My friend is having a Virus issue - Win32/Sality

Cyanide

New member
Member
VIP
Local time
5:41 AM
Messages
297
Hey,

My friend has had this virus that he feels is taking control of his computer. Here's his message.

Hello, I have some kind of a problem with my computer. Which is, theres a virus in my computer and its called 'Win32/Sality'. As I see, it injects every exe files in a minute. And hides some of them, and even deletes some of them. I tried to use Combofix, it couldn't solved it but it gave me a report of the problems in my pc, thats when I find out I got the Sality virus. I tried to download some antiviruses, but this virus automatically ignores them, so I can't work any antivirus. I try to work my computer in safe mode but when I try that, the computer reboots itself automatically. When I google the viruses name (Sality) it closes the web page. When I search the .exe files in my computer, I see %60 of them are already injected. So yeah, I'm kinda stuck. I can't do anything, I am like just watching 0this virus taking over my computer. What I should do?

Anyone know a way to solve this Virus?

Regards,
-TPS
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 Service Pack 1Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 C...6.00GB UsableIntel(R) HD Graphics Family
Computer Manufacturer/Model Number
HP Pavilon g7 Notebook PC
OS
Windows 7 Home Premium x64 Service Pack 1
CPU
Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 CPUs) ~ 2.3GHZ
Motherboard
Hewlwtt-Packard
Memory
6.00GB Usable
Graphics Card(s)
Intel(R) HD Graphics Family
Sound Card
(1)IDT High Definition Audio CODEC (2)Intel(R) Display Audio
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1600 x 900 x 32-bits @ 60 Hz
Hard Drives
Local Disk (C:)
Recovery (D:)
Local Disk (Q:)
Seagate GoFlex 1TB Desktop Hardrive (External)
Other Info
Logitech m325 Blue Wireless mouse.
Download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
    Select Command Prompt
    In the command window type in notepad and press Enter
    The notepad opens. Under File menu select Open
    Select "Computer" and find your flash drive letter and close the notepad
    In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive
    The tool will start to run
    When the tool opens click Yes to disclaimer
    Press Scan button
    It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Also, he is using a Windows XP computer. Just an FYI. Anyways I'll tell him about the post. Until he tries this I will take any other suggestions please!
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 Service Pack 1Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 C...6.00GB UsableIntel(R) HD Graphics Family
Computer Manufacturer/Model Number
HP Pavilon g7 Notebook PC
OS
Windows 7 Home Premium x64 Service Pack 1
CPU
Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 CPUs) ~ 2.3GHZ
Motherboard
Hewlwtt-Packard
Memory
6.00GB Usable
Graphics Card(s)
Intel(R) HD Graphics Family
Sound Card
(1)IDT High Definition Audio CODEC (2)Intel(R) Display Audio
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1600 x 900 x 32-bits @ 60 Hz
Hard Drives
Local Disk (C:)
Recovery (D:)
Local Disk (Q:)
Seagate GoFlex 1TB Desktop Hardrive (External)
Other Info
Logitech m325 Blue Wireless mouse.
If he has XP,then Farbar tool cannot be used in recovery mode

I need to see the Combofix log

Download and run OTL

Download http://oldtimer.geekstogo.com/OTL.exe by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Alright. Thanks. i'll let him know.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 Service Pack 1Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 C...6.00GB UsableIntel(R) HD Graphics Family
Computer Manufacturer/Model Number
HP Pavilon g7 Notebook PC
OS
Windows 7 Home Premium x64 Service Pack 1
CPU
Intel(R) Core(TM) i3-2350 CPU @ 2.30 GHZ (4 CPUs) ~ 2.3GHZ
Motherboard
Hewlwtt-Packard
Memory
6.00GB Usable
Graphics Card(s)
Intel(R) HD Graphics Family
Sound Card
(1)IDT High Definition Audio CODEC (2)Intel(R) Display Audio
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1600 x 900 x 32-bits @ 60 Hz
Hard Drives
Local Disk (C:)
Recovery (D:)
Local Disk (Q:)
Seagate GoFlex 1TB Desktop Hardrive (External)
Other Info
Logitech m325 Blue Wireless mouse.
Back
Top