Jump to content

Recommended Posts

I don't how this virus appeared but i think it was because of the update, it originally appeared on my laptop but my pc was infected because i added a program that was from the infected laptop, i noticed that there was a discussion like this 1 year, well it didn't go well because the creator reinstalled his windows, anyways i don't want a full reset on my pc because i have like 400 games and i can't exactly do that so anyways back to my question can i remove this virus? is there actually anyway?

 

i may take a long time to reply since i'm writing this at night so anyways just help me and i hope i will remove this crap.

Link to post
Share on other sites

  • Root Admin

Hello @jmadgocrem

I'm sorry but I have some bad news for you.

Sality is a File Infector Though there are cleanup tools, they do not function well enough to clean a computer back to a safe and secure system.

I would highly recommend that you download and run the Kaspersky Virus Removal Tool just so that you can attempt a basic cleanup to allow you to save any personal documents to an external drive before formatting the infected drive.

NOTE: Please do not share or connect any USB drive or thumb drive to this computer before running the Kaspersky tool. If you have already connected one then have Kaspersky scan that drive too as it can infect other computers if connected.

This is a dangerous virus that can and will try to infect any type of media that it can write to. Do not share data from this computer with any other computer.

 

 

One or more of the identified infections may also potentially be related to a  rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (back doors) as a means of accessing a computer system that bypasses security mechanisms and steals sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
 
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed to include those used for banking, email, eBay, PayPal, and online forums from a CLEAN COMPUTER - never use the same password on different sites. Avoid using Facebook, Google, or other auto sign-on methods. If that account gets exploited they'll also have access to all other sites linked to it.
 
 
You should consider these passwords to be compromised. You should change each password by using a different computer and not from the infected one.
 
If not, an attacker may get the new passwords and transaction information. If using a router, you may need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read the following
 
 
Although the threat may have been identified and may be removed, your PC has likely been compromised and there is no way to be sure certain the computer can ever be trusted again.
 
It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure.
 
In some instances, an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.
 

Once the main infection has been removed here are some articles on doing a clean fresh install of Windows 10 (at this time I'd probably not install Windows 11 just yet)

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

If you have any other questions or need further assistance please let me know

Thank you

 

Link to post
Share on other sites

11 hours ago, AdvancedSetup said:

Hello @jmadgocrem

I'm sorry but I have some bad news for you.

Sality is a File Infector Though there are cleanup tools, they do not function well enough to clean a computer back to a safe and secure system.

I would highly recommend that you download and run the Kaspersky Virus Removal Tool just so that you can attempt a basic cleanup to allow you to save any personal documents to an external drive before formatting the infected drive.

NOTE: Please do not share or connect any USB drive or thumb drive to this computer before running the Kaspersky tool. If you have already connected one then have Kaspersky scan that drive too as it can infect other computers if connected.

This is a dangerous virus that can and will try to infect any type of media that it can write to. Do not share data from this computer with any other computer.

 

 

One or more of the identified infections may also potentially be related to a  rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (back doors) as a means of accessing a computer system that bypasses security mechanisms and steals sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
 
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed to include those used for banking, email, eBay, PayPal, and online forums from a CLEAN COMPUTER - never use the same password on different sites. Avoid using Facebook, Google, or other auto sign-on methods. If that account gets exploited they'll also have access to all other sites linked to it.
 
 
You should consider these passwords to be compromised. You should change each password by using a different computer and not from the infected one.
 
If not, an attacker may get the new passwords and transaction information. If using a router, you may need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read the following
 
 
Although the threat may have been identified and may be removed, your PC has likely been compromised and there is no way to be sure certain the computer can ever be trusted again.
 
It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure.
 
In some instances, an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.
 

Once the main infection has been removed here are some articles on doing a clean fresh install of Windows 10 (at this time I'd probably not install Windows 11 just yet)

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

If you have any other questions or need further assistance please let me know

Thank you

 

Sadly the WINDOWS 10 setup is also infected with SALITY so there is no way i can avoid this virus.

Link to post
Share on other sites

  • Root Admin

From a CLEAN computer you download the ISO image and build it on a new USB thumb drive. Pretty cheap these days. 8GB or 16GB and you boot from that USB thumb drive and the boot process happens long before this virus can do anything.

Follow the advice as posted and you will get past this virus no problem.

The Kaspersky tool will kill off the main infection to stop it from spreading.

Any previously infected USB disk with an installer on it simply format it - again let Kaspersky clean the disk first, then format it.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

 

Link to post
Share on other sites

37 minutes ago, AdvancedSetup said:

From a CLEAN computer you download the ISO image and build it on a new USB thumb drive. Pretty cheap these days. 8GB or 16GB and you boot from that USB thumb drive and the boot process happens long before this virus can do anything.

Follow the advice as posted and you will get past this virus no problem.

The Kaspersky tool will kill off the main infection to stop it from spreading.

Any previously infected USB disk with an installer on it simply format it - again let Kaspersky clean the disk first, then format it.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

 

I don't have a clean pc that doesn't have the virus, i only use this laptop and the pc, anyways does the kaspersky recover any programs like my games?

Link to post
Share on other sites

  • Root Admin

No it does not recover. Please re-read the information posted. This is a destructive file infector and why your other drives got and remain infected.

It can try to stop the spread but that's about it.

Please run the Kaspersky tool on any computers and any drives you have that might possibly affected.

If you cannot manage it alone at home then you may have to take the computer to a local computer shop and have them assist you

 

Link to post
Share on other sites

16 hours ago, AdvancedSetup said:

No it does not recover. Please re-read the information posted. This is a destructive file infector and why your other drives got and remain infected.

It can try to stop the spread but that's about it.

Please run the Kaspersky tool on any computers and any drives you have that might possibly affected.

If you cannot manage it alone at home then you may have to take the computer to a local computer shop and have them assist you

 

Hello, i managed to remove the unremovable malware in the microsoft malicious software removal tool and it runs fine now tho i just need to replace the infected exe so that it will never come back again.

Link to post
Share on other sites

  • Root Admin

It's up to you @jmadgocrem

I've attempted to explain the threat and damage and if you choose to ignore it and run your system like that then by all means that is your choice to do so.

I'll go ahead now and close this topic and wish you the best

Take care

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.