1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[Not curable - Sality] Win32/Sality.V & Win32/Sality.W

Discussion in 'Malware and Virus Removal Archive' started by CrimsonEdge, 2009/11/09.

  1. 2009/11/09
    CrimsonEdge

    CrimsonEdge Inactive Thread Starter

    Joined:
    2009/11/09
    Messages:
    1
    Likes Received:
    0
    So, my PC is infected with both Sality.v and Sality.W. I've done some research on the virus and I believe that they're both in fact the same virus with different names.

    A ton of exe's are infected, Task Manager and regedit are disabled (usual symptoms?). I re-installed Windows XP SP2 recently, without formatting the hard disk. I've been forced to do a complete system format (hard disk + OS) because of this virus once before so now I'm looking to cure it.

    I've currently running a licensed version of AVG9 and it managed to cure most of the exe's but there are certain files for which it says "reboot required to finish action ". I've rebooted and re-scanned my system multiple times but the same files keep coming up again. Another matter which I think is related is that even when not in use my internet connection keeps sending and receiving packets.

    If any logs etc. are required, let me know and I'll post them.

    Thanks.
     
    CrimsonEdge,
    #1
  2. 2009/11/09
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2009/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unfortunately, Sality virus is not curable :(

    You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
    *.exe
    *.scr
    *.htm
    *.html
    *.xml
    *.zip
    *.rar
    *.doc
    *.jpg
    *.pdf

    Backup all your documents and important items only.
    DO NOT backup any files mentioned above.

    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

    For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

    To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

    Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

    To find out more information about how you may have got infected in the first place, you can read this article.

    I am sorry I cannot give any better news.
     
    broni,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...