Jump to content

The powerful trojan sality sinkhole v3


Recommended Posts

Me again with the same problem, but more cautious with this situation
Well, it turns out that this rootkit has changed the access logic to a file/folder location
Going from this

F:\Los archivos\Shiro\Error1\Nueva carpeta 2\Nueva carpeta 1\Nueva carpeta 2\Nueva carpetads 1\Nueva carpeta 2\Nueva carpeta 3\Nueva carpeta 1\Respaldo\Escritorio\ \jjjjjjjjjjjjjjjjjjjjjjjj\beat\things\johnis\got_the.htm\Nueva carpeta 1\todooo\1\Nueva carpeta\15.1.2022

To this

F:\LOSARC~1\Shiro\ERRORN~1\NUEVAC~2\NUEVAC~1\NUEVAC~2\NU3CD5~1\NUEVAC~2\NUEVAC~3\NUEVAC~1\Respaldo\ESCRIT~1\9DEC~1\JJJJJJ~1\BEA157~1\things\JOHNIS~1\GOTHER~1.HTM\NUEVAC~1\todooo\1\Nueva carpeta\15.1.2022

Well, knowing this, I would like to clarify the following
I have this problem on a removable hard disk
The hard disk has damaged physical sectors, so the maximum that can be done and allows, is to move, copy and delete files, but being damaged, such a simple process of copying 1GB to another location, instead of taking 20 or 40 minutes which is normal, it can take up to 15 hours or even a whole day
That said, doing a scan with the programs that are always mentioned in these situations, is impossible due to the deteriorating processing of the hard drive
I know that the hard disk is infected, but the malfunction is not due to this rootkit and I know that I should not run any .exe as it is infected, the rest of the files are not and can be saved.
By the way, this problem is only the file location path, but the name of those folders are normal.
While the folder is named "Los archivos", in the path it comes out as "LOSARC~1"
The question I have is, how to fix the file location logic?
I have this problem on my PC, but in a smaller amount
I am making a backup to clean the files, the malware is always contained in a process that I suspend, so it avoids contaminating other processes and neither propagate
In these years I have understood how this malware works, how it works, what it does, how it spreads and how it acts, so I can contain it, but currently, it is impossible to destroy it since the windows logic is damaged
I will reinstall windows with the patches that AdvancedSetup told me and I will take many precautions to avoid another infection
Here is a brief introduction to this topic in my previous topics:
 https://forums.malwarebytes.com/topic/280985-the-powerful-trojan-sality-sinkhole-v2

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.