Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: SAL.xls.exe virus and resulting damage

01 Feb 2010   #11
Tews

64-bit Windows 8.1 Pro
 
 

Try taking ownership of the folder and see if that helps...

Take Ownership Shortcut


My System SpecsSystem Spec
.
02 Feb 2010   #12
bw587

Windows 7
 
 

No Did not work. Can delete $Recycle but System Volume Information brings it back. Cant delete System Volume Information
My System SpecsSystem Spec
02 Feb 2010   #13
Dinesh

Windows® 8 Pro (64-bit)
 
 

Did you follow my advice?
My System SpecsSystem Spec
.

02 Feb 2010   #14
bw587

Windows 7
 
 

Hi Dinesh

Hitman Pro could not be run as it could not gain a internet connection. Dont know why as I am internet at same time and internet connection is good. Have noticed other malware and anti-virus programs can not access internet for updates. Could this be related??????? to problem with system volume information and $Recycle.bin.
My System SpecsSystem Spec
02 Feb 2010   #15
jav

Windows 7 Ultimate x86 SP1
 
 

Login in Safe mode.
Take ownership of the folder.
Grant full control to your current account.
And try to delete.

It may take a few tries. You may have to take ownership of several folders and grant Full control access.

Or, even better if you will try the same method with Built-in Admin (Built-in Administrator Account - Enable or Disable)

Any chance, that reinstall is the choice? (Believe me it will be a lot less trouble)

And have you done this?
Quote   Quote: Originally Posted by Jaxryley View Post
The System Volume Information stores system restore points and is undeletable.

If any or all restore points have an infection it may be best to turn of system restore and delete all restore points through Disk Cleanup - More options then when you are clean turn system restore back on and create a new restore point.
Quote   Quote: Originally Posted by bw587 View Post
Hi Dinesh

Hitman Pro could not be run as it could not gain a internet connection. Dont know why as I am internet at same time and internet connection is good. Have noticed other malware and anti-virus programs can not access internet for updates. Could this be related??????? to problem with system volume information and $Recycle.bin.
In my opinion you have more then just this infection.
maybe you will post Hijack log?
My System SpecsSystem Spec
02 Feb 2010   #16
bw587

Windows 7
 
 

I have now tried renaming the folders and deleting them. I can rename them and when I do they disappear.

So it appears successful, however when you reopen the drive the folders reappear again with their original names.

There is obviously a hidden file or something that is controlling them and reinstalling the folders and files.


When I delete the $recycle.bin folder it mentiones desktop.ini files contained in the folder will be deleted as well. These are reinstated when the folder is reinstalled.

When I search programs and files I find one desktop.ini file with the following text

[LocalisedFileNames]
pinned .lnk=@c:\windows\system32\shell32.dll, -4161

Other copies of desktop.ini are hidden in folder and do not appear when I search.
hijackthis.log

AdAware Log 02-02-2010.txt


My System SpecsSystem Spec
02 Feb 2010   #17
Jaxryley

 
 

Quote   Quote: Originally Posted by bw587 View Post
Hitman Pro could not be run as it could not gain a internet connection. Dont know why as I am internet at same time and internet connection is good. Have noticed other malware and anti-virus programs can not access internet for updates. Could this be related??????? to problem with system volume information and $Recycle.bin.
Those update sites for the security apps could be blocked by "Hosts" file entries.

Scroll down to "How do I reset the hosts file back to the default?"
Updating the HOSTS file in Windows 7 - Windows Forums

Also check Internet Options - Connections - Lan settings - untick use a proxy server and tick "Automatically detect settings"

Ya gonna have to get a scan down with an updated Malwarebytes and Hitman Pro as it will be too tedious trying to clean it up manually especially if it's an autorun worm.
My System SpecsSystem Spec
03 Feb 2010   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
04 Feb 2010   #19
bw587

Windows 7
 
 

Thanks Jacee

I have the sal.xls.exe. I read the information about it and it is also called recycler virus.

I can see the System Volume Information folder and a $recycle.bin folder but not the Recycler folder.

I would like to know how to see all hidden files in Windows 7 so these appear with the file inside them.

I found the ctfmon.exe file but cant delete it as "I need permission from TrustedInstaller". This is a new user that has been created and I cant delete the files.

Any idea on how to delete them?
My System SpecsSystem Spec
04 Feb 2010   #20
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Because "Virut" was shown by Sophos, this is a nasty Trojan ------

You're not only dealing with Virut but you are also dealing with a lot of other malware as well.
What I suggest in your case is to format and reinstall Windows. This because, Virut is a file infector which infects every .exe present on your system. The problem with Virut is, this is a buggy file infector and that's why scanners cannot disinfect them properly either > result > files are corrupted, won't work anymore.
And as I already explained, Virut infects every .exe.

This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.

This unfortunately means that this is a game over situation and there's nothing much you can do besides formatting and reinstalling Windows.
Don't backup your files either, because when you backup exe files, they are also infected. You can however backup pictures and documents.


Look at the instructions on this page HM2K.com Win32 Virtob/Virut removal

It's up to you how you decide to work with this infection.
My System SpecsSystem Spec
Reply

 SAL.xls.exe virus and resulting damage




Thread Tools




Similar help and support threads
Thread Forum
Heat Damage or Virus?
I have been struggling with my HP Pavillion DV7 laptop for about 2 weeks. Over that course of time i have did a system recovery several times to no avail. I have tried many virus softwares and nothing. What happens? At some time in point after windows loads up, could be hours of use or a few...
General Discussion
Got rid of a virus, but need to undo some damage
I contracted the "system cleaner" ransomware, probably due to having java plugin enabled in firefox. I think i've gotten it off of my system now by hard-deleting the files in safe mode while logged in as administrator. However, I am unable to login my other user profile that I was logged in...
System Security
can virus damage pc hardwares
if my pc has a virus not only os but can it malfunction my hardware or even damage it
Hardware & Devices
How to fix damage done by virus
Currently i removed virus's my brothers computer and have checked thoroughly using three types of Antivirus Avira run in: (safe mode and normal mode) Malewarebytes run in: (safe mode) MSERT run in: (normal mode) So i think i have cleared the trojans and adware that infected...
System Security
BSOD resulting in a slow startup.
Hello everyone, before I continue I'd like to thank you all for your attention. Recently I was playing a newly installed game called Battlefield 3 (which most of you might be familiar with), it's a rather demanding game but I figured I had a PC that could live up to the requirements. I had a...
BSOD Help and Support
Help with Virus Damage
Hi Recently a virus managed to get onto my computer. My anti virus detected and stoped it, but not before it did some damage. I quickly deleted the virus, which may not have been the best move, since I now don't know which virus it was. While I believe I've gotten rid of the virus and all...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 22:26.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App