[SOLVED] Sality Virus

[Knightmare]

Okay, here is an update: My computer seems to be working okay. I have a tracking cookie that's following me but I'll run SUPERAntiSpyware to remove it when I get home. I ran the AVG Sality Removal tool and it said that I have two corrupt files in my winsxs\Backup folder. Does anyone know if these files can be repaired with the Windows CD? I ran MBR Regenerator but I don't know if that fixed the backup files or not.

[ASIO]

switch to avg antivirus .. or use Malwarebytes

that won't make him safer at all. Like someone said, use format, clean install of everything, if possible ofcourse, and use image tools to make backup image of whole systems (personally use acronis true image), it would be much easier and less time consuming if you have backup copy.

If not, good luck with sality, once I had it and only good options had to format hard disk...

I"m giving him suggestion to remove win sality virus .... My laptop was infected once and Avg repairs and delete win sality virus

Of course he should try everything before format, but many times users report that system cleaned by some tools are unstable and not working well after cleaning.

Please don't get me wrong because I didn't meant to offend you, your suggestion is definitelly worth to try but my experience (and many others) is not good with this virus.

Regards.

come on bro you didn't offend me ... cheers :)

[Knightmare]

switch to avg antivirus .. or use Malwarebytes

AVG? ... :uhuh:

[darko999]

Start using Emsisoft Anti Malware v7 plus some third party firewall like Comodo Firewall and you won't get infected ever!

[dcs18]

Attempting to remedy a situation where the system has been infected is a waste of time and it's important to recognize that the malwares of today have the ability to lie dormant awhile before resurfacing again to wreak havoc. An easier and less time consuming method is to get back the system to preventive mode.

[unknownasphyxiated]

I have two corrupt files in my winsxs\Backup folder. Does anyone know if these files can be repaired with the Windows CD? I ran MBR Regenerator but I don't know if that fixed the backup files or not.

if the file not important then no need to worry about it..try google their name so you can know their function

mbr regenerator work same as sfc /scannow and it use file from winsxs folder

if the corrupted file are older version of the file,then no need to worry about it

[Knightmare]

Is it possible for a virus to run from a rar file by itself?

[G-hot]

AVG? ... :uhuh:

Dr.Web CureIt!® & Kaspersky Virus Removal Tool is the best 2 free- malwares/spywares-killers tools

http://vrt-com.webno...s-removal-tool/

http://vrt-com.webno...-web-cureit-R-/

[unknownasphyxiated]

Is it possible for a virus to run from a rar file by itself?

i don't think it is possible

[Knightmare]

Is it possible for a virus to run from a rar file by itself?

i don't think it is possible

Well if not, then the virus came from this program because this was the program that I executed before the virus. Just posting if anyone wants to try it on a VM.

Also when I used MBR Regenerator, my .key files for Process Lasso and WinRAR turned into .reg files. Is there a way to change them back to .key files?

[unknownasphyxiated]

not for me

i download it,extract and use it to extract a file

upload to virustotal

got no problem

virustotal 0/43

[Knightmare]

not for me

i download it,extract and use it to extract a file

upload to virustotal

got no problem

virustotal 0/43

Well the only other thing it could be is a rar file that I downloaded, unless the virus was waiting on a site and it got by DNT+, Adblock Plus, and NoScript.

[dcs18]

I think it's time to make changes to the topic "ESET IS DELETING EVERYTHING!"

[Knightmare]

Another program that I used before the virus was Virus Total Scanner 2.1 if anyone wants to give that a shot. I only installed it to fix an error in 2.0 then I immediately uninstalled it.

[Lucent]

You should give a try using ComboFix, it cleans most of the rootkits out in the wild, including the nasty TDSS/Alureon :P

Make sure to have some kind of partition manager, even GParted should suffice for the task, obviously if that thing modifies your MBR or active partition!

[Knightmare]

You should give a try using ComboFix, it cleans most of the rootkits out in the wild, including the nasty TDSS/Alureon :P

Make sure to have some kind of partition manager, even GParted should suffice for the task, obviously if that thing modifies your MBR or active partition!

The virus problem is solved, now I want to figure out what caused it.

[november_ra1n]

The virus problem is solved, now I want to figure out what caused it.

I think it is time to give a kiss to father Kaspersky! Do you think?

[Knightmare]

The virus problem is solved, now I want to figure out what caused it.

I think it is time to give a kiss to father Kaspersky! Do you think?

Yes, whatever that means.

[sanjoa]

Somebody seems hell-bent on breaking sanjoa's track record. :naughty:

What are you talkin about?

[Bergo]

Use Gdata! :)

[ZarkoZarce]

I downloaded Virus Total Scanner 2.1 and ESET Smart Security 5 firewall found him as a win32 sality virus NBA :rolleyes:

[DKT27]

BINGO. We have our scumbag. :D

It is, indeed, Virus Total Scanner 2.1. ;)

I don't know why you guys use that. All you need is this, official, free, and easy. :)

[Knightmare]

Here's a confirmation from the developers:

[MAXS]

You should give a try using ComboFix, it cleans most of the rootkits out in the wild, including the nasty TDSS/Alureon :P

Make sure to have some kind of partition manager, even GParted should suffice for the task, obviously if that thing modifies your MBR or active partition!

ComboFix is unable to cure Sality and other file infectors such as Virut, Parite, Jeefo, Ramnit. There were the cases when ComboFix was able to clean this infection, but Sality was present without restarting the computer, so it was unable to spread.

I haven't heard that any tool inside Windows can cure this infection, and beleive me, I am doing this job for couple of years. AV's are helpless. Maybe to try with Dr. Web inside Safe Mode, but there are no guarentee that this will work.

Infection can surely be removed by some Live CD, I removed it couple of times with Kaspersky Rescue CD. Avast Boot Scan could remove it in some cases, but in my case, avast failed.

[MAXS]

Is it possible for a virus to run from a rar file by itself?

It's not possible

How u solved the problem?