How to remove Win32/Sality.NAR virus ?

Had a few machines now infected with this virus Win32/Sality.NAR and on the machines running v2.70 of NOD we find not is disabled completely by the virus.

The virus is able by the looks of it close running applications/exe's and infected them.

Only when updating to ESET NOD32 Antivirus Business Edition (32-bit) 3.0.669 did the antivirus start working and detecting all the Sality.nar viruses, but the system is overwhelmed and only soultuion is to completely format systems affected by this virus.

Is there a guide somewhere how to cleanse/wipe out this virus without a trace and not have to rebuild entire systems.

Thanks

Note: The virus also disable the taskmanager & restore points no longer show or available in XP/Vista.

 

The cleaning depends on whether the system files are infected or not (I assume they are). In such case, the best would be to slave the disk, boot from a clean one and run a scan of the infected disk. If cleaning is not possible, send about 10 infected files in a password protected archive to samples[at]eset.com with a link to this thread and we'll see if it's technically possible to clean them.