Hello jawerez, when a computer, and especially a server is infected with Sality, there really is only one viable solution; isolate all computers, reimage any terminals, reformat any removable devices and reformat/reinstall the server.
Please see ThreatExpert's awareness of Win32.Sality
is a family of a polymorphic file infectors
which infects .exe, .scr files
, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS
About Sality Virus
As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.
If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately
to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised
. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router
, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Sality/Win32.Sector is not effectively disinfectable.
Your best option is to perform a full reformat as there is no guarantee this infection can be completely removed
. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted
and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read: