Sality

[jccl2]

Hello All,

I had Sality problem with my computer, the task manger was gone, mail and AV sites are blocked.


Thanks.

[drongo]

Hi!
Sorry for waiting.
Switch off/Disable:
- All (!) Antivirus , antispyware and and, if you have - Firewall.
- System Restore!
Execute the script: ( how-to: http://avptool.virusinfo.info/en/AVP...curescript.htm)

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteService('abp470n5');
 QuarantineFile('C:\WINDOWS\system32\drivers\rjmmon.sys','');
 TerminateProcessByName('c:\docume~1\fatima\config~1\temp\tpyqba.exe');
 QuarantineFile('c:\docume~1\fatima\config~1\temp\tpyqba.exe','');
 DeleteFile('c:\docume~1\fatima\config~1\temp\tpyqba.exe');
 DeleteFile('C:\WINDOWS\system32\drivers\rjmmon.sys');
CreateQurantineArchive('C:\quarantine.zip');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(17);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

The computer will reboot.

Upload file C:\quarantine.zip, by link Upload quarantined files in the top of this thread.

About sality- it is file-infector virus. So, you should go to your friend that have uninfected computer, download from him and create an antivirus on CD- boot your system from this cd ( For exp. http://www.freedrweb.com/livecd/ ) and make a full scan, or at least unpack/unzip cureit ( http://www.freedrweb.com/cureit/ ) and burn it on CD( or flash disk that have mechanic protection from writing.Write protect it and only then insert flash-disk to your infected computer, otherwise- antivirus will may infected too.)
Do scan and cure all of your disks, make sure to do it 2-3 times.
Still, it is a good chance that virus is damaged your files so much, that curing is not possible.

After all steps, please do "Collect system information" and attach a new avptool_syscheck.zip to the thread.