4 replies to this topic

[Ashish]

Hi,

My laptop seems to be infected with some virus (maybe W32.sality). My regedit and task Manager are disabled, and even when I enable them, it keeps getting disabled. All the folders on my USB drive appear as .exe when I do a directory listing using command prompt.
I have run Malwarebytes Anti-Malware and it detects 5 registry entries as malicious. But even when I remove them, it keeps coming back.
I have tried installing Avira and Avast, but the installation process gets terminated all on its own.
System Config

Any help would be greatly appreciated. I am attaching Malware and HijackThis log. Please help me to remove this virus.

System Config: Windows XP Home Edition SP3


Thanks,
Ashish

Attached Files

•  mbam_log_2009_04_29__22_52_22_.txt   1.51K   24 downloads
•  hijackthis_log.txt   9.58K   14 downloads

[miekiemoes]

Hi,

This looks like you are dealing with the Sality Virus. The easiest way to figure out is, try to install an Antivirus (since you don't have one) - if you can't install an Antivirus, then it's Sality or variant you're dealing with.
In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

[Ashish]

miekiemoes, on Apr 29 2009, 07:16 PM, said:

Hi,

This looks like you are dealing with the Sality Virus. The easiest way to figure out is, try to install an Antivirus (since you don't have one) - if you can't install an Antivirus, then it's Sality or variant you're dealing with.
In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Hi,

Thanks a lot for the response. I had another question regarding backing up the files on my hard disk. Whenever I plugin my USB and copy some folders, it gets infected as well. When I try to copy it to another machine (running McAfee), it detects the folders as .exe files infected with Sality and deletes it. Does this mean I've lost all my data?
I've searched on the net and seen some notes on Sality remover tools? Is that worth trying?

Thanks for your help

Ashish

[miekiemoes]

Quote

Thanks a lot for the response. I had another question regarding backing up the files on my hard disk. Whenever I plugin my USB and copy some folders, it gets infected as well. When I try to copy it to another machine (running McAfee), it detects the folders as .exe files infected with Sality and deletes it. Does this mean I've lost all my data?

Yes, unfortunately. It's a file infector and infects legitimate files.
Sality Removal tools won't help, because as I explained, and as in my link already, those files should be disinfected and not deleted, because legitimate files are infected here.
But since this is a buggy infector, it may misinfect files and because of that, scanners cannot disinfect them.

Please don't bother to try to manually clean this up with removal tools and scans, because it's a real waste of time.

[miekiemoes]

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.