Pages

Thursday, March 25, 2010

Sality Virus: Symptoms and Removal...

It was two weeks ago a friend of mine gave me his pen drive to copy some of the softwares from my computer to his computer. Since I was in a hurry and trusted my antivirus for my computer's safety, I didn't check for the viruses in the pen drive. After a few minutes I noticed that the icons of anti virus and firewall disappeared. So I tried to run the applications from the start menu, but in vain. Then I tried to run the anti malware program. It also doesn't open. Then I tried to reinstall my anti virus. But it didn't worked. At last I had to format my computer. Then I collected the details about the virus to prevent the future attack. The situation that allowed the virus to enter into my computer were:

  1. My carelessness to disable auto run before inserting pen drive.
  2. Even though the antivirus was powerful to detect and remove Sality virus, it lacks real time protection that enable the virus to over power anti virus.

         Sality is a family of file infecting viruses.It spreads by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable drive when connected to a computer. In addition, Sality includes a downloader trojan component that installs additional malware from the internet. Sality  virus have keylogging and back door capabilities. It may infect executable files by prepending its code to host files.

Symptoms of infection:
                                         Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped files when the drive is accessed.

Removal:
                  Try deleting with an anti virus software. If it fails, then remove the hard disk from your computer and connect it to your friends computer and boot into the operating system installed in his computer. Then run the updated anti virus in his system. Anti viruses like avast or BitDefender or Kaspersky or etc can be used. AVG is a bit lame. Repair or delete the viruses found on the scan. Care must be taken not to open any of the drives or files in your hard disk before running the anti virus in your friend's system since it may infect his computer. Then detach the hard disk from his computer and connect it to your computer. Then install a good and updated anti virus with real time protection in order to prevent future infection. Avast provides real time protection and I am satisfied in its functioning. So I am recommending it for your computer.

                  Add to Technorati Favorites               Bookmark and Share
Posted by at
Labels: , ,

13 comments:

  1. masumMay 23, 2010 at 6:24 AM

    On my PC windows XP is installed.recently i have infected by some host virus.symptoms are.......any open window or program r closing after few min.......files r converted to folder which is not opening after double clicking.........xp re installed fully scanned with avira updated version but no reasult..............please help me.........

    ReplyDelete
  2. AnonymousJune 24, 2010 at 10:02 AM

    thanks prabin.. dis incidence of urs realyy helped me 2 submit a project in college.. good work.. god bless!

    ReplyDelete
  3. Prabin PBJuly 8, 2010 at 10:28 PM

    Hai masum,
    The problem seems to be due to the presence of more computer viruses. Try latest version of Avast. Avira is good but sometimes it proves to be futile. Before that you must disinfect your hard disk from your friend's computer. Also run rootkit revealer software that will remove any rootkit if present.
    Sorry for the delay in posting the answer. It is because my hard disk got complaint. Thanks for your responce. God bless you...

    ReplyDelete
  4. AnonymousAugust 29, 2010 at 9:42 AM

    I just finished scanning my laptop with KAV2010 and found 38 SALITY viruses :-(

    ReplyDelete
  5. AnonymousSeptember 6, 2010 at 6:45 AM

    i also got this ...............need to format the whole drive ....

    ReplyDelete
  6. Lishoy MathewJune 5, 2011 at 9:43 PM

    I'd suggest Quick Heal.its a good anti Virus that not just detects sality during runtime but also repairs your infected exe files without deleting it like avg or avira.

    ReplyDelete
  7. AnonymousJune 28, 2011 at 9:48 PM

    here is another problem to that:
    What if the infected device is a laptop? can i remove the hard disk drive? I think not.

    ReplyDelete
  8. UnknownOctober 20, 2011 at 12:56 AM

    good helps me .

    ReplyDelete
  9. AnonymousJanuary 4, 2013 at 10:44 PM

    thanks for the tips bro.
    but the sality virus makes my computer very damages.
    the virus block my program files and my important files . so I decide to fully format my laptop.wew. I dont have a backup files. I Miss my old pictures.

    ReplyDelete
    Replies
    1. AnonymousJanuary 14, 2013 at 1:05 PM

      you dumbass, you could have saved your pictures before you formatted the drive any number of ways. One way might be to boot from recovery disks, or a USB thumb drive, and copy the important files to a USB thumb drive. always look before you leap.

      Delete
  10. AnonymousFebruary 5, 2019 at 11:37 AM

    First off i would like to reply to anon jan 14,2013.You never call someone names,it makes you look like a real JERK.Secondly ,the sality virus is not just a Trojan,it is a worm.In case you don't know what that means,it spreads to everything on the computer.So formatting is the only thing you can do.Backing up when you reinstall your system is the best thing to do,before you get a virus.Don't call people names, especially when you don't know what you are talking about.

    ReplyDelete
  11. Comodo antivirusSeptember 17, 2019 at 3:23 AM

    it was a informative blog Best antivirus of 2019

    ReplyDelete
  12. gopipatelDecember 19, 2019 at 10:59 PM

    Well thanks for posting such an outstanding idea..
    Fix Msvcp100.dll Missing Or Not Found Error In Windows 10

    ReplyDelete

Subscribe to: Post Comments (Atom)