System infected with a Virus

[vasujain]

I am using an AV "nod32 v3 Full Version"
and since last 3-4 years i hadnt ever had any virus attack on my pc/lapy.
few days ago i used flashdrive of a friend ofmine for formating and since then my lapy catched a virus from it.

Exactly what it did was

all folders in my data drives (g h) were hidden and i could see them only when i unchecked "show operating system files " in folder options.

still i coudnt make them visible folders.

on later research i found each folder has a msocache folder with 5 files. "e,g,ghost.mp3,,ghost2.bmp"
i deleted them all but still not able to restore my pc back to health.
also tried using latest update and versions of nod32,avast,winsword to get rid of that but no relief.

 

[TechOutsider]

Looks like a joke application.

Malwarebytes Anti-Malware - Free software downloads and reviews - CNET Download.com

 

[vasujain]

it looks like but it aint.....i have searched about this on net and found it to be win32.sality

and what about my all folders getting hidden...i have no way to restore them back

 

[Uber Philf]

McAfee Threat Center see if this lil utility can give you a hand.

 

[vasujain]

no use yet...the problem persists...

 

[mxosder16]

Maybe try this?

Download Win32/Sality Remover 1.1.0.153 - A useful tool for deleting the Win32/Sality virus from your computer - Softpedia

 

[Mercurial]

or just update eset to v4

theres been ton of module updates with eset v4 and It should be able to remove infection.

eset 3 was good but not as good as v4 ;P


but theres nothing you can do with the damage(hidden files)

just make sure you don't get infected next time


more info of the virus.

Eset - Win32/Sality.NAR
http://www.eset.eu/buxus/generate_page.php?page_id=20180
http://www.eset.sk/encyclopaedia/sality_naj_virus_sality_q_sality_x_sality_u?lng=en

ps: eset has detected this virus since 2008 so if you were updated you should not be infected

though I don't think sality does what your description says lol O.O;

 

[RST101]

Or just format and say goodbye forever!

 

[vasujain]

if sality doesnt do what i have been telling then which virus is this....
i tried eset v4 too...and i hv latest definitions of my eset still the virus came..although all new folders i m having are not hidden like dat....

 

[maccik]

Try Norton Internet Security 2009 ...

 

[vasujain]

i have tried a variety of av and security solutions...let me try norton as well...

 

[Jacee]

This infection is a password stealer. Your "critical" identity is being harvested and sent to another domain.
Please read this article:
Win32/Sality Family - CA

Since you are Beta testing Win7, my advice would be to do a clean install of the OS.
****Before you do that tho', find a known clean computer, and change all your passwords. If you have used any online banking or credit cards with the infected computer, be sure to notify your bank.

 

[I2aMpAnT]

To be honest with you, I'd be more concerned of the fact that you "catched" a virus, I'll pray for you meng

 

[vasujain]

This infection is a password stealer. Your "critical" identity is being harvested and sent to another domain.
Please read this article:
Win32/Sality Family - CA

Since you are Beta testing Win7, my advice would be to do a clean install of the OS.
****Before you do that tho', find a known clean computer, and change all your passwords. If you have used any online banking or credit cards with the infected computer, be sure to notify your bank.

i am not even sure if it is the one...this virus goes undetected throughout all the antiviruses i have tried mcafee norton avast stinger truesword etc....

i cn do the formatting but hw can i know this is the win32.sality

i came 2 know it is win32.sality coz when i googled the keywords in the ghost2.bmp i found a site mentioning it 2 b win32.sality

my symptoms are the unique one.

and can u please telll more symptoms of win32,sality?
and do teme if there is any possible way 2 revert the changes back...hidden folders to normal

 

[edrik]

- Which operating system does your laptop run on ?



»Download and install Malwarebytes Anti-Malware and run it on safe mode.

»Run a full system scan, after it has finished scanning remove all infections when prompted.

»Boot windows normal mode.

 

[vasujain]

here is the screenshot which explains the problem deeper...and i am using windows 7 Rc

 

[vasujain]

- Which operating system does your laptop run on ?



»Download and install Malwarebytes Anti-Malware and run it on safe mode.

»Run a full system scan, after it has finished scanning remove all infections when prompted.

»Boot windows normal mode.

i hv done that as wll also i hv run a boot time scan by avast...but still now i hvnt found anything of much help

 

[edrik]

I don't know if this still works with windows seven but try to run Trend Micro HijackThis to know those unwanted apps

or try Kaspersky Anti-Virus or Kaspersky Internet Security, it ranks as one of the best AV's out there and it has a 30-day trial. Try installing it see if it could remove the "virus"

or run an Online Virus Scan on their website.
(I don't think it supports Mozilla Firefox so use Internet Explorer instead)

 

[vasujain]

ohk i wud try that too...any clue about the symptoms i told...and hv u checked out the screenshot that gives detailed description of my problem

 

[edrik]

I'm sorry but I haven't encountered anything like that one before.