Jump to content

[SOLVED] Sality Virus


Knightmare

Recommended Posts

Here's a confirmation from the developers:

Posted Image

I like your banana,but i ask myself, are you some SecurityXploded malware promoter or just victim
Link to comment
Share on other sites


  • Replies 63
  • Views 5.8k
  • Created
  • Last Reply

ComboFix is unable to cure Sality and other file infectors such as Virut, Parite, Jeefo, Ramnit. There were the cases when ComboFix was able to clean this infection, but Sality was present without restarting the computer, so it was unable to spread.

I haven't heard that any tool inside Windows can cure this infection, and beleive me, I am doing this job for couple of years. AV's are helpless. Maybe to try with Dr. Web inside Safe Mode, but there are no guarentee that this will work.

Infection can surely be removed by some Live CD, I removed it couple of times with Kaspersky Rescue CD. Avast Boot Scan could remove it in some cases, but in my case, avast failed.

Oh, I see. It seems that this nasty piece of code can inject itself on any executable, thus rendering all the solutions over online/working installs useless.

Link to comment
Share on other sites


Is it possible for a virus to run from a rar file by itself?

It's not possible

How u solved the problem?

I just used ESET to solve my issue. It removed the virus from the system. But Kaspersky and AVG have sality removal tools that can be used.

Here's a confirmation from the developers:

Posted Image

I like your banana,but i ask myself, are you some SecurityXploded malware promoter or just victim
I'm not trying to promote anything. I'm angry that I got a virus from these people. Nope, just a victim.
Link to comment
Share on other sites


ComboFix is unable to cure Sality and other file infectors such as Virut, Parite, Jeefo, Ramnit. There were the cases when ComboFix was able to clean this infection, but Sality was present without restarting the computer, so it was unable to spread.

I haven't heard that any tool inside Windows can cure this infection, and beleive me, I am doing this job for couple of years. AV's are helpless. Maybe to try with Dr. Web inside Safe Mode, but there are no guarentee that this will work.

Infection can surely be removed by some Live CD, I removed it couple of times with Kaspersky Rescue CD. Avast Boot Scan could remove it in some cases, but in my case, avast failed.

Oh, I see. It seems that this nasty piece of code can inject itself on any executable, thus rendering all the solutions over online/working installs useless.

Correct, it injects it's own piece of code into every file that has .exe or .scr extension.

@Knightmare

Can you access Task Manager?

Link to comment
Share on other sites


@Knightmare

Can you access Task Manager?

I didn't get a chance to try it. I installed the program, then immediately uninstalled it to remove an error in version 2.0. As soon as I uninstalled it, I didn't get a chance to do anything before ESET started fixing the virus. So I have no idea if you can use the task manager. I would love to test the virus in a VM though.
Link to comment
Share on other sites


Somebody seems hell-bent on breaking sanjoa's track record. :naughty:

What are you talkin about?

You don't know what he's talking about? :o :lol:

Cheers ;)

Link to comment
Share on other sites


@Knightmare

Can you now access TM?

P.S. I PM-ed you virus.win32.sality.bh :D

I'll test it once I get a VM created.
Link to comment
Share on other sites


  • Administrator

I just used ESET to solve my issue. It removed the virus from the system.

And this is why, my friends, you need a AV, or more importantly, a layered security. One downloads from a trusted website, but still get infection. Sure enough, this might have got though ESET, but some other day, some other AV, this virus would have had been blocked immediately.

Again, brain matters a lot, but in this case, AV is more important. Cause malware can come from anywhere.

Link to comment
Share on other sites


Or MCShield... :P

Sality is still wide spread, and it's constancy is consequence that it is really easy to spread via removable drives.

Link to comment
Share on other sites


  • Administrator

This is why you use your brain! Or Sandboxie. Or Shadow Defender.... :P

I don't think one can make proper use of software like Virus Total Scanner by running it in Sandboxie.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...