Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Sality Infection on my PC


  • Please log in to reply
8 replies to this topic

#1 hulkbuster

hulkbuster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 July 2009 - 02:58 AM

Hello folks ,
this is my first post here ,,,,i just want to state i m quite going to go mad with this recent infection i h on my PC.

It started 4 days back,,,, u see i wanted to back up my HDD , by using Norton Ghost 14.After paying for the Recovery Disk, i thought of doing the restore. Last 2 days back i did the restore successfully , but it also showed VProConsole.exe (.Net Initialization error) when i tried to open Ghost. Now my Norton Ghost wont open. However that is not the major case.
i uninstalled, installed .Net framework, it kept poping the same message. i tried unistalling n installing Norton Ghost 14 , but same thing. Then i started opening Firefox , it took quite a while ,(i knew at that instant something was wrong) i could not open Symantec.com.
I thought of installing Avira AntiVir, but that too didn't open. Somehow by clicking 50 -60 time on Avira setup file i got it installed , then it showed a huge list of infected file , mainly .exe file (huge list) . It said this exe file has a code of W32.Sality Virus.
When i googled i found W32.Sality is a Malware n remains in stealth mode and it mainly infects exe files. Now it has infected all my exe files , so i think that is the reason for infection the VPRoConsole.exe of .Net Framework.
Internet has slowed down my whole PC has slowed down, right now i m trying TrueSword n Anti Virus plus , i m running them right now. Just to save my time i m posting this thread.
Just to post this thread i had to restart my pc twice because of this malware.
Can some please help me,,,,,
This Malware is really irritating......
After removing this Malware i want to format my pc n do a fresh Backup again..

Edited by hulkbuster, 13 July 2009 - 03:01 AM.


BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:28 AM

Posted 13 July 2009 - 08:03 AM

After removing this Malware i want to format my pc n do a fresh Backup again..


If you reformat the drive there is no reason to get rid of the malware first
You might also want to zero out the drive with something like Killdisk
http://www.killdisk.com/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 hulkbuster

hulkbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 14 July 2009 - 03:14 AM

After removing this Malware i want to format my pc n do a fresh Backup again..


If you reformat the drive there is no reason to get rid of the malware first
You might also want to zero out the drive with something like Killdisk
http://www.killdisk.com/


I used KillDisk the first time i ever did LLF , i dloaded the freeversion, this version only wrote 0's .
My HDD runtime was slow , i was horrified, like 1/3 rd of the normal speed was gone.
Then i used MHDD , that was decent , since i h a Seagate Useries 5 HDD , someone suggested to use Seatool.
Now my HDD runtime is good. It remove 0's n wrote 0's.

I dont know about the paid Professional KillDisk version would work like.

Has anyone tried out yet.....

#4 hulkbuster

hulkbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 14 July 2009 - 12:04 PM

Anyone have some idea about how to remove this W32 Sality Virus,,,,,
i would remain greatful:

==============================================

People u just dont know how ugly this virus is. :thumbsup:

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:28 AM

Posted 14 July 2009 - 12:23 PM

You did indicate that you are going to format the hard drive.

Formatting will wipe the drive of everything...good and evil.

Louis

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 14 July 2009 - 01:05 PM

Anyone have some idea about how to remove this W32 Sality Virus,,,,,
i would remain greatful:

==============================================

People u just dont know how ugly this virus is. :thumbsup:

Actually I do know how ugly it is. For Sality and Virut type viruses that infect executables, the recommendation by those in the know is to reformat your system because it really can't be fixed. As has already been suggested, it doesn't make sense to fix it if you are going to reformat anyway. So the sooner you get started, the sooner the ordeal will be over.

Backup your data--since the executables are infected you can't restore any images anyway, but your documents should be alright--databases and anything in plain text. You can always scan them again before restoring to the clean system to be sure and to put you mind at ease. Otherwise what is lost is lost and it's now time to move on. :flowers:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 hulkbuster

hulkbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 July 2009 - 06:42 AM

Actually I do know how ugly it is. For Sality and Virut type viruses that infect executables, the recommendation by those in the know is to reformat your system because it really can't be fixed. As has already been suggested, it doesn't make sense to fix it if you are going to reformat anyway. So the sooner you get started, the sooner the ordeal will be over.



Thnks a lot people for the feedback,,,
after this virus had infected my pc, i googled for an answer, some anti-virus n some scanners were recommended, but after using them nothing worked. so i did the restore,,,,,since i had made a fresh backup, i knew that 100% no virus could creep no more. Now i h installed Anti-vir :thumbsup: and prompts me anytime when "W32Sality" virus is detected.
Last time i had written some data on my DVD prior to LLF, Anti-Vir showed lots of w32sality traces on setup.exe files,( just double clicking is enough for this virus to spread thru the whole system) so i threw that DVD n now my System is clean :flowers:
Thnk u for letting me know , that this virus has no solution except format.

Edited by hulkbuster, 16 July 2009 - 06:42 AM.


#8 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:10:28 AM

Posted 20 July 2009 - 10:51 PM

Just a question. What security did you have on you computer when you got "W32Sality".

#9 hulkbuster

hulkbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 31 August 2009 - 02:52 AM

Just a question. What security did you have on you computer when you got "W32Sality".

To be honest, i had not installed Windows Defender, Avira Antivir, except the Windows Firewall was on. This Virus had infected when i did some internet Browsing on one sitting, for a stretch of 7 HRS.
Can't blame anyone, but myself, but now its ok, i h' my backup, Antivir & Defender. After installing Defender not even 1 Malware has infected my PC.Attached File  8_31_2009_12_48_51_AM.png   4.44KB   6 downloads :flowers:
Sometimes W32Sality do show up , after copying some stuffs frm my DVD , Avira pop up the warning. :thumbsup:

Edited by hulkbuster, 31 August 2009 - 03:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users