Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Sality Virus if can't boot into Safe Mode


  • Please log in to reply
7 replies to this topic

#1 Arsrph09

Arsrph09

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 March 2014 - 04:58 AM

Hi, I'm a bit new here so I decided on making a new thread here. I am using Windows XP Professional SP2 with an antivirus of Avast Free and MBAM Pro(MalwareBytes Anti-Malware))(both highlighted each other on whitelist to remove conflict). Recently I have been experiencing sluggish booting and response rate from my desktop. Then after some time, everytime I open an application, the .exe file got deleted by Avast saying it's affected by Sality. I tried scanning with Avast and found these malwares: Sality on almost all of my apps, 3 types of trojan (dropper, firewall disabler, and I can't recall the other one). I tried cleaning them but after a restart everything is still affected. I tried scanning and cleaning with MBAM and got the same results.

 

Now, my MBAM notifies me that it blocks an outgoing connection to an a potentially malicious website (multiple ip's) and it blocks a nosmin.sys sality, and deletes trojan from the TEMP folder.

 

I tried booting to Safemode but any of the 3 types just won't continue, it would just reboot to normal boot. I also don't have access to a recovery CD since I already lost mine a few months ago so I can't fix it.

 

I also have autorun virus that work when I connect a USB stick to my desktop but sometimes it didn't affect the USB sticks.

 

Hope someone could help me on this. Thanks!

 

PS: I can't reformat my disk since most my apps installers are already lost.


Edited by hamluis, 31 March 2014 - 08:26 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 31 March 2014 - 11:10 AM

Welcome aboard p22002758.gif

 

Unfortunately Sality is not curable.

 

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
    *.exe
    *.scr
    *.htm
    *.html
    *.xml
    *.zip
    *.rar
    *.doc
    *.jpg
    *.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP  Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:37 AM

Posted 31 March 2014 - 11:13 AM

ooops


Edited by dc3, 31 March 2014 - 11:14 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Arsrph09

Arsrph09
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 March 2014 - 10:03 PM

Well that's a hard news. No other methods? Even with attaching my hard disk to another computer as an external storage to remove it won't do? Also, most of the files I have still works except that when I activate my Antivir which actually deletes them. I have also tried to copy a few of my .exe files onto my laptop via USB storage and it worked cleanly without my antivir detecting any virus of some sort. (Laptop Anti-virus are MBAM, MSE, USB Disk Security) If this could change anything? Total reformat would only be my last resort since as I have said on my previous post. Most of my apps'  installers are already lost, and now even the .doc files shall be removed which bothers me since its the number 1 type of files I want to recover more than anything else. Thanks for the help anyway.



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 31 March 2014 - 10:15 PM

Unfortunately It'll be unwise from me to give you some other advice than what I posted above.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Arsrph09

Arsrph09
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 March 2014 - 10:19 PM

Okay thanks for the help!



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 31 March 2014 - 10:20 PM

I understand it sucks but it is what it is :(


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Arsrph09

Arsrph09
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 March 2014 - 10:34 PM

It really sucks but I guess I have no choice, by the way, my drive has been partitioned. Do I also need to delete everything on that partition too when I do a reformat?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users