Win32/Sality

[Bokteelo]

I've been infected with this for a while now, and can't get rid of it... I know of a method where I have to take my hard drive out, put it on a another system with Kaspersky, and rid myself of the virus; but is there an easier way?

Update: The symptoms of this virus are: Locked registry, task manager, and something else I forgot. I've used a tool to unlock my task manager for about 5 seconds allowing me access the task manager and leave it open. I've noticed that if left unchecked, my computer would have multiple .exe's running with the names "win[random letters here].exe" in them. The amount of .exe's reached over 260 at one point, causing me heavy computer lag.

I cannot visit certain websites, an example would be Kaspersky's website nor can I install antivirus software downloaded.

[francis511]

Have you tried googling it ?

[95Viper]

Try these:http://www.softpedia.com/get/Antivir...-Remover.shtml and http://www.avg.com/virus-removal.ndi-67769

[Bokteelo]

Quote:

Originally Posted by francis511

Have you tried googling it ?

No sorry, I just decided to post here without looking up any background information and/or possible solutions in the 2 months that I've been infected so that people like you could get a free post count increase.

Quote:

Originally Posted by 95Viper

Try these:http://www.softpedia.com/get/Antivir...-Remover.shtml and http://www.avg.com/virus-removal.ndi-67769

Viper, I've tried both methods, not only that but I've tried Combofix with custom written scripts by the wonderful volunteers of TechSupportForum as well. I have a recovery kit from HP, but I would like to see if there are any possible ways of cleaning my PC without turning my hard drive to 0's.

Edit: Updating post #1.

[Marineborn]

do you have another harddrive, if so make the other one your primary boot up into safe mode have the infected one as a slave, and remove it with kaspery

[Bokteelo]

Quote:

Originally Posted by Marineborn

do you have another harddrive, if so make the other one your primary boot up into safe mode have the infected one as a slave, and remove it with kaspery

This is a similar method to what I mentioned in my first post, removing the virus with Kaspersky so long as I have another hard drive. It's a little bit too advanced for me, seeing as I've yet to even put together a computer.

[sneekypeet]

Quote:

Originally Posted by Bokteelo

This is a similar method to what I mentioned in my first post, removing the virus with Kaspersky so long as I have another hard drive. It's a little bit too advanced for me, seeing as I've yet to even put together a computer.

Do you have a second PC to do this on? Does it have kaspersky on it already?
It really isnt that tough of an opperation to do. Im sure we could talk you through it.

[Marineborn]

oh, its not really complicated...well, i guess it could be, um....just reformatt, or boot up in safe mode, go into program files, kaspery folder, open up there scanner manually and run a scan and remove it in safe mode, make sure to unplug your ethernet cable, run it again, then again, reboot back into normal mode keep ethernet unplugged and then run scan again, plug in your cable run scan again, make sure to enable deep scan in kaspery in under settings in the full scan area

[Bokteelo]

I have 4 working computers at home, 2 of which are laptops, 1 is my sister's very vintage desktop. Perhaps I could install Kaspersky on my sister's desktop, but taking apart both computers and installing my drive in her computer then going into the bios and turning my drive into a "slave" drive scares me a little. I have complete faith in TPU and know that if I'm willing to, someone would be willing to walk me through it no problem. I'm afraid I'll need to have live support through AIM/MSN/Yahoo Messenger or whatever during the entire process.

[Marineborn]

its dangeroud and i really dont recommend it at all, if its a virus that can jump networks, but hook on of your laptops to the same network that computer is on and scan its hardrives with the laptop!~ not reccomened if my last one wasnt good enough! THAT VIRUS CANT LOAD IN SAFE MODE! DO A MANUAL SCAN!

[Bokteelo]

I'm not sure if it can jump networks as you say, but I've read on a blog that putting my drive into somebody else's computer does work, so long as I have Kaspersky to clean it up.

When you say "same network" do you mean internet connection? I'm not really sure, and I'm completely lost when you say scan my hard drives with the laptop.

Edit: I've tried booting into the safe mode by tapping F8 during bootup and selecting safe mode, but my computer simply won't allow it. It will reboot and give me the message saying hard drive did not boot up correctly and give me the menu to select which mode to boot up again, and I'll have to select normal.

[Marineborn]

bok, when your computer starts hit keep hitting f8 now dont be alarmed a black screen some come up with options now go up to the one that says safe mode, hit enter on it, now all kinds of prompts will scroll dont worry thats support to happen windows will boot up, this way itll only boot up the windows core processors nothing else it might take a minute, now go my computer your c drive then program files, then the folder that says kaspery lab open that, open the folder inside that one then go to the avp that looks like the icon of K double click on that, it should bring up your scanner and do a full system deep scan at this point. this is all the guidance i can give you at this time

[Bokteelo]

When you say "your" computer, you mean the clean computer that I will be putting my infected hard drive in right? Because my computer cannot boot into safe mode, I tried yesterday using your method, and I cannot install Kaspersky or BitDefender due to the virus.

[francis511]

So you have tried googling it ?

[Marineborn]

do you have a jump drive that you could install kaspery on and do the scan on your hardrive from that jumpdrive on your infected computer

[Bokteelo]

Quote:

Originally Posted by francis511

So you have tried googling it ?

I've answered your question, and I don't plan on answering again. Reported for spamming x2.

Quote:

Originally Posted by Marineborn

do you have a jump drive that you could install kaspery on and do the scan of your hardrive of your jump drive? its only 34mbs

Do you mean a USB/flash drive? If so, yes I do but how exactly do I install Kaspersky on a flash drive?

[Marineborn]

you just pick it as the drive you want to install it on when your installing it, its simple just when kaspery asks where you want to install it browse, pick the flash drive bam it installs it on there

[Bokteelo]

Okay, so let me get this straight.

1. I download Kaspersky on a clean computer and install it onto my flash drive.
2. Do I scan in normal mode or safe mode?
3. How do I start a scan from the flash drive?

If possible, could I use a CD instead? I was in the bios yesterday and saw that I could make the CD drive the first thing to boot up. Does that mean I can create a bootable CD with Kaspersky installed onto it? I didn't see the option of booting into the flash drive first, just hard drive and CD.

[Marineborn]

once its on the flash drive you put it in the infected computer the computer says heres a flash drive you open the installed folder from the flash drive up pick the avg scanner, then itll say scan what...full scan will find the hardrives and then scan

[Bokteelo]

Are flash drives infectable? If they are would my flash drive be infected if things don't go as planned? (It's my sister's drive and she's home from college for about a week and I don't want to infect her drive.)

[Marineborn]

unless your extremly words about a jump drive, then no its can be easily formatted easily fixed its a usb jumpdrive its alot simpler then swapping harddrive, and looks to be your only option at this point, im going to bed, goodluck

[francis511]

I take it googling didn`t help then m8 ?

[Yin]

Why is this in the network section? maybe i am missing something?
but sounds like you need process explorer.

[Wile E]

The Flash drive won't work.

First you should try booting to safe mode, and manual scan with Kaspersky. If Kaspersky can't get rid of it in safe mode, there are only a couple other options. You might be able to boot from a BartPE CD with Kaspersky loaded on it, or you can just put the Hard Drive in another computer, boot to the computers normal drive, and then scan the drive you added.

It cannot infect the other computer because the virus won't start unless Windows tells it to. Since it's not your Windows that's loading, it won't be told to start.

[Bokteelo]

Quote:

Originally Posted by Wile E

The Flash drive won't work.

First you should try booting to safe mode, and manual scan with Kaspersky. If Kaspersky can't get rid of it in safe mode, there are only a couple other options. You might be able to boot from a BartPE CD with Kaspersky loaded on it, or you can just put the Hard Drive in another computer, boot to the computers normal drive, and then scan the drive you added.

It cannot infect the other computer because the virus won't start unless Windows tells it to. Since it's not your Windows that's loading, it won't be told to start.

I'd have to be able to install Kaspersky onto my computer before booting into safe mode and performing the manual scan, and that's a problem.

What exactly is a PartPE CD?

I've read about putting my drive onto someone else's computer, and thanks for letting me know that it's completely safe for the other system because I don't want to infect my sister's/friend's computer. Although I do have a question: Once I put my drive into someone else's computer, how will his/her computer know which hard drive to boot from? My cousin's computer is running Vista, if I installed Kaspersky onto his computer would Kaspersky scan my computer without problems? (Being that he's running Vista and I'm running XP.)

I'm looking forward to fixing my computer ASAP, because I ordered some high end gaming peripherals and I want my computer to be completely clean before I install the drivers.