Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My friend is having a Virus issue - Win32/Sality


24 Aug 2012   #1

Windows 7 Home Premium x64 Service Pack 1
 
 
My friend is having a Virus issue - Win32/Sality

Hey,

My friend has had this virus that he feels is taking control of his computer. Here's his message.

Quote:
Hello, I have some kind of a problem with my computer. Which is, theres a virus in my computer and its called 'Win32/Sality'. As I see, it injects every exe files in a minute. And hides some of them, and even deletes some of them. I tried to use Combofix, it couldn't solved it but it gave me a report of the problems in my pc, thats when I find out I got the Sality virus. I tried to download some antiviruses, but this virus automatically ignores them, so I can't work any antivirus. I try to work my computer in safe mode but when I try that, the computer reboots itself automatically. When I google the viruses name (Sality) it closes the web page. When I search the .exe files in my computer, I see %60 of them are already injected. So yeah, I'm kinda stuck. I can't do anything, I am like just watching 0this virus taking over my computer. What I should do?
Anyone know a way to solve this Virus?

Regards,
-TPS

My System SpecsSystem Spec
.

25 Aug 2012   #2

32 bit
 
 

Download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/down...ery-scan-tool/

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:[list]
  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive
The tool will start to run
When the tool opens click Yes to disclaimer
Press Scan button
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
My System SpecsSystem Spec
25 Aug 2012   #3

Windows 7 Home Premium x64 Service Pack 1
 
 

Also, he is using a Windows XP computer. Just an FYI. Anyways I'll tell him about the post. Until he tries this I will take any other suggestions please!
My System SpecsSystem Spec
.


25 Aug 2012   #4

32 bit
 
 

If he has XP,then Farbar tool cannot be used in recovery mode

I need to see the Combofix log

Download and run OTL

Download http://oldtimer.geekstogo.com/OTL.exe by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
My System SpecsSystem Spec
25 Aug 2012   #5

Windows 7 Home Premium x64 Service Pack 1
 
 

Alright. Thanks. i'll let him know.
My System SpecsSystem Spec
Reply

 My friend is having a Virus issue - Win32/Sality




Thread Tools



Similar help and support threads for2: My friend is having a Virus issue - Win32/Sality
Thread Forum
Yet another with Win32/Small.CA virus detected System Security
Win32/Small.CA virus removal System Security
win32/Small.CA virus System Security
How do I get ride of the Win32/Adware.RK.Ak virus System Security
Help!! Annoying 'Win32 malware-gen' virus System Security
How to remove win32/bagle.gen!A virus? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:59 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33