Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Limited access to drive C + Win32.Sality


  • Please log in to reply
1 reply to this topic

#1 maker2807

maker2807

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 13 March 2011 - 05:14 AM

I am new to this forum so hello to everyone. I have the following problem:

Yesterday, my AV (Eset NOD 32) detected Win32.Sality NAM on my computer - it was infecting all .exe files.

I immediately rebooted in safe mode and downloaded some removal tools (stinger, rmslt from AVG, MBAM, SalityKiller) and ran them. Than I ran full NOD32 scan. Now tools tell that the computer is clean and everything seems fine except one thing.

Suddenly, I am unable to edit or create any file on drive C without administrator rights. I just have one account on my computer and it has administrator rights and I have UAC turned off.

Here is the example of the problem: I double-click on Word icon, then I open a document stored in C and it opens as read only (although in file permissions read-only is disabled). Or when I open notepad, create a new .txt and try to save it to C I get message like A required privilege is not held by the client. However, when I run notepad/Word as an administrator everything works.

I checked the drive permission and (compared to drive d) found nothing unusual. On google I found something about taking ownership but some people wrote it might damage the system if used incorrectly so I did not try it.

Can it be because of virus? Is my computer still infected? What should I do?
My OS: Fully updated Win7 x64 Ultimate.

Thank you very much for reply.

BC AdBot (Login to Remove)

 


#2 coles1mom

coles1mom

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:02 PM

Posted 13 March 2011 - 01:12 PM

Hi marker2807,

You need to read this http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

If it is indeed sality there is no way to clean it. Scan with Malwarebytes to start. http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users