Hello All,
I had Sality problem with my computer, the task manger was gone, mail and AV sites are blocked.
Thanks.
Printable View
Hello All,
I had Sality problem with my computer, the task manger was gone, mail and AV sites are blocked.
Thanks.
Hi!
Sorry for waiting.
Switch off/Disable:
- All (!) Antivirus , antispyware and and, if you have - Firewall.
- System Restore!
Execute the script: ( how-to: [url]http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm[/url])
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('abp470n5');
QuarantineFile('C:\WINDOWS\system32\drivers\rjmmon.sys','');
TerminateProcessByName('c:\docume~1\fatima\config~1\temp\tpyqba.exe');
QuarantineFile('c:\docume~1\fatima\config~1\temp\tpyqba.exe','');
DeleteFile('c:\docume~1\fatima\config~1\temp\tpyqba.exe');
DeleteFile('C:\WINDOWS\system32\drivers\rjmmon.sys');
CreateQurantineArchive('C:\quarantine.zip');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(17);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
The computer will reboot.
Upload file C:\quarantine.zip, by link [COLOR="Red"]Upload quarantined files[/COLOR] in the top of this thread.
About sality- it is file-infector virus. So, you should go to your friend that have uninfected computer, download from him and create an antivirus on CD- boot your system from this cd ( For exp. [url]http://www.freedrweb.com/livecd/[/url] ) and make a full scan, or at least unpack/unzip cureit ( [url]http://www.freedrweb.com/cureit/[/url] ) and burn it on CD( or flash disk that have mechanic protection from writing.Write protect it and only then insert flash-disk to your infected computer, otherwise- antivirus will may infected too.)
Do scan and cure all of your disks, make sure to do it 2-3 times.
Still, it is a good chance that virus is damaged your files so much, that curing is not possible.
After all steps, please do "Collect system information" and attach a new avptool_syscheck.zip to the thread.