Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Brontok@mm and Sality.AT infection


  • Please log in to reply
7 replies to this topic

#1 goofyrp

goofyrp

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 December 2014 - 11:30 PM

My son's computer has become quite infected.  Just ran a Microsoft Security Essentials full scan and found both Worm:Brontok@mm and Virus:Win32/Sality.AT.  How should I proceed in eradicating these pests?



BC AdBot (Login to Remove)

 


#2 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 December 2014 - 11:32 PM

Another symptom: I cannot uninstall or install anything at the moment.  Not 100% sure while but expect it's related to the issue.



#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 05 December 2014 - 11:47 PM

Very bad news I am afraid....

 

Please read quietman7's (Global Moderator) posts in THIS topic.

 

If You need further help with reformatting etc , there are plenty of people here to guide you through that, as wel as the excellent tutorials that quietman7 has linked to.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 AM

Posted 06 December 2014 - 08:26 AM

Hmmm...I would differ, doesn't appear to be the same threat, IMO.

 

See http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Virus:Win32/Sality.AT .

 

More Info On Named Threat

 

Louis



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 06 December 2014 - 10:41 AM

The Microsoft information is somewhat ambiguous but does indicate it spreads by infecting Windows files

Win32/Sality.AT is a variant of the Sality family of viruses which includes the functionality to download more malicious files and compromise a computer as well as infecting executables.

Win32.Sality.NAO is a variant detected by Kaspersky...Win32.Sality.OG is a variant detected by Bitdefender...W32/Sality-AM is another variant detected by Sophos.

This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 goofyrp

goofyrp
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 06 December 2014 - 11:02 AM

Does the recommendation still stand that we reformat and reinstall?

 

The system is a Mac running Bootcamp for its Windows.  Any special instructions for this sort of infection?  Will I need to wipe out the Mac as well?

 

-Rick



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 06 December 2014 - 11:28 AM

Does the recommendation still stand that we reformat and reinstall?

IMO that is the best course of action for the Windows OS...I know very little about a Mac so you will need those familiar to make that recommendation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:47 AM

Posted 07 December 2014 - 07:27 AM

From the Web: Boot Camp: Remove Windows from your Mac   Last Modified: Jun 10, 2014

A bit more info...Remove Boot Camp Partition Mac - How to - Macworld UK


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users