Jump to content
Verneri

How I will remove this virus

Recommended Posts

I think I have this on my computer, Avast block constantly different trusted EXE files try to connect same DNS address mentioned here, also have other symptoms.

I have tried to scan with Win-Defender, Avast, TotalAV and not found.

It also spawn random named exe -files to AppdataLocal\Temp\.

I think it also take Windows firewall off sometimes.

https://www.hybrid-analysis.com/sample/2567aedc124f79a0b34237232290e58a6711eb9e99e4f62de34905273a889c92?environmentId=120

Please help.

Virus2.jpg

Virus1.PNG

Share this post


Link to post
Share on other sites

Hello @Verneri and :welcome:

Wow, if that is truly a SALITY infection then please make sure you disconnect it from the network and do not share any USB sticks or other data sharing methods. Sality is a very nasty file infector virus.

If you're lucky Avast caught it in time and it's just the dropper file trying to get started but it sounds like it might have already gotten it's hook into your system.

 

Please see if you can download the Kaspersky Virus Removal Tool from another computer. Then take a new USB stick or format an old one and copy that file onto it. Then insert it into the infected computer and see if you can run it or not.

If it won't run let me know. DO NOT reinsert the USB stick into any other computer after that point though as it will try to infect that computer as well.

https://usa.kaspersky.com/downloads/thank-you/free-virus-removal-tool

 

 

 

Share this post


Link to post
Share on other sites

Thanks. I think it's now on control.

I reinstall Windows 10, then I bought TotalAV.

Virus scanners block exe files. But I was stupid and give permissions because I "know"  that these files are safe and also need them on my work..

But thing was that Sality was changed these exe files, it also keeped modify date same.

Share this post


Link to post
Share on other sites

Well, Sality is a very nasty file infector. Reinstalling Windows does not always fix the issue depending on how it was done.

I'd like to request you run a new scan with FRST and let's see what it says

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.