[Pending] Win32.nsag.b

Nikita · 03-05-2007

Hello-
I must describe myself as a novice regarding computers, and I am glad that there is a place like this where I can learn. My ZoneAlarm Pro detected a virus called Win32.Nsag.b and said that it could not repair it. I found some information on this, and it was described as a trojan. How do I get rid of it and what is it doing to my PC? I have noticed that it has been running slower, and I am assuming that this is the reason. A friend recently gave me this computer and I am not sure if it was in it to begin with. It is a Dell Dimension XPS 450, and runs Windows 2000. I am afraid to open up my e-mail on my laptop for fear that I will infect it as well, in case thaty is how it got infected. Am I overreacting? Any suggestions? I am also running A-Squared Anti-Malware 2.1 with my ZoneAlarm Pro.
Thank you for your time-
Nikita

Rodents210 · 03-05-2007

Follow this:
http://www.pchelpforum.com/hijackthi...a-prework.html

And this, afterward:
http://www.pchelpforum.com/136073-post3.html

I would open my emails, but I wouldn't send anything with attachment files, just in case.

valis · 03-06-2007

Hi nikita, and welcome to PCHF. Definitely do what rodents suggested, that will leave you with two logs, one from AVG (be sure to choose 'quarantine' on everything it finds) and one for HijackThis. Please attach both of them to your next post so that we can parse the log and see what is running behind the scenes on your system.

Looking forward to your reply,

v

Rodents210 · 03-06-2007

Thanks, valis, glad to know I'm giving some help back, since I need so much of my own.

valis · 03-06-2007

it's all give and take here, chief.....there is literally not a day that goes by that I don't learn something here.....that's what is so great about it, is that being heavily involved (like on a daily basis involved) can REALLY increase your tech skills in a very short period of time. you don't have to post every day, just watch and learn. And when you get that first solution, you'll know it. Mine was helping someone get their audio back after sp2 blew out their drivers......haven't looked back since.

Nikita · 03-07-2007

I am sorry that it took so long for me to get back to you on this but I tried to follow those links and had a lot of trouble. I began by "showing all hidden files" and then I lost my ability to connect to the internet. I reset my DSL modem and wireless router, thinking maybe there was something wrong there, it didn't seem to be the problem. I finally gave up and went to bed. This morning I finally had the idea to reset my hidden files and then I was able to connect. Each time the computer tried, however, there was an error message that popped up saying that this page was not available on line, and would I like to connect? I had to go in and reset the LAN and then it worked. Could this be related? I am having more problems now trying to post this. I hit to post about 10 minutes ago and the bar is still running across the bottom. I am not sure if you will get this. I also "CTL, ALT, DLT" and the task manager says that the internet explorer is running but the top of my window says that I am offline... Wait! It has changed! Now I am connected and it is allowing me to post. It has taken about 20 minutes to complete this whole process and this is making me crazy...
Thanks!
Nikita

valis · 03-07-2007

no, the hidden files directions will have nothing to do with your internet connection, as that is just a way for you to view the files. Let's try one thing at a time.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Depending on how much cludge you have on your machine, it could run for a bit.....the longest I've seen it run was about 10 minutes, and it cleaned up over 3 gigs of space. If you could just let it sit and clean until done, and then let me know roughly how much space it cleared up (and I mean roughly; like 7 digits, 9 digits, etc), then we'll move on to step 2.

Thanks,

v

03-05-2007	#1
Nikita Bronze Member Join Date: Mar 2007 Posts: 3	[Pending] Win32.nsag.b Hello- I must describe myself as a novice regarding computers, and I am glad that there is a place like this where I can learn. My ZoneAlarm Pro detected a virus called Win32.Nsag.b and said that it could not repair it. I found some information on this, and it was described as a trojan. How do I get rid of it and what is it doing to my PC? I have noticed that it has been running slower, and I am assuming that this is the reason. A friend recently gave me this computer and I am not sure if it was in it to begin with. It is a Dell Dimension XPS 450, and runs Windows 2000. I am afraid to open up my e-mail on my laptop for fear that I will infect it as well, in case thaty is how it got infected. Am I overreacting? Any suggestions? I am also running A-Squared Anti-Malware 2.1 with my ZoneAlarm Pro. Thank you for your time- Nikita

03-06-2007	#3
valis Senior Security Analyst Join Date: Jan 2007 Location: texas, USA Posts: 2,677 PC Experience: PC Illiterate	Hi nikita, and welcome to PCHF. Definitely do what rodents suggested, that will leave you with two logs, one from AVG (be sure to choose 'quarantine' on everything it finds) and one for HijackThis. Please attach both of them to your next post so that we can parse the log and see what is running behind the scenes on your system. Looking forward to your reply, v __________________ PCHF Prework / PCHF Rules / AVG / ATF / Housecall / NTRegOpt /Everest / PCHF Protect Your PC / PCHF Postwork M.C.S.A. M.C.P - MS Server 2k3, Network Architecture "Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that." - Gary Kildall

03-06-2007	#5
valis Senior Security Analyst Join Date: Jan 2007 Location: texas, USA Posts: 2,677 PC Experience: PC Illiterate	it's all give and take here, chief.....there is literally not a day that goes by that I don't learn something here.....that's what is so great about it, is that being heavily involved (like on a daily basis involved) can REALLY increase your tech skills in a very short period of time. you don't have to post every day, just watch and learn. And when you get that first solution, you'll know it. Mine was helping someone get their audio back after sp2 blew out their drivers......haven't looked back since. __________________ PCHF Prework / PCHF Rules / AVG / ATF / Housecall / NTRegOpt /Everest / PCHF Protect Your PC / PCHF Postwork M.C.S.A. M.C.P - MS Server 2k3, Network Architecture "Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that." - Gary Kildall

03-07-2007	#7
valis Senior Security Analyst Join Date: Jan 2007 Location: texas, USA Posts: 2,677 PC Experience: PC Illiterate	no, the hidden files directions will have nothing to do with your internet connection, as that is just a way for you to view the files. Let's try one thing at a time. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Depending on how much cludge you have on your machine, it could run for a bit.....the longest I've seen it run was about 10 minutes, and it cleaned up over 3 gigs of space. If you could just let it sit and clean until done, and then let me know roughly how much space it cleared up (and I mean roughly; like 7 digits, 9 digits, etc), then we'll move on to step 2. Thanks, v __________________ PCHF Prework / PCHF Rules / AVG / ATF / Housecall / NTRegOpt /Everest / PCHF Protect Your PC / PCHF Postwork M.C.S.A. M.C.P - MS Server 2k3, Network Architecture "Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that." - Gary Kildall

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

03-05-2007	#2
Rodents210 Elite Member Join Date: Jan 2007 Location: Upstate NY, United States Posts: 1,046 PC Experience: Very Experienced	Follow this: http://www.pchelpforum.com/hijackthi...a-prework.html And this, afterward: http://www.pchelpforum.com/136073-post3.html I would open my emails, but I wouldn't send anything with attachment files, just in case.