Hi.
~Link removed. - Ron~ file is infected with variant of win32/Sality, NOD32 can detect it and delete it.

But can't clean it, while Symantec and Kaspersky can do from long time ago.

I have emailed samples@eset.com, Submit it many time , sent a form about this problem, But nothing positive !

Any help here?

Hello, file is detected.

9. 11. 2008 13:11:18 HTTP filter file http:// ~Link removed.~ Win32/Sality.NAU virus connection terminated - quarantined

The file is not only detected, but it can be cleaned as well:
C:\test_sality\Alfa Fixit.exe - Win32/Sality.NAU virus - cleaned - quarantined

Website provides different variants, you're right. Once I got Win32/Sality.NAU, once a variant of Win32/Sality. When file is detected before its activation, cleaning algorithm isn't necessary, don't worry.

The Problem is that i need those .exe file - valuable files to me.
I have allready lost many .exe files with this virus before by NOD32.

And i still see this virus from time to time.

And i don't want to move away from NOD32.

....?

{QUOTE-> ....? <-QUOTE}
The file you uploaded and send to samples[at]eset.com can be cleaned perfectly as I have stated above:

C:\test_sality\Alfa Fixit.exe - Win32/Sality.NAU virus - cleaned - quarantined

After my NOD32 has cleaned it, it was no longer reported as infected.

{QUOTE-> The file you uploaded and send to samples[at]eset.com can be cleaned perfectly as I have stated above:

C:\test_sality\Alfa Fixit.exe - Win32/Sality.NAU virus - cleaned - quarantined

After my NOD32 has cleaned it, it was no longer reported as infected. <-QUOTE}
The file i uploaded can't be cleaned of course.

This file is the parent (variant of win32/Sality), it produces a child (Win32/Sality.NAU).

The child itself can be cleaned. but the parent couldn't be cleaned.

The parent infects other .exe files (i mean it produces another parents, not only childs)

The problem that NOD32 kills the parent, I only want NOD32 to cure the parent as it cures the child.

this is a pic (http://img134.imageshack.us/img134/7663/virusjm6.png).

I have Smart Security Definition: 12 Nov 2008

I suppose to get help here ::)

Maybe you should turn to Eset technical support.Probably,they will ask you for log from Eset SpyInspector. Untill they answer you,you could try scan your pc with Malwarebytes Anti-malware;)

maybe because it detected as "variant of...."(which is result from AH) so ESET doesnt provide cleaning algorithm..
ESET needs to create exact detection for that specific file to create cleaning algorithm

When is something detected as "a variant of", "probably a variant of" or "NewHeur_PE" etc, but "Win32/%something%" too, everything depends on cleaning algorithm. When virus database doesn't include it, file can't be cleaned, only deleted, quarantined.

{QUOTE-> maybe because it detected as "variant of...."(which is result from AH) so ESET doesnt provide cleaning algorithm..
ESET needs to create exact detection for that specific file to create cleaning algorithm <-QUOTE}

I Put my flash disk on the infected PC, then get ~Link removed. Ron~ two files on it.

Is that what you mean?

No . When EAV detects Win32/Sality.NAU virus - this means 100% detection (100% sure that the file is precisely that virus) . When detected either as probably a variant of , or a variant of , this is a heuristic detection
http://en.wikipedia.org/wiki/Heuristic_algorithm

Detected proactively without signatures , most of the times EAV will not be able to clean the virus . "Clean" because a virus infects other files and needs cleaning , not just deletion in most times.

Contact ESET and start a support case

Download and start ESET SysInspector
http://www.eset.com/download/sysinspector.php

When the utility has collected the information , click File > Save Log
Confirm your wish. A log file , placed in a zip archive , will be created.

Send that archived file to ESET Technical Support , email support@eset.com .
Then , they'll guide you to a way to eliminate the threat and possibly recover the problems :thumb:

{QUOTE->
Download and start ESET SysInspector
http://www.eset.com/download/sysinspector.php

When the utility has collected the information , click File > Save Log
Confirm your wish. A log file , placed in a zip archive , will be created.

Send that archived file to ESET Technical Support , email support@eset.com .
Then , they'll guide you to a way to eliminate the threat and possibly recover the problems :thumb: <-QUOTE}

Thank you, I'll do.

You are welcome !

Well. I have done like you told me, but nothing yet.

I think i was wrong opening this thread from the begining while i have other solutions that perfectly cleans this type of virus from time ago (i mean Norton Antivirus and Kaspersky Antivirus).

I am sorry to hear that ! Wish you luck ! :thumb:

Finally i found a perfect fix -that cleans- this variant of sality, It's by Kaspersky.
here is the "ht tp://rapidshare.com/files/191628505/Sality_off.exe.html"

The official Sality Removal Tool by Kaspersky is here: http://support.kaspersky.com/viruses/solutions?print=true&qid=208279889

Don't link to random rapidshare websites.

Nearly every company has it's own removal tool and instructions:
http://www.eset.eu/buxus/generate_page.php?page_id=294&lng=en