Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: My friend is having a Virus issue - Win32/Sality

24 Aug 2012   #1

Windows 7 Home Premium x64 Service Pack 1
My friend is having a Virus issue - Win32/Sality


My friend has had this virus that he feels is taking control of his computer. Here's his message.

Hello, I have some kind of a problem with my computer. Which is, theres a virus in my computer and its called 'Win32/Sality'. As I see, it injects every exe files in a minute. And hides some of them, and even deletes some of them. I tried to use Combofix, it couldn't solved it but it gave me a report of the problems in my pc, thats when I find out I got the Sality virus. I tried to download some antiviruses, but this virus automatically ignores them, so I can't work any antivirus. I try to work my computer in safe mode but when I try that, the computer reboots itself automatically. When I google the viruses name (Sality) it closes the web page. When I search the .exe files in my computer, I see %60 of them are already injected. So yeah, I'm kinda stuck. I can't do anything, I am like just watching 0this virus taking over my computer. What I should do?
Anyone know a way to solve this Virus?


My System SpecsSystem Spec
25 Aug 2012   #2

32 bit

Download Farbar Recovery Scan Tool

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:[list]
  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive
The tool will start to run
When the tool opens click Yes to disclaimer
Press Scan button
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
My System SpecsSystem Spec
25 Aug 2012   #3

Windows 7 Home Premium x64 Service Pack 1

Also, he is using a Windows XP computer. Just an FYI. Anyways I'll tell him about the post. Until he tries this I will take any other suggestions please!
My System SpecsSystem Spec

25 Aug 2012   #4

32 bit

If he has XP,then Farbar tool cannot be used in recovery mode

I need to see the Combofix log

Download and run OTL

Download by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
My System SpecsSystem Spec
25 Aug 2012   #5

Windows 7 Home Premium x64 Service Pack 1

Alright. Thanks. i'll let him know.
My System SpecsSystem Spec

 My friend is having a Virus issue - Win32/Sality

Thread Tools

Similar help and support threads
Thread Forum
How do I know if I actually have the Win32/Small.CA virus?
Hi hi all and thanks in advance for taking the time to read this. I hope I can get some help with this as well as help persons who also need help with this. I had posted this same message on but to no avail, I got no responses so I hope SevenForums can be more help. So Friday I...
System Security
Yet another with Win32/Small.CA virus detected
I keep getting the annoying message to remove the Win32/Small.CA virus in the message centre, but if I click on the link given, my computer goes off and sulks and never seems to find the message. I've run Malwarebytes, BitDefender and before I changed to BitDefender Total Security, I had and ran...
System Security
Win32/Small.CA virus removal
Hi Can anyone help me get rid of this virus? Windows Action centre is telling me I have the Win32/Small.CA virus and it stopped my PC working on the 19th June. Since then I have run various antivirus software (Sophos, Malwarebytes, Microsoft security scanner) but none of them have found...
System Security
win32/Small.CA virus
A little background info. Afew days ago I installed Easy Burner prog. from Soft Pedia in error and uninstalled it but parts of it did not uninstall. Did afew sys. restores, then PC wouldn't shut down & had to use power button to be able to restart again. Then Windows said that it detected a...
System Security
How do I get ride of the Win32/Adware.RK.Ak virus
Hi all dont know if any one can help me or not but it seems i have some new unwanted visitors on my laptop. i have a virus called Win32/Adware.RK.Ak. I ran my windows essentals and it never picked it up but I am now running ESET online scanner and its picked up the adware virus on my laptop :(...
System Security
Help!! Annoying 'Win32 malware-gen' virus
I keep on getting a virus with this name in the C:\Windows\Temp\* folder where * keeps on changing to a new folder. The file is named 'svchost.exe' and keeps on popping up exactly every 5 minutes. However, my antivirus seems to detect it and remove it but the problem still persists every 5 minutes....
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:21.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App