sality.naq & sality.nar

Discussion in 'ESET NOD32 Antivirus' started by avista, Aug 23, 2008.

Thread Status:
Not open for further replies.
  1. avista

    avista Registered Member

    Aug 23, 2008
    I try to scan USB flash disc and nod32 reported no viruses
    but after restarting computer nod32 was killed without possibility to restart task manager was disabled registry editor disabled and str ....
    After i uninstalled nod32 and installed it again it reported "sality.naq" virus ,, deleted it but in few second virus was active again...
    I have try everything and at last i fromated partition "C:" (i have "D" partition too with some data) and installed windows again and nod32 again
    I scaned computer completly and nod32 reported no viruses ;;; but after restarting nod32 was killed again and task manager and registry editor disabled ...:((((
    I have try combofix, superantispyware, spybot, SmitfraudFix, XoftSpySE, SpyHunter .....
    but no success....
    (I have been disconnected computer from network and dont know what to do ...btw have purchased few hundreds licenses for nod32 for our company)

    Please if someone (or ESET) have some sugestions or can help.

    Thanks and

    Best regards,
  2. ASpace

    ASpace Guest

    Download and run ESET SysInspector

    When the utility has collected the information , click File > Save Log
    Confirm your wish. A log file , placed in a zip archive , will be created.

    Send that archived file to ESET Technical Support , samples[at] .

    Just a few notes from me:

    If a problem with Task Manager occurs once again:

    Except from Combofix , all others are antispyware utilities . You have problem with a virus/backdoor , not with typical spyware .

    As far as I know Sality has keylogger capabilities . After you recover from it , from known clean computer , you should change your passwords for your most valuable data (email accounts , online banking accounts , etc.)

    From what I have read , Sality tries to kill a few antiviruses (incl. NOD32 v2) . However , v3 which is called ekrn.exe is not listed in Sality's list for killing :D I mean , if you use v2 now , use v3

    Edit: email address changed from support[at] to samples[at]
    Last edited by a moderator: Aug 24, 2008
  3. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    When sending the log, enclose this thread's url as well. In order to prevent Autorun trojans from running automatically in the future, I'd suggest considering disabling the autorun feature for removable drives.
  4. ASpace

    ASpace Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.