Infected with Sality virus

Discussion in 'ESET NOD32 Antivirus' started by mkhalifa, Nov 13, 2012.

Thread Status:
Not open for further replies.
  1. mkhalifa

    mkhalifa Registered Member

    Joined:
    Nov 13, 2012
    Posts:
    3
    Location:
    Egypt
    I was using Nod32 4 always but for some reasons my computer in the past few weeks had no antivirus as i did a re-installation of the windows and my computer engineer installed Avira antivirus , and few days ago i inserted a usb flash and it infected the PC with win32/sality.nau virus
    i reformated the C and reinstalled windows XP
    i installed Nod32 4 and updated it
    I scanned my other hard partitions and it cleaned hundreds of infected .exe with this virus
    the problem is many of these files are install/setup files for my used programs and many of them after it was cleaned and the virus moved to quarantine seems to be corrupted as some give me NSIS error when i try to install it and some install files as zip self-extractors says " win self-extractor header corrupted"
    i didn't try all of them but these are some errors and also some still works fine

    Why these files are damaged? is it error in cleaning?
    if i restored them and cleaned with another antivirus will it be solved?
    or they are damaged forever?
     
  2. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
  3. mkhalifa

    mkhalifa Registered Member

    Joined:
    Nov 13, 2012
    Posts:
    3
    Location:
    Egypt
    but what i do now? do i restore the virus from quarantine or not ? as files now is corrupted after cleaning with nod32
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If files are non-functional after cleaning, it's usually because the virus infected them improperly and removed or overwrote important information necessary for repairing a file to a functional state. I'd suggest submitting such a file to ESET as per the instructions here, ideally along with an original (clean) version of the file.
     
  5. mkhalifa

    mkhalifa Registered Member

    Joined:
    Nov 13, 2012
    Posts:
    3
    Location:
    Egypt
    So this files are permanently damaged after cleaning?
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Without sending the file to ESET and analyzing it, it's impossible to tell.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sality is a file infector which changes quite often. Several modules are required for proper detection and cleaning, updated on a regular basis. What you're basically missing is a package containing ecls.exe with all other current modules. However, it's possible to install a trial version of an ESET product and take the modules along with ecls.exe to an infected computer to clean it.
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Noted and thank you for the feedback.
     
Thread Status:
Not open for further replies.