Win32.Sality Infection

[aodhowain]

Help. I got infected with Win32.Sality Virus. I need the script ASAP.

[Aleksandra]

Use the Live CD Vba32 Rescue. Links to download:

ftp://anti-virus.by/pub/vbarescue-beta.iso
ftp://vba.ok.by/vba/vbarescue-beta.iso

After attach a log C:\VbaRescue\vba32.rpt

[aodhowain]

Looks like my system has already been cleaned. Huge thanks to COMODO INTERNET SECURITY, DRWEB CUREIT and KASPERSKY VIRUS REMOVAL TOOL.

hooray, I no longer need to reformat!

[Aleksandra]

Attach a new avptool_syscheck.zip.

[aodhowain]

Please verify if my system is clean. avptool_syscheck.zip attached. Thanks.

[Aleksandra]

It is better you deinstall Spy Sweeper.

1. Please, disable System Restore and antivirus (if you have).
2. Execute the script in AVPTool:

Код:

begin
SetAVZGuardStatus(True);
 QuarantineFile('C:\DOCUME~1\Susan\LOCALS~1\Temp\b.exe','');
 QuarantineFile('C:\WINDOWS\system32\RVHOST.exe','');
 DeleteService('asc3360pr');
 DeleteFile('C:\WINDOWS\system32\drivers\imphmq.sys');
 DeleteFile('C:\WINDOWS\system32\RVHOST.exe');
 DeleteFileMask('C:\WINDOWS\Tasks', 'At*.job', false);
 DeleteFile('C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe');
 DeleteFile('C:\WINDOWS\Tasks\wrSpySweeper_LF229B83443D74C6A845227A6B3C8900F.job');
 DeleteFile('wrSpySweeper_LF229B83443D74C6A845227A6B3C8900F.job');
 DeleteFile('C:\DOCUME~1\Susan\LOCALS~1\Temp\b.exe');
 DeleteFile('C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job');
 DeleteFile('{BB65B0FB-5712-401b-B616-E69AC55E2757}.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.

After restart upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=57529

3. Attach a new avptool_syscheck.zip.