What is NTSRV?
NTSRV is an adware and a Potentially Unwanted Program by the method of distribution. After the installation NTSRV adds malicious files and registry entries that generate ads and restart the adware with the system reboot. Users will at once notice ads filling the screen while browsing the Internet. The danger of these ads is hidden in their origin – none of them is connected with a real manufacturer and is created to give information on beneficial deals and sales. True nature of the ads brought by NTSRV is to redirect user to promoted websites that can be commercial, or worse – malicious. The ads will reappear until you remove NTSRV, so it’s safer to delete the adware ASAP.
How NTSRV gets on your PC?
As it’s been revealed after several security analyses, NTSRV is mostly distributed with the help of other software. NTSRV gets attached to a freeware setup and is installed alongside with it. To prevent users from deselecting it, the developers of NTSRV hide their product in the steps of Advanced or Custom installation mode. So, it’s highly recommendable to check the additional steps of setups and uncheck the software that looks suspicious.
How to remove NTSRV from your computer?
To uninstall NTSRV remove it from Control Panel, then delete all files and regkeys.
In our view, there are 3 products that potentially have NTSRV in their database. You can try to use them for removing NTSRV.
Recommended Solution:
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to NTSRV – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Alternative Solution:
Norton Antivirus – detects files, registry values and folders of viruses that show the same behavior as NTSRV.
You can try both of these products to remove NTSRV
Or uninstall NTSRV manually.
Step 1: Remove NTSRV from Control Panel
Windows XP:
- Click Start.
- Control Panel.
- Then click Add or Remove Programs.
- Find NTSRV.
- Click Uninstall.
Learn more about uninstallation of programs in Windows XP.
Windows 7/Windows Vista:
- Click Start.
- Then Control Panel.
- Click Uninstall a Program.
- Find NTSRV and click Uninstall.
Learn more about uninstallation of programs in Windows 7.
Windows 8/Windows 8.1:
- Open the Menu.
- Click Search.
- After that click Apps.
- Then Control Panel.
- Then as in Windows 7, click Uninstall a Program under Programs.
- Find NTSRV, select it and click Uninstall.
Learn more about uninstallation of programs in Windows 8 (8.1).
Windows 10:
- Click on the Start button (or press the Windows key) to open the Start menu, click on the Settings at the top.
- Click on App & features on the left menu.
- On the right side, locate NTSRV and click it, then click on the Uninstall button.
- Click on Uninstall to confirm.
Learn more about uninstallation of programs in Windows 10
Note: If you can’t find required program, sort programs by date in Control panel and search for last installed programs.
After that remove NTSRV from your browser.
Step 2: Remove NTSRV from browsers
Google Chrome:
- Open Google Chrome
- Push Alt + F.
- Click Tools.
- Choose Extensions.
- Find NTSRV.
- Click the trash can icon to remove it.
Learn more about removing extensions from Chrome.
Mozilla Firefox:
- Open Firefox.
- Push Shift + Ctrl + A.
- Choose NTSRV.
- Click Disable or Remove button.
Learn more about removing extensions from Firefox.
Internet Explorer:
- Open IE.
- Push Alt + T.
- Click Manage Add-ons.
- Select Toolbars and Extensions.
- Click Disable NTSRV.
- Click More information link in the left-bottom corner.
- Click Remove button.
- If this button is grayed out – perform alternative steps.
Learn more about removing extensions from IE.
Step 3: Remove following files and folders of NTSRV:
Remove following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_02012016134350_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_02012016134350_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NTSRV02012016134350_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NTSRV02012016134350_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NTSRV02012016134350_updater_service_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NTSRV02012016134350_updater_service_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29007E8C-251B-4F61-A70E-635847436476060287}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\data
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTSRV02012016134350
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTSRV02012016134350_updater_service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1\Parameters\Wdf
HKEY_CURRENT_USER\System\CurrentControlSet\Control\NetTrace\Session
Remove following files:
NTSRV02012016134350.exe
NTSRV02012016134350_updater_service.exe
netman.exe
Utils.dll
NetworkUtil.dll
WinDivert.dll
AppSettings.config
InstallationStatsUploder_02012016134350.exe
InstallUtil.exe
InstallUtil.InstallLog
msvcp110.dll
msvcr110.dll
NetworkUtil.dll
Newtonsoft.Json.dll
NTSRV02012016134350.exe
NTSRV02012016134350.InstallLog
NTSRV02012016134350.InstallState
NTSRV02012016134350_updater_service.exe
NTSRV02012016134350_updater_service.InstallLog
NTSRV02012016134350_updater_service.InstallState
Unins000.dat
unins000.exe
Utils.dll
WinDivert.dll
WinDivert6
defcert.pem
defcertkey.pem
dhparam2048.pem
mitmCA.pem
mitmCAder.crt
mitmCAprivkey.pem
msvcr110.dl
msvcr120.dll
msvcr120d.dll
netman.exe
WinDivert.dll
WinDivert64.sys
certutil.exe
freebl3.dll
libnspr4.dll
libplc4.dll
libplds4.dll
msvcr100.dll
msvcr110.dll
nss3.dl
nssckbi.dll
nssdbm3.dll
nssutil3.dll
smime3.dll
softokn3.dll
sqlite3.dll
ssl3.dll
Remove following folders
\Windows\NTSRV_02012016134350\