W32/SALITY.Y !!HELP!!!!!!

Discussion in 'malware problems & news' started by ruzfactor, Jan 9, 2010.

Thread Status:
Not open for further replies.
  1. ruzfactor

    ruzfactor Registered Member

    Joined:
    Nov 29, 2008
    Posts:
    4
    I'm using windows XP SP3 (downgraded from vista) on my Compaq F750US with Avira Antivir (free) and Comodo Firewall. But recently my laptop has been infected by w32/sality.Y virus. Several system files and files on other drives are infected. I'm getting continuous notification by Avira as soon as I turn on my laptop. I have used Norman Malware Cleaner and sality removal tool by avg(this is also getting infected). Norman Malware cleaner detects and repairs all files except msconfig.exe. But after few minutes notification arrives again from Avira. Avira also can't repair these files. I also can't boot using safemode (getting a BSD). How can I remove w32/sality.Y without deleting the files?? Help needed...:oops:
     
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    As you found out its a nasty infection that injects into all running processes and then infects all executable files.

    Best clean up would be to revert to backups and re-image your drive - something to think about if you don't take regular images.

    You could try an antivirus livecd.

    Have a look at the stickies at the top of this forum but you may have to start over.
     
  4. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Put 10 infected files inside a password-protected zip and send it to support(at)avira.com. In the e-mail body ask for repair and include the zip password. You might need to wait for a new engine update though.

    If you're in a hurry, use CureIt.

    http://www.freedrweb.com/cureit/?lng=en

    Why did you get infected? Avira detects it (Sality.Y) and Comodo's HIPS should have warned you of attempts to access/modify files.
     
  5. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    try combofix is the only solution
    or a new image of your disk if you have.....
     
Loading...
Thread Status:
Not open for further replies.