Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/nsanti


  • Please log in to reply
15 replies to this topic

#1 dots

dots

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 28 December 2007 - 10:13 PM

hi,
at the outset i'll like to tell that i'm not a tech guy, so the way i might put my point across might be a bit laymannish so please excuse me for that
my comp seems to be infected with virus Win32/NSAnti, whenever i'm trying to open a drive in my comp (internal or external ) error message on my Antivirus flashes saying Virus detected in C:\DOCUME~1\LOCALS~!\Temp\gnsmo.dll virus found

I've tried scanning my system with AVG free Ed, Norton antivirus 2005, AVG antispyware, Spybot etc, bot the problem seems to be persisting.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 29 December 2007 - 12:59 AM

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file (sysclean.log) generated in the same folder where the scan is completed - C:\Sysclean.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dots

dots
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 29 December 2007 - 03:01 AM

Thanks for your prompt reply, will try as you have suggested and get back

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 29 December 2007 - 08:33 AM

Ok. Also let me know if you get any more error messages and if so, what they say.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 dots

dots
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 29 December 2007 - 11:23 PM

thanks a ton, i've managed to clean my system. Now the scan with AVG does not show any more error messages. Can you please suggest me some antivirus (prefferablt free ones) which help me to keep my system clean

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 30 December 2007 - 12:52 AM

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 dots

dots
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 30 December 2007 - 01:19 AM

thanks alot, found the info pretty useful, will put it in application

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 30 December 2007 - 08:00 AM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 dots

dots
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 30 December 2007 - 02:06 PM

hi there, there was another doubt, most of the viruses coming to my comp are through use of flash drives, i use my pen drive on common comp and prior to using in my system i do scan it with antivirus still at times i feel they are not detected is there any way to prevent virus spread through these pen drives.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 30 December 2007 - 04:42 PM

I recommend disabling the Autorun feature on USB and removable drives as a method of prevention.

The easiest way to disable Autorun on a specific drive is to download and use Tweak UI PowerToy.
  • After installation, launch Tweak UI, double-click on My Computer in the tree menu on the left, then click on AutoPlay > Drives. This will allow you to change the system settings for AutoPlay/autorun.
  • Uncheck the drives you want to disable AutoPlay on and click on Apply.
  • Next, click on the Types in the left tree. This allows you to control whether Autoplay is enabled for CD and DVD drives and removable drives. You may need to restart Tweak UI if it closes after step 2.
  • Uncheck the box to disable Autoplay for a particular type of drive.
  • Click Apply.
See "Disable Autorun/AutoPlay" for instructions with screenshots.
When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Always scan USB Flash Drives after they have been used in other computer systems, even your own. An easy way to do this is to download "ClamWin Portable", install it on your USB Flash Drive, update its definition files and perform a scan.

Another prevention measure you can use is to download Symantec's NoScript utility. Scroll down to the section "How to disable (or re-enable) the Windows Scripting Host" to find the link and follow the instructions. Noscript will disable the Windows Scripting Host and prevent VBScripts from running on your machine until you run the utility again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 dots

dots
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 January 2008 - 02:35 AM

hi there, my system again seem to have some problem, the command for show hidden files is not working, on changing the setting after clicking on apply and subsequently OK, when i check back the setting it is same as prior.


Most of the folders in my system are also showing some hidden files.
Please help

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:22 PM

Posted 02 January 2008 - 08:27 AM

Please download MsnCleaner.zip and save to you Desktop. In addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.
  • Extract (unzip) the file to your desktop. (click here if your not sure how to do this) but DO NOT use it yet.
  • Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Double-click MsnCleaner.exe to run the tool.
  • Click the "Analyze" button.
  • A report will be created after the scan and will be saved to C:\MsnCleaner.txt.
  • If it finds an infection, click the "Deleted" button.
  • Reboot normally and post the contents of MsnCleaner.txt in your next reply.
Let me know if your hidden file/folder option is working now.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 sonu41

sonu41

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 06 January 2008 - 11:03 PM

helllo my dear friend 'quietman7'
i do have t he same problem what dots have and i followed the procedure told by u still my problem is not rectified
my hidden folders are still undisplayed after using msn cleaner
moreover the virus is not still removed
when u press and drive i get an error message c:\document`1\nvsiva`1\locals`1\temp\d5acp.dll
can u please suggest me any other way

#14 sonu41

sonu41

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 January 2008 - 04:49 AM

no it didnt work

#15 sonu41

sonu41

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 January 2008 - 07:02 AM

please do reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users