Seems like it. In other viruses (and I'm sure the NSA does this too), your system might actually be scanned for other known viruses and removed. In the NSA's case, these could be enemy threat actors.
It used to be standard operating practice as an attacker to close the holes through which you yourself gained access to prevent others from taking your prize.
Ironically the most secure and cheapest thing a company could do was get compromised by a competent attacker who only wanted to launder small amounts of data or CPU cycles through your network, and in exchange keeps your servers all patched and up to date for you to keep out other attackers.
