- My carelessness to disable auto run before inserting pen drive.
- Even though the antivirus was powerful to detect and remove Sality virus, it lacks real time protection that enable the virus to over power anti virus.
Sality is a family of file infecting viruses.It spreads by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable drive when connected to a computer. In addition, Sality includes a downloader trojan component that installs additional malware from the internet. Sality virus have keylogging and back door capabilities. It may infect executable files by prepending its code to host files.
Symptoms of infection:
Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped files when the drive is accessed.
Try deleting with an anti virus software. If it fails, then remove the hard disk from your computer and connect it to your friends computer and boot into the operating system installed in his computer. Then run the updated anti virus in his system. Anti viruses like avast or BitDefender or Kaspersky or etc can be used. AVG is a bit lame. Repair or delete the viruses found on the scan. Care must be taken not to open any of the drives or files in your hard disk before running the anti virus in your friend's system since it may infect his computer. Then detach the hard disk from his computer and connect it to your computer. Then install a good and updated anti virus with real time protection in order to prevent future infection. Avast provides real time protection and I am satisfied in its functioning. So I am recommending it for your computer.