the string about:support on the Firefox web address and press Enter on the keyboard.
2. You will now see the Troubleshooting Information page of Mozilla Firefox.
3. You will notice a section in the upper-right corner of the screen stating, Give Firefox a tune-up. Click the Refresh Firefox button.
4. If a confirmation window appears, click Refresh Firefox to continue.
5. Firefox browser will close and start the resetting process. When done, it will display a list of restored data. Nusar should be gone by now. Click Finish to open a fresh version of Firefox.

Restore Microsoft Edge to Default Settings

1. Open the Microsoft Edge browser.
2. On the address bar, please input edge://settings/reset and press Enter on the keyboard.
3. Once you are on the Reset Settings page, click on Restore settings to their default values.
4. A confirmation window will appear; click on the Reset button to continue.

Your data, like favorites, bookmarks, and history, will remain in the browser. However, this process will delete add-ons by Nusar and other unknown objects.

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *