Computer Support Forum

virus.win32.sality.ag + Caption Hello World (c drive) + d+E drive showing unknow

Question: virus.win32.sality.ag + Caption Hello World (c drive) + d+E drive showing unknow

YEsterday.. my bro used pendrive probally infected and when i saw my pc Antivirus is already disabled and when i tried to open it didnt open. This time im able to open C D and E drive.

i scanned pendrive in my other pc i got it its win32.sality.ag.. i know it dangerous and bloody virus..

now i search internet and use Avg sality remover kit.. usually kit runs on window opened but Kit said virus will be removed while boot.. i rebooted and 11 hrs scanning take place.. but still pc is infected with sality then i downloaded kaspersky sality curing kit.. it cured .. but after scanning got finish i click c drive it started showing "Caption - Hello World" then D and E drive got unknown form.. i run registry key given in kaspersky folder called Disable Auto run.

----------
.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_27
Run by Owner at 16:14:01 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2470 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CommView\CV.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sality~1.lnk - c:\documents and settings\owner\desktop\salitykiller_2\SalityKiller.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\eqt7fg7p.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-9-8 101616]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2011-9-15 24096]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2011-9-15 19240]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\drivers\tscomm.sys [2011-9-15 39976]
R4 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys --> c:\windows\system32\drivers\sojubus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 amsint32;amsint32;\??\c:\windows\system32\drivers\qjsok.sys --> c:\windows\system32\drivers\qjsok.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-12 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
S4 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-15 475736]
.
=============== Created Last 30 ================
.
2011-10-01 10:11:41 -------- d-----w- c:\windows\system32\appmgmt
2011-09-30 05:53:08 25316 --sha-r- C:\gwlv.exe
2011-09-25 09:32:27 -------- d-----w- c:\program files\ProxyHunter
2011-09-25 09:32:24 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-09-23 16:15:19 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2011-09-23 16:15:18 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-09-23 16:14:38 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-23 16:14:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-23 16:14:37 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-09-23 16:14:37 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-23 16:14:36 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-09-23 16:14:31 -------- d-----w- c:\program files\HP
2011-09-23 16:14:29 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-23 16:14:29 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-09-23 16:14:27 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-23 16:14:27 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-09-21 15:29:29 -------- d-----w- c:\documents and settings\owner\local settings\application data\Jrim_Software
2011-09-21 15:27:00 -------- d-----w- c:\documents and settings\all users\application data\Proxy Multiply
2011-09-20 13:48:44 790528 ----a-w- c:\windows\system32\xvidcore.dll
2011-09-20 13:48:44 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-09-20 13:48:44 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-09-20 13:48:44 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-09-20 13:48:44 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2011-09-20 13:48:43 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2011-09-20 13:48:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-09-18 18:01:27 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-09-18 17:54:15 -------- d-----w- c:\documents and settings\all users\application data\2DBoy
2011-09-18 17:53:11 -------- d-----w- c:\documents and settings\owner\application data\EleFun Games
2011-09-18 17:52:35 -------- d-----w- C:\games
2011-09-18 17:51:45 -------- d-----w- c:\documents and settings\owner\application data\Mayan Puzzle
2011-09-18 17:46:43 -------- d-----w- c:\program files\directx
2011-09-17 14:55:54 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-09-17 06:19:41 -------- d-----w- c:\program files\WinPcap
2011-09-17 06:19:25 -------- d-----w- c:\program files\Nmap
2011-09-16 13:29:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2011-09-15 16:56:20 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-09-15 16:48:37 24096 ----a-w- c:\windows\system32\drivers\ts_lb.sys
2011-09-15 16:48:15 47144 ----a-w- c:\windows\system32\tsnotify.dll
2011-09-15 16:48:15 39976 ----a-w- c:\windows\system32\drivers\tscomm.sys
2011-09-15 16:48:15 19240 ----a-w- c:\windows\system32\drivers\cv2k1.sys
2011-09-15 16:48:15 -------- d-----w- c:\program files\CommView
2011-09-15 15:45:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 15:31:57 22528 ----a-w- c:\windows\exeshl.dll
2011-09-15 14:27:29 -------- d-----w- c:\program files\Accessdiver
2011-09-15 14:25:38 -------- d-----w- c:\windows\vbSkinner
2011-09-15 14:19:36 -------- d-----w- c:\documents and settings\owner\local settings\application data\Yahoo
2011-09-15 13:27:14 -------- d-----w- c:\program files\MSECache
2011-09-15 13:15:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\SkinSoft
2011-09-15 13:13:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-15 13:13:36 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-15 13:13:24 14048 ------w- c:\windows\system32\spmsg2.dll
2011-09-15 13:12:00 -------- d-----w- c:\program files\MSXML 6.0
2011-09-15 12:34:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-15 12:34:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-15 12:24:51 -------- d-----w- c:\documents and settings\owner\application data\IDM
2011-09-15 12:24:51 -------- d-----w- c:\documents and settings\owner\application data\DMCache
2011-09-15 12:24:48 -------- d-----w- c:\program files\Internet Download Manager
2011-09-15 12:22:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-09-15 12:17:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2011-09-15 12:12:13 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-09-15 12:12:13 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-09-15 12:11:34 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-15 12:11:34 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-09-15 12:10:42 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-09-15 12:07:38 -------- d-----w- C:\NVIDIA
2011-09-15 12:05:19 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2011-09-15 12:05:19 -------- d-----w- c:\program files\ZakFromAnotherPlanet
2011-09-15 12:05:14 -------- d-----w- c:\program files\RomanWare
2011-09-15 12:04:51 -------- d-----w- c:\program files\Real Alternative
2011-09-15 12:04:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Real
2011-09-15 12:03:56 -------- d-----w- c:\documents and settings\owner\application data\BitTorrent
2011-09-15 12:00:02 -------- d-----w- c:\program files\CCleaner
2011-09-15 11:58:46 -------- d-----w- c:\program files\Yahoo!
2011-09-15 11:56:05 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-15 11:56:05 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-15 11:56:03 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-15 11:56:03 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-09-15 11:54:34 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-09-15 11:54:34 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-09-08 14:24:32 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
==================== Find3M ====================
.
2011-09-15 13:18:20 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2011-09-15 13:18:20 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-09-15 12:08:36 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-15 12:08:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-15 12:08:34 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 16:14:11.09 ===============

Relevance 100%
Preferred Solution: virus.win32.sality.ag + Caption Hello World (c drive) + d+E drive showing unknow

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: virus.win32.sality.ag + Caption Hello World (c drive) + d+E drive showing unknow

ok.. now.. i removed autorun.inf manually from C/D/E drives now they are opening and also i deleted unknown exe from c drive hidden which i think causing " Hello World " Caption to appear. <-- solved also

Antivirus repaired.. now opening earlier not.
---------------------------------------

now i made new scan.

----------
.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_27
Run by Owner at 22:43:59 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2640 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRunOnce: [ypagerps] cmd.exe /C del "c:\program files\yahoo!\messenger\ypagerps.dll"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sality~1.lnk - c:\documents and settings\owner\desktop\salitykiller_2\SalityKiller.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DCA8C75-882E-4F6A-9972-DA257F2733C0} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\eqt7fg7p.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-9-8 101616]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-15 475736]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2011-9-15 24096]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\drivers\tscomm.sys [2011-9-15 39976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2011-9-15 19240]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-12 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-01 17:00:37 -------- d-----w- c:\program files\AutorunRemover
2011-10-01 16:55:16 -------- d-sh--w- C:\Recycled
2011-10-01 16:41:01 110992 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
2011-10-01 16:41:00 147856 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
2011-10-01 16:27:49 98816 ----a-w- c:\windows\sed.exe
2011-10-01 16:27:49 518144 ----a-w- c:\windows\SWREG.exe
2011-10-01 16:27:49 256000 ----a-w- c:\windows\PEV.exe
2011-10-01 16:27:49 208896 ----a-w- c:\windows\MBR.exe
2011-10-01 16:27:46 -------- d-----w- C:\ComboFix
2011-10-01 16:22:21 -------- d--h--w- c:\windows\PIF
2011-10-01 16:22:20 -------- d-----w- c:\windows\system32\appmgmt
2011-10-01 16:21:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Jrim_Software
2011-10-01 16:21:01 -------- d-----w- c:\program files\directx
2011-10-01 16:21:01 -------- d-----w- C:\games
2011-10-01 16:21:01 -------- d-----w- c:\documents and settings\owner\application data\EleFun Games
2011-09-25 09:32:27 -------- d-----w- c:\program files\ProxyHunter
2011-09-25 09:32:24 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-09-23 16:15:19 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2011-09-23 16:15:18 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-09-23 16:14:38 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-23 16:14:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-23 16:14:37 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-09-23 16:14:37 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-23 16:14:36 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-09-23 16:14:31 -------- d-----w- c:\program files\HP
2011-09-23 16:14:29 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-23 16:14:29 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-09-23 16:14:27 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-09-23 16:14:27 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-09-21 15:27:00 -------- d-----w- c:\documents and settings\all users\application data\Proxy Multiply
2011-09-20 13:48:44 790528 ----a-w- c:\windows\system32\xvidcore.dll
2011-09-20 13:48:44 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-09-20 13:48:44 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-09-20 13:48:44 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-09-20 13:48:44 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2011-09-20 13:48:43 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2011-09-20 13:48:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-09-18 18:01:27 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-09-18 17:54:15 -------- d-----w- c:\documents and settings\all users\application data\2DBoy
2011-09-18 17:51:45 -------- d-----w- c:\documents and settings\owner\application data\Mayan Puzzle
2011-09-17 14:55:54 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-09-17 06:19:41 -------- d-----w- c:\program files\WinPcap
2011-09-17 06:19:25 -------- d-----w- c:\program files\Nmap
2011-09-16 13:29:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2011-09-15 16:56:20 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-09-15 16:48:37 24096 ----a-w- c:\windows\system32\drivers\ts_lb.sys
2011-09-15 16:48:15 47144 ----a-w- c:\windows\system32\tsnotify.dll
2011-09-15 16:48:15 39976 ----a-w- c:\windows\system32\drivers\tscomm.sys
2011-09-15 16:48:15 19240 ----a-w- c:\windows\system32\drivers\cv2k1.sys
2011-09-15 16:48:15 -------- d-----w- c:\program files\CommView
2011-09-15 15:45:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 15:31:57 22528 ----a-w- c:\windows\exeshl.dll
2011-09-15 14:27:29 -------- d-----w- c:\program files\Accessdiver
2011-09-15 14:25:38 -------- d-----w- c:\windows\vbSkinner
2011-09-15 14:19:36 -------- d-----w- c:\documents and settings\owner\local settings\application data\Yahoo
2011-09-15 13:27:14 -------- d-----w- c:\program files\MSECache
2011-09-15 13:15:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\SkinSoft
2011-09-15 13:13:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-15 13:13:36 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-15 13:13:24 14048 ------w- c:\windows\system32\spmsg2.dll
2011-09-15 13:12:00 -------- d-----w- c:\program files\MSXML 6.0
2011-09-15 12:34:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-15 12:34:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-15 12:24:51 -------- d-----w- c:\documents and settings\owner\application data\IDM
2011-09-15 12:24:51 -------- d-----w- c:\documents and settings\owner\application data\DMCache
2011-09-15 12:24:48 -------- d-----w- c:\program files\Internet Download Manager
2011-09-15 12:22:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-09-15 12:17:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2011-09-15 12:12:13 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-09-15 12:12:13 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-09-15 12:11:34 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-15 12:11:34 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-09-15 12:10:42 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-09-15 12:07:38 -------- d-----w- C:\NVIDIA
2011-09-15 12:05:19 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2011-09-15 12:05:19 -------- d-----w- c:\program files\ZakFromAnotherPlanet
2011-09-15 12:05:14 -------- d-----w- c:\program files\RomanWare
2011-09-15 12:04:51 -------- d-----w- c:\program files\Real Alternative
2011-09-15 12:04:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Real
2011-09-15 12:03:56 -------- d-----w- c:\documents and settings\owner\application data\BitTorrent
2011-09-15 12:00:02 -------- d-----w- c:\program files\CCleaner
2011-09-15 11:58:46 -------- d-----w- c:\program files\Yahoo!
2011-09-15 11:56:05 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-15 11:56:05 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-15 11:56:03 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-15 11:56:03 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-09-15 11:54:34 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-09-15 11:54:34 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-09-08 14:24:32 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
==================== Find3M ====================
.
2011-09-15 13:18:20 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2011-09-15 13:18:20 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-09-15 12:08:36 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-15 12:08:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-15 12:08:34 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 22:44:17.03 ===============

3 more replies
Relevance 88.97%

I am new to this forum so hello to everyone. I have the following problem:

Yesterday, my AV (Eset NOD 32) detected Win32.Sality NAM on my computer - it was infecting all .exe files.

I immediately rebooted in safe mode and downloaded some removal tools (stinger, rmslt from AVG, MBAM, SalityKiller) and ran them. Than I ran full NOD32 scan. Now tools tell that the computer is clean and everything seems fine except one thing.

Suddenly, I am unable to edit or create any file on drive C without administrator rights. I just have one account on my computer and it has administrator rights and I have UAC turned off.

Here is the example of the problem: I double-click on Word icon, then I open a document stored in C and it opens as read only (although in file permissions read-only is disabled). Or when I open notepad, create a new .txt and try to save it to C I get message like A required privilege is not held by the client. However, when I run notepad/Word as an administrator everything works.

I checked the drive permission and (compared to drive d) found nothing unusual. On google I found something about taking ownership but some people wrote it might damage the system if used incorrectly so I did not try it.

Can it be because of virus? Is my computer still infected? What should I do?
My OS: Fully updated Win7 x64 Ultimate.

Thank you very much for reply.

Answer:Limited access to drive C + Win32.Sality

Hi marker2807,

You need to read this http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

If it is indeed sality there is no way to clean it. Scan with Malwarebytes to start. http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial

1 more replies
Relevance 86.1%

Hi, my name is perdfa from indonesia.
Recently, my computer just got infected by Tanatos J and Sality, of which I (now) am doing restore to factory settings.
The virus is originated from my infected portable hard drives, and I would like to remove the virus from my hard drives.

I have read the " instructions before posting", I would like to post the logs, however I don't understand how to do DDS and GMER to scan only portable hard drives.

Id like to ask how to it?

so sorry and many thank you's :D

Answer:Portable External Hard Drive infected by win32/Tanatos J and Sality

Hi. In your case, you are better off formatting the external hard drives also. Our tools and removal techniques are meant for the OS drive.

You can try using Kaspersky's Sality tool, which has a switch to target specific drives, but of course, that would entail making the drive active on some machine, which might infect that machine.
How to disinfect my computer from Virus.Win32.Sality?

2 more replies
Relevance 80.77%

Hello!I have trouble with my computer. I found this forum online and now I hope that you can help me. I suspected that I had a virus so I installed a anti-virus program. It found files with the names virus.win32.sality.k and trojan-proxy.win32.agent.II on my computer. After desinfecting those files I always got an error message when I turned the computer on. It kept telling me: file vmmdiag32.exe cannot be found. Then I found this forum and saw that other people had the same problem and that this is still a consequence of the virus. I don?t know how to get rid of it.Then I found your preparation guide for use before posting a hijackthis log, and checked my computer with the programs you adviced. Now that errormessage has disappeared, but I have the impression that my computer doesn?t work properly anymore. It?s getting slower and the anti-virus programm always finds new infected files. Sometimes when I turn the computer on it gets stuck while it is booting up and I have to press F1 to continue.Now there?s a problem with the audio too - I don?t know if it is also a result of the virus. It tells me: bad directsound driver. please install proper drivers or select another device in configuration. error code: 88780078. and the only sound the computer makes is a terrible peep sound.I have never had a virus before (I didn?t have internet on my computer), so I?m a little bit helpless and I would really appreciate it if you could help me.I also did the Hijackthis. here is the res... Read more

Answer:Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii

Hi schag1,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

6 more replies
Relevance 77.08%

please help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:35 PM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Softwar... Read more

More replies
Relevance 77.08%

Hi

I am having an infection on my laptop.

These are some of the symptoms that I see:

1. I have ESET NOD32. On startup it says "

Threat Found
C:\windows\system32\drivers\mpfqn.sys

Threat : win32/sality.NAQ virus

2. I cant open msconfig or regedit or task manager

3. Any thumb drive placed into the laptop, automatically has folders like newfolder.exe

4. Can't even open bleepingcomputer.com/forums from the infected laptop. As soon as this page opens, the browser window (google chrome) automatically closes

Please, can some one help me fix it

Answer:Win32/Sality. NAQ Virus

I'm afraid I have very bad news. Your system is infected with a nasty variant of Win32/Sality. This family of malware is a polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.
Please see Kaspersky's Threat Encyclopaedia of Win32.Sality.NAO.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.
 

As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus
If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking ... Read more

5 more replies
Relevance 77.08%

*this is a 'repost' of my issue as another moderator told me to post another topic in this section along with the dds logs ;*Referred here from: http://www.bleepingcomputer.com/forums/t/216376/win32sality-virus-moved/ ~ OBHello.I think I've got the Win32:Sality virus and it is causing my desktop PC issues:x Can't re/install antivirus programs eg avast home editionx Can't boot in any sort of 'Safemode' or revert back to last known config settingsx Hidden files immediately become 'hidden' again after applying the 'show hidden files and folders' optionx Virus has attached itself onto USBs and my PC will not allow them to be formattedHowever:+ i can still access task manager , regedit [thought I would include it in here since other users have said that they couldn't access it]+ most programs still run fine [though I'm not sure whether it's because I formatted my desktop a little while ago]Sality is spreading over my home internet cable network so one other computer is infected as well as mine , thought at varying degree .. [if that's possible] .I've tried the various sality virus removal tools available on the net, however none of them were effective in cleaning up my pc, online scanners detected no infected files.... however they might not have been programed to detect sality.on a side note , i also have a laptop running on windows vista and on the wireless network .. so I was wondering which part of it it was that prevented that computer from being infected .the DDS log as foll... Read more

Answer:Win32:Sality Virus !

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

3 more replies
Relevance 77.08%
Question: Sality win32 virus

i think i have parts of the virus on my computerthis was the previous post that i had placed but the virus is still not gonehttp://www.bleepingcomputer.com/forums/topic239460-45.htmli do chkdsk /r from a original xp home installation cd .after a few days i get the bsod again saying unable to mount volume or unable to load registry hive.i think i have the sality virus because my registry gets corrupted again

Answer:Sality win32 virus

i reformatted the whole hard drive from a recovery partion that came with the hp computer but it think the virus infected the recovery partition so the factory defaults may have been infectedHello,If this is the case, then you'll have to obtain new disks and do a clean install that way. Regards,tea

3 more replies
Relevance 77.08%

hello,

I have been having been having problem with this virus everyday, VIRUS. Win32.Sality.Z I use Kaspersky antivirus which is licence for one year. Everyday, my antivirus bring up the virus for me to disinfect or delete, I disinfect sometime and delete sometime, yet everyday, the same problems comes up.

Please I need help.

Answer:win32. Sality.Z virus

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 77.08%

my computer is infected with win32/sality.NAO virus
i have an updated nod32 antivirus installed on my system
updated to version virus database 3755. what should i
do to disenfect the virus
 

More replies
Relevance 77.08%

Hello! I don't know if I am still infected with viruses.

Today I just installed a new AntiVirus because the other one expired over one week ago. Now I have avast! Antivirus 5.0.594. After I installed it I did a Full System Scan and it found 3 files infected with Win32:Vitro and 47 files infected with Win32:Sality and I moved them all to Chest. After that I started a Quick Scan and it didn't find any viruses.
I wish I could post there the Scan Results but I didn't find any way to save it (I can't even copy/ paste it). Anyway, they infected some .exe files from:
D:\System Volume Information\_restore{58F204CF-792A-4D99-88ED-6CD0FBCE8D55}\RP5 and D:\System Volume Information\_restore{58F204CF-792A-4D99-88ED-6CD0FBCE8D55}\RP6 .

After my AntiVirus moved them to Chest I backed up my important documents on DVDs (photos, music and some IMs archive). I would like to know if these viruses can infect photos, music, and videos. I never used this computer for online banking or anything like that.
My computer wasn't too slow, just sometimes, when I had over 8 widnows opened, some programs running and windows media player playing music, the music was more slow than it should be. Now it seems to be alright but I wanna make sure if everything is ok.

Sorry if I made any spelling mistake but English is not my first language Thank you.

Answer:I still have Win32:Sality virus?

Win32:Vitro is the name (used by avast) for the Win32:Virut family of malware.Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for Win32.Win32.VirutThreat aliases for Win32.Virtob.Gen.12With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot... Read more

3 more replies
Relevance 77.08%

My Avast! anti-virus found the above today during a full scan . I usually run quick scans so not sure if it's been around a while . Deleted it but after Googling I'm wondering if I need to do more ? There appear to be removal tools available , do I need to run these as well ? Running Vista if that matters . TIA

Answer:Win32:Sality-AN virus

Hello.Sality and other file infectors are not something a "specifc" tool or ANY tool can fix. It leads to a very unstable machine which ends up needed to be formatted and sometimes it can lead to problems that may allow you not to boot up any longer.Sality File Infector WarningYour system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Sality can penetrate and infect .exe files inside compressed files too.More information on Sality can be found ... Read more

2 more replies
Relevance 76.26%

I have tried to format my PC also. I am posting combofix logs. Please help.

ComboFix 12-08-29.03 - Lovey 30/08/2012 8:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.484 [GMT 5.5:30]
Running from: c:\documents and settings\Lovey\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\explorer.exe.local
c:\windows\kdcoms.dll
c:\windows\system32\system.exe
c:\windows\userinit.exe
D:\install.exe
D:\wlslao.pif
E:\nyfi.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIC32P
-------\Service_aic32p
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32�... Read more

Answer:Win32/Sality Virus Infected

Greetings evillymind and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you prefer I call you something other than your screen name I would be pleased to do so.Could you please tell me why you have identified this as a Sality virus and also how you tried to "format" your hard drive. In addition, please consider and perform the below.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. ... Read more

3 more replies
Relevance 76.26%

im getting pissed with this virus everytime i remove them from my pc's they infect them again after a day or after a few hours all my 3 pc's are infected with it how can i remove this virus permanently?

Answer:how to Win32/Sality.Y Virus permanently

Hello Allain,

I'm sorry to say that Sality is bad news. It's a polymorphic file infector, infecting all the executable files(.exe) and screen saver files(.scr) by way of corrupting them beyond repair. It also spreads quickly through network shares.

The only way you can eliminate it permanently is to reformat and reinstall all three of your pcs. While backing up your files prior to r/r, please make sure that you do not backup any executables, screen savers and compressed files such as zip, rar and cab, and also the htm/html/php files as they may also contain infected files, and scan them before putting them back.

Do not back up to another machine or another internal harddrive, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Here's some further information on this infection:

http://www.symantec.com/security_res...011714-3948-99

Happy Surfing and T... Read more

1 more replies
Relevance 76.26%

Hi!

Can someone please help me? I am cleaning a computer up for a friend and thought it was a case of doing an avg and an adaware scan, but the problem is bigger than I thought. The system is Windows XP and all window updates are current. When doing an avg scan, it tells me that the system is infected with the Win32/Sality Virus and AVG can not heal the 1500 instances it finds (most of the .exe files). Here is my HJT Log and a Panda Activescan follows the HJT report:

HJT Report

Logfile of HijackThis v1.99.1
Scan saved at 12:10:46 AM, on 23/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ps2.exe
C:\kybrded_7... Read more

Answer:Plz help to rid Win32/Sality Virus HJT Log attached

16 more replies
Relevance 76.26%

Hello.

I think I've got the Win32:Sality virus and it is causing my desktop PC issues:
x Can't re/install antivirus programs eg avast home edition
x Can't boot in any sort of 'Safemode' or revert back to last known config settings
x Hidden files immediately become 'hidden' again after applying the 'show hidden files and folders' option
x Virus has attached itself onto USBs and my PC will not allow them to be formatted

However:
+ i can still access task manager , regedit [thought I would include it in here since other users have said that they couldn't access it]
+ most programs still run fine [though I'm not sure whether it's because I formatted my desktop a little while ago]

Sality is spreading over my home internet cable network so two other computers are infected as well as mine , thought at varying degrees .. [if that's possible] .

I've tried the various sality virus removal tools available on the net, however none of them were effective in cleaning up my pc, online scanners detected no infected files.... however they might not have been programed to detect sality.

I've also tried reformatting my entire desktop ; but soon after reinstalling MS XP Home Ed. I realised i couldn't redownload avast antivirus (!!) .. so at the moment , my PC is void of any sort of protection .

on a side note , i also have a laptop running on windows vista and on the wireless network .. so I was wondering which part of... Read more

Answer:Win32:Sality Virus !/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

8 more replies
Relevance 76.26%

Hello members,

My problem started wen i found folders named Photo.exe and games.exe in my pen drive.

my computer got infected by virus.win32.sality.y. Iitially it blocked the Kaspersky antivirus and it blocked my safe mode also. After rebooting and running a scan with kaspersky, kaspersky deleted a lot of .exe files from my laptop telling them to be infected by same virus. so i lost many of the installed softwares like winrar, winzip, some gmes like DX Ball etc. now system seems to work fine n even safe mode is also working. Scanning wit kaspersky shows no new virus.
However. wen system is kept switched on for few hours kaspersky identifies a virus n on clicking delte it shows this:
deleted: virus Virus.Win32.Sality.y File: C:\System Volume Information\_restore{DC50B92E-714E-4FDB-B42D-DCF2F663EBC0}\RP345\A0131811.exe
After this deletion few mins later kwspersky says it needs to close as it encountered a problem and kaspersky gets disabled. It starts working wen restarted. This cycle keeeps happening again wen the system is left on for few hours.

I ran malwarebytes but it says the system is clean. I downloaded Spybot and it also says the system is clean. However still after using the system for more than 3-4 hours kaspersky shows the same virus, deletes it on request n then kaspersky gets stuck after some time. I am posting my DDS Log.
Also find attached kaspersky log and attach.txt
DDS (Ver_09-05-14.01) - NTFSx86
Run by LUCKY at 12:12:31.67 on ... Read more

Answer:Infected with Virus.Win32.Sality.y

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

3 more replies
Relevance 76.26%

I have a really bad infection called Sality.NAO on my computer. It spreads every exe file on my computer and even my last updated nod32 antivirus can't able to remove it completely.I did reformat my computer but it did not work , same virus again with its same infections!!! Please Help me! Here is the Log.DDS (Ver_09-02-01.01) - NTFSx86 Run by hede at 15:18:47,75 on 22.02.2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1254.90.1033.18.1022.399 [GMT 2:00]AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\LClock\LClock.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Fi... Read more

Answer:Infected with Win32/Sality.NAO Virus

now I can't even open windows live messenger and the most of the programms , any help would be soo nice for my situation!!!

10 more replies
Relevance 76.26%

got my computer reformatted and installed an anti virus with updated virus database, which found a bunch of infected files with the sality.o virus.
anyways, i ran a check of GMER, and it found some stuff marked in red in the log, dunno what it means so if someone is willing to help i'd really appriciate it.

here is the log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Natan Kalson at 2008-11-01 15:59:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 151 GB (79%) free of 191 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:58 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Pro... Read more

More replies
Relevance 76.26%

For a while now, I've been having a struggle against the Win32.Sality. Any Antivirus programs I install cannot boot up (it says something about services unable to start up). I've tried AVG, Nod32, McAfee, Norton, Panda etc. Any Antivirus Websites such as virusscan.jotti.org, kaspersky.com, symantec.com etc. will not load at all, which is the strangest part. Also, simple programs like AdAware or CCleaner close immediately upon execution. I have tried booting into safe mode, but as soon as I press "Boot into Safe Mode" the computer restarts itself.In addition to all of this, I have Process Guard up and I am constantly bombarded with random applications in my Temp folder being created and attempting to execute. These include malware like:winpidn.exewineuje.exewinxxax.exeetc.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:57:24 AM, on 2/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\SYSTEM32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\spoolsv.exeF:\PROGRA~1\COMMON~1\Stardock&... Read more

Answer:Infect With Win32.sality Virus

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

3 more replies
Relevance 75.44%

Hey,

My friend has had this virus that he feels is taking control of his computer. Here's his message.






Quote:
Hello, I have some kind of a problem with my computer. Which is, theres a virus in my computer and its called 'Win32/Sality'. As I see, it injects every exe files in a minute. And hides some of them, and even deletes some of them. I tried to use Combofix, it couldn't solved it but it gave me a report of the problems in my pc, thats when I find out I got the Sality virus. I tried to download some antiviruses, but this virus automatically ignores them, so I can't work any antivirus. I try to work my computer in safe mode but when I try that, the computer reboots itself automatically. When I google the viruses name (Sality) it closes the web page. When I search the .exe files in my computer, I see %60 of them are already injected. So yeah, I'm kinda stuck. I can't do anything, I am like just watching 0this virus taking over my computer. What I should do?


Anyone know a way to solve this Virus?

Regards,
-TPS

Answer:My friend is having a Virus issue - Win32/Sality

Download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/down...ery-scan-tool/

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
On the System Recovery Options menu you will get the following options:[list]Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad
I... Read more

4 more replies
Relevance 75.44%

About a week ago, I noticed my laptop computer began running much more slowly than it had been in the past. I then tried to open up Windows Task Manager, and got the message, "Task Manager has been disabled by your administrator." Somewhat alarmed, I then attempted to run "regedit" to allow me to re-enable the task manager. It gave me the following error, "Registry editing has been disabled by your administrator." I then realized that Windows Firewall was turned off, and locked, with a message on the top, saying, "For your security, some settings are controlled by Group Policy". I tried to open McAfee antivirus, and found that it would not open. I then attempted to download and install Ad Aware Antivirus, which installed, but would not open, and popped up the following message, "System error: 1810 has occurred. Description: Service is not online. Application terminates." I then downloaded SpyBot-Search and Destroy, and installed it, but it would not run. The virus killed the application before it could initiate. None of the online scans would load for me, so finally, I downloaded and installed McAfee AVERT Stinger, which opened and proceeded to scan. It began to detect the Win32/Sality virus, but could not repair any of the files. The infected files were all .exe files, and were all located in Program Files. After this one scan, McAfee AVERT Stinger would not run again, and displayed the following message, "Stinger may be... Read more

Answer:Computer infected with Win32/Sality virus

Hello gforce422 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Let's see if you can run the two programs below:Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The sc... Read more

34 more replies
Relevance 75.44%

I just downloaded Combofix (January 29th 2013 at 13.30 o'clock West-European time) and Microsoft Security Essentials detected the WIN32/Sality.AT virus inside the downloaded file; see the follwing picture for the MSE warning:https://skydrive.live.com/redir?resid=681F5E0CC962B14A!608&authkey=!f5EYQ7ms3k8%24I have been using Combofix for many, many years and never experienced this before: HOW is this possible ???? This should NEVER happen !!!!

Answer:Combofix infected by WIN32/Sality.AT virus

Yes I can confirm that indeed the ComboFix Installer does contain the sality virus within its iexplore.exe file. This needs to be replaced with a clean version of iexplore.exe as soon as possible.

3 more replies
Relevance 75.44%

hi all there,for this Win32/Sality.AT virus,i've tried many other free AV to get rid of it, and they just could not help me to fix it completely,i'm tired of scanning and restarting my pc again and again....sorry

Answer:I just couldn't remove Win32/Sality.AT virus.

Ah the Sality.It is the only virus that completely infected my computer ever(it was the reason I looked into security).Oh,Brings back memories.Well screw that.The Sality will spread onto all your exe files so say goodbye to all your downloads.And It will end the antivirus installers.Oh,it will disable your task manager.I never removed it since it was like 2 years back when i didnt know a thing about security.I reformatted my entire HD.Well Download malwarebytes antimalware on another PC,change the name of the setup file to 4093809j34f89kgfdsg.exe and put it in a Pen Drive.If you download it on your pc sality will infect the setup file(i know).Then boot your pc in safe mode.And run the installer then if it starts install it and goto the place were you installed it and change the file name mbam.exe to mbam.com or mbam.bat(try each one to see which one works.Then start it if it starts run a quick scan and remove all the viruses then run a full scanafter that go here to enable your registry and task manager: http://www.computing.net/howtos/sho...

9 more replies
Relevance 73.8%

Hello
My computer was infected with the Win 32 Sality Virus and I managed to get most of it healed using AVG Win 32 Sality Virus remover. I was running a scan using Avast Home Edition to see what was left, and it says that my Windows system 32 is corrupted with the virus. I know that this folder has all the files necessary to use the operating system, so I don't want to do anything to harm it, as I really can't afford to fix this computer or lose my work. I would really apprecite some advice on how to treat this problem. I am really scared out of my mind.
Thanks

Answer:c:\windows\system32\logon.scr infected with Win32 Sality Virus

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 73.8%

Hey folks.

I am currently using a Presario 900 (p910ap, to exact) machine with a 1.5ghz athlon processor and 256mb of ram. Basically, i plugged in my portable hard drive in all the wrong places, and ended up getting most of its executable files infected with win32.sality and a few trojans as well.

I was unaware of the presence of these, as the computer did not have an antivirus at that time. Anyway, long story short, i used the Plop bootmanager to reinstall windows from a thumb drive, as the computer bios is too old to boot from usb and the cd drive isn't working.

Now that i have a new copy of windows xp home edition installed along with Avast Free antivirus, i am unsure whether i should plugin my portable HDD or not.

Will it infect the computer immediately if autoplay is turned on? Will the virus be removed by avast easily?

I am prepared to lose all the infected executables (they are mostly setups) if that means that the computer is safe. But the rest of the data inside the HDD is very valuable.

Any help will be greatly appreciated.
 

More replies
Relevance 70.93%

Hello Board,

I have run into an issue with my 1TB external hard drive. Every time I hook it up to my computer and try to open it, it will either not open...or when I restart my computer and then start my hard drive and I am able to open it, I see that most of my folders have changed into hidden folders (lightly shaded)....

The message I receive sometimes when trying to open the hard drive is "cannot locate C:/WINDOWS/recycler26.exe. I don't know what to do to get rid of this. Can you help me?

Thanking you in advance !!

Answer:What in the world is this RECYCLER virus on my computer/ external hard drive???

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 70.11%

My primary HDD was failing so I backed it up and replaced it with a larger 1TB drive.  After reinstalling everything the new drive is displaying the same size as my old drive and the extra space available is unallocated.  I can allocate it as
a separate drive but I find that annoying and would prefer to just have my primary C: drive show up with all of the available space.  I formatted the extra space and made it available separately as drive G hoping that I could EXPAND drive C but that option
is not highlighted as selectable on drive C for some reason.  Should I just live with this extra space or is there a way to easily combine C and the new G space?

More replies
Relevance 67.65%

My avast antivirus software keeps detecting recurring instances of a Win32: Sality virus, along with Malas.B [wrm]. I scanned the infected files with an online Kapersky tool, and it said they were infected with P2P-Worm.Win32.Malas.r.

I've been getting these messages every once in a while for a month or two now. I've scheduled boot-time virus scans with avast, and other anti-virus programs without successfully detecting anything.

I've noticed some of my processes refuse to exit, even though I start task manager to end the process/process tree. Such includes Firefox and Chrome processes, even though the programs have already disappeared from the screen. Additionally, whenever I start Avast, I am blocked from accessing the internet with chrome, internet explorer, or firefox.

Could anyone lend a hand? Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:11 AM, on 7/7/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software f... Read more

Answer:Antivirus Detects recurring instances of P2P-Worm.Win32.Malas.r, Win32: Sality

16 more replies
Relevance 67.65%

Hello.
I hope you can help because I'm flying blind here. I've never come across this type of stubborn virus/malware/trojan.First Symptoms: About one month ago I suddenly lost control of mouse, programs opened up randomly and super fast, complete hijack. Shut down my protection. Shutdown Windows Update. HitMan Pro unresponsive after 2 of scan%.  Repeat Symptoms (I tried cleaning again and again but it keeps coming back) the speed of my SSD (C drive) has been reduced, Start up programs slow. I'm running Malwarebytes, CCleaner and Avast premium at startup/monitoring active.Avast scan result in boot up mode: Win32:Sality-FUM [Drp] Win32:StubOfSality [Trj]Malwarebytes in safe mode with networking: Trojan.MalPack.Gen (File D:\brke.pif), Trojan.MalPack.Gen (File E:\ jejguo.pif)
I have attached print screens of bothSality Killer from Kaspersky: Nothing
^ This machine is relativley new Dell Inspiron 5000: I have swaped my boot up C drive for an ssd that I added with Windows 8.1. The D drive is the original HDD preloaded with Win 8. Thank you!!
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Windows 8.1 (administrator) on WINDOWS8 (22-03-2016 17:18:20)
Running from C:\Users\Windows 8.1\Downloads
Loaded Profiles: Windows 8.1 (Available Profi... Read more

Answer:Mlwr Infctn Win32:Sality-FUM [Drp] Win32:StubOfSality [Trj] / Trojan.MalPack.Gen

Hi David-68T,
 
This scan should tell me whether you have a sality infection, which I am most concerned about. 
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
xXToffeeXx~

14 more replies
Relevance 67.24%

Hi guy, i hav some trouble with virus called "Sality"
i posted in "Malware Removal" section, n the suggest to use this tool:

http://free.avg.com/us-en/win32-sality

It asked to run on the startup mode, then when i restart the pc, the endless scan begin, so slow...
now how could i disable the scan on the startup mode, any suggestion pls...???
i just want to login to my desktop n backup my file before reinstall the new window. What the .... virus!!!

Thanks in advance!

My pc info:
OS Name Microsoft Windows 7 Ultimate
Version 6.1.7600 Build 7600
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name TODD-PC
System Manufacturer Dell Inc.
System Model OptiPlex GX620
System Type X86-based PC
Processor Intel(R) Pentium(R) 4 CPU 3.40GHz, 3391 Mhz, 1 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. A11, 11/30/2006
SMBIOS Version 2.3
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7600.16385"
User Name Todd-PC\Todd
Time Zone SE Asia Standard Time
Installed Physical Memory (RAM) 2.00 GB
Total Physical Memory 1.99 GB
Available Physical Memory 1.44 GB
Total Virtual Memory 2.19 GB
Available Virtual Memory 1.75 GB
Page File Space 200 MB
Page File C:\pagefile.sys
 

Answer:"Virus Remover for win32/Sality" startup problem

Hello,
I cannot help with the AVG problem but you might want to try this if nobody on the forum can help with the AVG issue. You will need to run both SalityKiller.exe and Sality_RegKeys.zip which has a reg file that needs to be installed.

http://support.kaspersky.com/faq/?qid=208279889
 

11 more replies
Relevance 66.01%

From my thread on the Hard drive forum:


Quote:




Today I was on the comp browsing the internet when I started to get error messages.

Code:

One or more IDE/SATA drives has stopped working.

All desktop items disappeared, nothing came up when I hit the start menu except solitare and the calculator i believe. Ctrl/alt/delete did not allow me to pull up task manager.

A program called windows 7 recovery came up, this is why I think it is spyware.

Windows 7 recovery listed the following errors:

Code:

Read time of HD Clusters-FAIL
38% of HD is unreadable
Problem detecting OS files
Bad sectors
Drive C initialize error
File Placement errors
RAM defrag errors
RAM temp 83C
Boot sector damaged
HD doesnt respond

Also when I go to computer>Local disk c:> it says no files found.

How does it boot up at all if the HD is messed up so bad.




How do i go about fixing this? When windows come up on both regular and safe mode, no icons appear on the desktop, and only 2 on the start menu. C:/ shows no files, which is impossible. The OS loads fine. Can I remove the HD and take it to another system to get the files i need off of it then to a clean Win7 install or will that risk spreading to this other system?
Thanks

More replies
Relevance 65.6%

I have an E machine with windows XP. Here is whats happening. First of all this keeps poping up, "Generic Host for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." At the bottom it lets you either send error report or don't send one. I've clicked on both several times but it keeps reappearing. There is also two popups when the pc first starts up saying a fatal error has occurred. This has happened before and i reformatted my pc, but its back again. Also i had to use a proxy to get to this website, but i don't know if that has anything to do with it or not. There is also this weird thing with my jump drive which might be the culprit. When i plug it in, the option menu pops up and here are the options: 1. "View files in the program provided by the device" 2. "View files with Windows Explorer" 3" take no action". The first one is the problem. I've clicked it several times without thinking before but nothing ever has happened as far as it letting me look at the jump drive. My friend took one look at it and said its probably a virus. I have no idea how to get rid of it if it is. Anyone have a clue?

Answer:possible virus from jump drive/ Win32

forgot something...

when i get on AIM, its like something takes over and starts opening everyones IM box from my buddylist, even if their not online, and send them this random long message in spanish. It does it so fast that its hard to close down the program. this might be related to the stuff i told you above, idk.

5 more replies
Relevance 65.6%

hi, i'm new to tsg forum, though i have been readin the threads some time ago.

i recently found out that my come was infected with win32.sality and win32.virut which spywaredoc picked up.

sorry but i have a number of questions to ask.

1) the infected files are found in my system restore volume folder, meaning my system restore files are infected rite? i plan to reformat as i researched and many say these viruses are too damn hard to remove.
2) i wanna backup some stuffs, was wondering if these formats are safe to backup? :

.mp3
.avi (and other common video files format)
.doc, .xls (microsoft word/excel documents)
.jpeg (and other common picture files format)
.zip, .rar, .7z

3) if i reformat, the virus(es) will be completely gone rite?
4) after reformatting, if i set a system restore point BEFORE turning off system restore function, will the restore point work?
sorry if i happened to ask some dummy questions.
terribly sorry for the long questions & poor english.
would appreciate a lot if someone could help me with my questions!
 

Answer:HELP - about win32.virut and win32.sality/reformatting

can someone out there help me pls?
 

1 more replies
Relevance 65.6%

Hello,
 
A couple of days ago, I've made a stupid mistake. I've downloaded and installed a software from the internet without checking everything first. This software apparently installed in the same time, and without my consent, Iminent start search bar.
When the installation ended, my browser (chrome) crashed immediately. I've tried to open it again, new crash. 
Freaked out, I've used the system save to come back to a previous version of the computer. My last copy was from the day before. 
I thought it would be enough. But after a doubt yesterday evening, I've run a quick scan with malwarebytes. It found 530 malware in the system.
I've then looked in panic all over the web to find a solution and found this thread : http://www.bleepingcomputer.com/forums/t/486024/cannot-get-rid-of-iminent/
 
I've done :
TDSS killer - nothing found
Farbar's MiniToolBox - useless
AdwCleaner by Xplode - Search for Adware - 2 things on browser found and deleted
Junkware Removal Tooll by thisisu - found secret sauce file
 
Then, I thought it was all good. But tonight I run a new scan with the other software of the thread.
 
ESET online scanner
 
For the time being, it found 11 files infected with win32/sality.nba , win32/browseFox.B application, and sality worm for other drivers.
 
I'm totally freaked out, the scan doesn't seem to work anymore and is blocked on 43% for 10 minutes now. What do I do ? Do I restore the whole system tomorrow ? (I don't hav... Read more

Answer:Infected by win32/Sality.nba and win32/browseFox.B

Hi,
 
Sality is polymorphic file infector. Virus:Win32/Sality.AT is a detection for a virus that spreads by infecting Windows executable files and by copying itself to removable and remote drives. It also terminates various security products, prevents certain Windows utilities from executing and attempts to download additional files from a predefined remote Web server.
 
All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again.
 
Sality is not effectively disinfectable. Your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted, and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS.
 
See here for more information about S... Read more

17 more replies
Relevance 65.6%

Sorry everyone, for the interruption, but I just registered and can't find how to post an original question. Maybe one of you can tell me how to do that? Also, my immediate problem that started about two weeks ago, is I no longer get the name(s) of the sites I have open in the latest edition of Internet Explorer, all I get at the bottom of my screen is a whole bunch of Squares, the the website name used to be displayed. When I have several sites open, you can imagine my delimma as to which site is which! HELP will be appreciated. Don Kelly, 3/23/05
 

Answer:IE Title/Caption not showing while in taskbar

Re: Address history problem

Don, I split your post into its own thread.

Please read this thread on how to post new threads
http://forums.majorgeeks.com/showthread.php?t=31333

Don, Is there any way you can post a screen shot of what you're seeing?

how to take a screen shot
 

9 more replies
Relevance 64.37%

Decided to do full system scan with windows defender detected virus but gets stuck removing it. Trojan:Win32/Dynamer!ac
 
Items: 
containerfile:D:\preload\install.wim
file:D:\preload\install.wim->(Image65678)\SWSetup\HPGames\HGEU\src\WT\games\game_crazychickensoccer_1.0.1.2608\install-game.exe->(UPX)->(nsis-6-Moorhuhn-Soccer-WT.exe)->(EXEEmb)->(EXEEmb)

Answer:Virus detected in D drive? Trojan:Win32/Dynamer!ac

Did you download install.wim, I think this is a false positive for a possible PUP (potentially unwanted program). The D: partition is your HP factory recovery partition and it looks like an installer for a game included in the install.wim file. Just bloatware. 
 
You can extract the install-game.exe file from the image.wim file using 7zip and then upload it to virustotal to verify what Windows Defender detected.

2 more replies
Relevance 63.14%

I'm fiarly certain I'm infected with some variant of win32/patched or Sality.NAM.I've been using MBAM, and ESET, MBAM deleted all traces of .Vundo, and ESET found wi32/patched in some system32 files.. I replaced the files, and deleted the components of the Virus with ESET, but it's back already..SYMPTOMS: Antivirus2009 popups, slow system, almost always utilizing 100% CPU, etc..ESET also detected a HUGE amount of files infected with Sality.NAM..I've been on a tyrade over the past 2 days trying to clean my system, after svchost.exe was opening a background iexplorer.exe process, that would stream some soundclip in an asian dialect, and take up a huge % of the CPU (~78-90). I fixed that, and then explorer.exe started to take up the space that iexplorer lost. This is where the ESET/MBAM scanning started to take place, when it found all of the other virii.(off-topic-ish: spoolsv.exe was spawning a svchost.exe.. I replaced the spoolssv in my win32 folder with a clean one from another comp..)HOWEVER-the fairly part infront of the certain comes because of the fact that ESET is no longer picking up the Win32/patched.I don't know what this could be, so I finally broke down and came to the experts, and I hope you guys can help.Posting HJT/MBAM logs now..HJT Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:41 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

R... Read more

Answer:win32/patched.N (or AB or AA.) or win32/Sality.NAM

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

2 more replies
Relevance 63.14%

I have a Samsung s2 1tb external hard drive.

Today when I hooked it up to my laptop it would not load. It will shows local F drive when it usually will say samsung Drive.

A pop up box will then appear stating "you need to format drive"

I know if I reformat it I will lose all my data which I will not do.

When I look in device manager it states that the external hard drive is installed.

I attempted to go through start menu and type cmd then F: and it states "The volume does not recognize this system file. Please make sure all required system drivers are loaded and the volume is not corrupted."

PLEASE HELP I DONT WANT TO LOSE ALL MY FILES

Answer:Samsung s2 external hard drive not loading showing local disk F drive

With the external drive connected, Go to Disk Management (Start > type: "computer" > click on Computer Management > click on Disk Management)

Determine which disk is the external drive.
If the external drive shows here as a healthy volume, Right click on the large box to the right of the "Disk 1" / "Disk 2" lable and choose: Change Drive Letter and Path.

If there is nothing but a grey box or "Unallocated Space" next to the disk number then Right click on the disk number (the box) and choose: Change Drive Letter and Path.

Change the drive letter to anything else > OK.

If you can't do any of the above post back. If you can post a screen shot of the Disk Management window that can help.
Do not initialize the disk or format it or you will lose your data.

9 more replies
Relevance 63.14%

HelloI have recently upgraded from vista 32bit to Windows 8 Pro 64 bit. All my important data was stored on Icybox External Drive enclosure in RAID mode (fully working before the upgrade).
 
Since the upgrade it is not showing up under "My computer", and then I go to disk management it is showing as an invalid Dynamic drive. I spent about 18 hours in various forums searching for solution, tried everything suggested, nothing worked.
I need the data that is on the ICYBOX and cannot convert it to basic disk until I get the data off.
The commercial software recommended did not work either.
Loosing my will to live!Anyone has any suggestions please?
Thank you

Answer:external drive showing as invalid dynamic drive after Win8 upgrade

Check here: http://illbethejudgeofthat.wordpress.com/2010/10/20/repairing-a-dynamic-invalid-drive-in-windows/

5 more replies
Relevance 62.73%

First off PC specs:

AMD Phenom II x4 processor - 3.4 Ghz
8GB DDR3 RAM
Nvidia N460 GTX GFX card
240GB SanDisk SSD
Windows 7 64 bit

So here is the problem. I had a Western Digital 300 GB SATA drive that was starting to quit on me. So using an Ubuntu live CD I cloned the 300 gig drive onto the 240 gig drive (I only had used approx. 120 GB on the old drive so had LOTS of free space). It seemed to clone fine, and after removing the old drive the computer booted up fine (no errors, running super fast). Windows 7 also recognizes it as a solid state drive (it doesn't show up in the defrag list). However, I just noticed that it's showing the space on the drive as incorrect. It shows up as 126GB free of 297 GB (so pretty much the same size as the old drive). the motherboard's bios shows it correctly, and my linux CD shows it correct as well.

Any way I can fix this in windows without a reinstall of the OS?

Answer:Problem after having cloned drive. (showing incorrect space on drive)

Maybe you can try to clone with Macrium free
Try loading defaults in BIOS

9 more replies
Relevance 62.73%

If I double click the C drive or D drive, Its showing Properties. Instead of opening the drive.
 

Answer:Solved: If I double click the C drive or D drive, Its showing Properties.

Here`s a quick fix for drive opening:
http://www.dougknox.com/xp/fileassoc/xp_drive_association_fix.zip
 

2 more replies
Relevance 62.73%

Hi all, I purchased a external drive to back up files on our desktop and laptops. I am looking for easy way to do this, do I do all files or do I have to go into all of them one at a time. I say this because one laptop is my daughters, can I just send all her pic and music files all at once. Our main computer(desktop)is windows vista, everyday it's getting louder and louder and each morning its shows a message says configuring and it's like counting down. This takes long time. I looked at the space left. It shows space available on (c) and on d it's full which is recovery so I don't have a clue how files got on there. My hubby doesn't know much about even getting on computer, but when he does it seems something goes wrong. I want to clean up and get rid of files so my son who's 11 can use it for games. It's so slow and I don't want to delete wrong things.  From reading here and just knowing not to delete recovery. How do I clear out space on D...I tried opening some files on it but they all seem to do with the windows system. What can I do with my desktop ?And is it possible to clear out all files from laptop...it is about 5 yrs old...and she has alot of music and pics on there..just wondering if it's worth time to clean out the files. It takes forever to get online and when we do its so slow. Hope I'm not sounding to confusing.any suggestionstygreat site so far

Answer:need help with using external hard drive also my recovery drive(d)showing full?

Welcome!Computer Hope is the number one location for free computer help. The forum will help everyone with all computer questions. You have presented more that one issue. The forum will help you, but some detail is needed. What OS are you using?  What make and model of eternal drive do you use?The proper way to remove programs is in the con control  panel. But Music and pictures files can be copied to a CD-R or DVD-R and removed from the computer. The external drive can also be used to transport files from on PC to another. But using DVD-R or CD-R is preferable. The best use of an external drive is to make a backup of the operating system and programs.Avoid putting files on the recovery partition.

6 more replies
Relevance 62.73%

i'm using windows 7, my external hard drive shows up in my devices and printers section but it won't show up as a drive, so i can't view any files in that external hard drive. if i put a memory card in, it shows up as a drive and a flag shows up for when i want to unplug that drive and it asks if i want to remove my external hard drive too.

normally when i turn on the external hard drive it autoplays but it doesn't do that anymore.

i don't understand why it shows up in my devices and printers but not as a drive when i open windows explorer.

i've looked into the external hard drives properties and it all says that the device is working properly.

Answer:problem with external hard drive not showing as a drive in windows 7

Go into Control Panel (classic view) ---> Administrative Tools ---> Computer Management ---> Disk Management.

In bottom-right pane, if you see a horizontal band representing a drive with no drive-letter assigned to it, that's the cause of your problem. You need to give it a drive-letter:

Right-click that horizontal band and choose "Change drive letter and paths".

2 more replies
Relevance 62.73%
Question: Win32.sality.aa

Dear All,

Pls help...
my company server with windows server 2003 suspected hack by Virus Win32.sality.aa......
any solutions for me..

Server keep prompt out a msg to ask for deleted all files tat with .EXE files.

Existing is using F-secure antivirus.

Thanks~

More replies
Relevance 62.73%
Question: Win32/Sality

I had a issue with Win32/Neshta a while back now its Sality! I can't go in safe mode at all now for some reason and any .exe gives a run time error. When I try safe mode it starts to get then it flashes a blue screen then the comp restarts. The Neshta still pops up when I run .exe's but I can still run .exe! My Microsoft Security Essentials still pops it up but I remove and It still show's it no matter what. Should I just re load my comp? I can't reload my comp though I have no disc! Thanks for any help!
 

Answer:Win32/Sality

There a no guarantees that any removal tool can remove all of this. Nor are there guarantees that it can be removed safely. In most cases, the only suggested thing to do is reinstall since a PC could become quite unreliable if you don't. The choice is yours. If you wish to try a tool, then search for them an give them a run but you best backup personal data first and don't backup anything that is a executable.

Let's try an automatic tool from Kaspersky to see if it can help before we try to continue manually. In many cases, the only cure is a reinstall. Please download the below file to your Desktop:

http://support.kaspersky.ru/downloads/utils/sality_off.zip

Then extract the sality_off.exe file from the ZIP to your Desktop. Now run the sality_off.exe file by double clicking on it. Reboot and see where things stand. If still having a problem, run the below procedure also from Kaspersky:

http://support.kaspersky.com/viruses/solutions?print=true&qid=208279889
 

1 more replies
Relevance 62.73%
Question: Win32/sality

The computer at the small business where I work has become infected with the Win32/sality virus. i'm sorry I can't give you a virus detection / hjt log but I'm leery about starting that machine back up until I know what I'm doing. As of the last scan I did before I realized that this was way beyond my tech skills it has infected over 350 files. AVG and bitdefender aren't able to clean/heal them. The only advice I can find online involves turning off Sys Restore, running a scan in safe mode and deleting anything I find. Since this process will wipe out almost 400 executable files I wanted to check first and make sure there wasn't some better program/process which could clean the files. Otherwise it almost makes more sense to put all the important documents on CD's and wipe the whole thing. Unless of course that will also allow the virus to spread in some manner I am unaware of. Any help you could give would be greatly appreciated. We are running Windows XP. Thanks in advance.
 

Answer:Win32/sality

Hi, Welcome to TSG!!

That one is very difficult to remove and your best bet would be to format and reload the machine.
 

1 more replies
Relevance 62.73%
Question: Win32/Sality.AM

Hi Everyone! This morning my husband got a message from the CA Antivirus Real time scanner that it quarantined "FP_AX_CAB_INSTALLER.EXE" location "C:\WINDOWS\DOWNLOADED PROGRAM FILES" that was infected with "Win32/Sality.AM".

When I woke up I did a full CA Antivirus system scan and it also found "uninstall_activeX.exe" location "C:\Windows\System32\Macromed\Flash" that was also infected with "Win32/Sality.AM".

Then I ran a CA antispyware and it found very little all in the low to medium risk mostly tracking cookies. I deleted all temporary files and installed HijackThis. I also did a Spybot Search and Destroy scan. It just finished and it only found 2 tracking cookies.

I'm worried that the virus is still on the computer, any suggestions on what to do next. Or am I just being paranoid? :confused I think I'm worried because it was still on the computer even though the real time scanner found it. Thank you in advance! Reesa

Here is my HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 11:08:31 AM, on 12/3/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

Answer:Win32/Sality.AM

I'm sorry I didn't run through all the procedures in the Read me first. I'm doing that now and if I still have any problems I will post again! Sorry about that! I don't think I can delete this thread. Thanks again! Reesa
 

5 more replies
Relevance 62.73%
Question: Win32.Sality

Basically, I guess I downloaded a virus. This is what I did in order to solve my problem and etc.

First noticed when I had a message saying Task Manager was disabled by the system administrator when I pressed Ctrl + Alt + Delete
I Googled for information on how to fix this, something told me to go to my registry.
So I type 'regedit' into the Run... box, and a message popped up saying the system administrator had disabled this as well.
I downloaded Ad-Aware free, scanned, found Win32.Trojan.Agent and Win32.Sality.
I pressed Heal, Ad-Aware told me to reboot my computer. I tried to access my Task Manager, but it was still disabled.
So, I scanned again, rebooted, and Task Manager still didn't work.
Then I Googled Win32.Sality, and found this: http://www.avg.com/virus-removal.ndi-67769
I downloaded the three files, put them in a folder, then ran the .exe.
It scanned my computer, said it cleaned a few .exe's that I had recently run such as games.
It said it couldn't open all the files it scanned, so it told me to reboot and it would scan right after Windows loaded.
Windows loaded, and there were 3 things that it still could not open, but I thought it had been fixed.
Then I used Ad-Aware to make sure I had no more viruses, but it was still there.
I ran both rmsality.exe and Ad-Aware a few times, but after every time, it would just inject itself into a new .exe.
I tried going into safemode, but during the part where it's loading the drivers, my computer restarts.
S... Read more

Answer:Win32.Sality

Ok, now I'm confused. I wanted to show my dad how screwed my PC was. He installs and runs Symantec, finds nothing. Then he just reenables task manager and Registry Editing from these things you type in the run box...

Now everything is working again? I'm not sure.

1 more replies
Relevance 62.73%
Question: Win32/Sality

Hi everyone,We have a network we're most of the nodes have been infected by the Win32/Sality virus. The first computer to be infected was a windows server 2003 file server. There are many infected machines which seem to have been infected to various degrees, but first and foremost we want to focus on the file server. We can't run microsoft forefront(which appears to have failed us already) or any other program for that matter because of the way this virus corrupts executable files. So we can't install or run any other anti-malware programs. Booting into safe mode would be the obvious next step but we can't do that either (I personally haven't tried because this server and its admin are in India, but I was told safe mode doesn't work). Does anyone have any idea how we should remove this virus?Thanks,wsbssnj

Answer:Win32/Sality

Good evening. Sality is what is technically known as a polymorphic file infector - or Fred to it's friends. The polymorphic part means that the code morphs during the infection process in an attempt to adopt a form that scanners haven't identified as malicious and hence will be left alone by said scanners. The infector part is pretty much what it says, it targets Windows executable files with extensions .SCR or .EXE.The problem that you have in dealing with it is in identifying every infected file and removing it before they can infect further files while at the same time hoping that the PC will maintain the integrity of enough system files to keep itself alive, which isn't really a sensible way to spend your evening.Basically, you have a number of expensive paperweights that should be isolated to keep the infection from spreading any further and then reformatted and the various OS's reinstalled. No files with either the .exe or .scr extension can be backed-up due to the potential for reinfection of your machines once you put them back.If you try to remove the slime and miss just one file, you get the infection back again and in a networked environment you just multiply the issue. Sorry that it's not better news, but that's just how it is.

3 more replies
Relevance 62.73%
Question: Win32 Sality

My USB and PC recently got infected with Win32 Sality leaving some of my files hidden but cant be revealed by (Folder Option>Show Hidden Folder) I need to uncheck the protected operating system files for me to see my files.


How can i make them into normal folder again?

Win32 Sality corrupted my system restore and destroyed some system files. Deleted Malwarebytes and lucky not the Avast because it does have user authentication before closing.

And How can add protection to my computer?

Anti Virus Installed/Anti Malware

Avast
Malwarebytes ( <-- Any better suggestion? )
USB Disk Security (I think this prevented the malware from further spreading the virus because of the autorun.inf installed by usb disk security on my USB)
-Autorun disabled
-Not downloading any crack,keygen,porn etc
-Full scanning my computer every 3 days


I heard some rumors that "Linux" cant be infected by windows virus. Im planning to change my OS but i know linux have a lot of software compatibility issue.
 

Answer:Win32 Sality

Welcome to the Malware Removal Forum.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user acco... Read more

27 more replies
Relevance 62.73%
Question: win32/sality

Greeting with a greet respect to you all,

I'm infected with the virus win32/sality, almost all the exe files are infected in my PC, all these files are in a virus vault, I want to know how can i heal these infected files.

and how could I be sure that my PC is safe.

That's all
thanks a lot

Sincerely

Answer:win32/sality

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.

Please download Deckard's System Scanner (DSS)
Save it to the Desktop
Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.
If your firewall offers a warning, allow the program to run
When finished, DSS opens two Notepad files: main.txt <- this one is maximized and extra.txt <-this one is minimized

Please post the contents of main.txt in your reply.
(A copy of these files is also found in C:\Deckard\System Scanner)

Also, please attach extra.txt to your post.
To attach the file, do the following:Below the Reply to Thread box, under Additional Options > Attach Files, click: Manage Attachments
In the Manage Attachments prompt, either click Browse to get to the file, or, copy and paste the following into Upload File from your Computer:

C:\Deckard\System Scanner\extra.txt

Then, click Upload

Then, also attach extra.txt to your post.
To attach a file to a new post, when you reply, go below the box to File Attachments
Browse to the extra.txt file
Click: Add this attachment

10 more replies
Relevance 62.73%
Question: Win32.Sality Help

Hello, I have a big problem with a virus/trojan. I have tried many methods and removal tools to get rid of this virus, but haven't succeeded yet. I can't install any anti viruses or use any on-line scans. I really need some help!

PS: If there is a similar thread, please post the link to it.

Answer:Win32.Sality Help

Hello and welcome to TSF.

If indeed you're infected with Win32.Sality, that's bad news. Since you're unable to do any online scan, I assume your resident antivirus is reporting it.

Here are some threads with that infection and the advice given.

http://www.techsupportforum.com/f100...us-379155.html

http://www.techsupportforum.com/f100...lp-377623.html

http://www.techsupportforum.com/secu...-clean-up.html

1 more replies
Relevance 62.73%
Question: Win32/Sality?

My virus scanning is scanning this Win32/Sality is various places. What is it and is it harmful?
 

More replies
Relevance 62.73%

As you can see from the screenshot on imgur, a device recently began to appear in my network. I assume the device named Jennings-PC is a wifi enabled device that is being detected by some node om my network. Any one else experiecned similar issues or know how to prevent it from appearing?

My network is secured using WPA2, the device is not associated with the router in any way.

http://i.imgur.com/4Qf1E.jpg

Answer:Unknow Device Showing on Network

Welcome to SF,

Try to Power Cycle your Devices and see if the mysterious device shows up again.
How to Power Cycle (Reset) Your Modem and Router | eHow.com

If you're certain that the Device doesn't belong to you, you may block the MAC Address from your Router setting.

2 more replies
Relevance 62.32%

This has happened before, then went a way after a while and several restarts. Now it's back.

My Computer (aka "This PC"), under "Devices and Drives", does not show my SD card that is inserted, though I can navigate to it by manually typing H:\. I also can find it my using File Explorer to look at the Desktop (but ONLY if I navigate by starting at This PC and then going up to the Desktop), where it appears with an icon like it's an external drive (it's built into my laptop).

Meanwhile, certainly related to the same root cause, my D drive, which is encrypted as a Bitlocked drive, is missing the lock icon. Before this issue, upon a fresh computer start, I could see the lock closed, double-click it, and it would prompt for the password. Now, it shows no lock, and double-click simply results in a pop-up saying the drive cannot be accessed or something. I can, however, right-click on it, manage bitlocker, and get to the prompt that way to unlock it. Once unlocked, it does not show the unlocked lock icon either. Pic attached.

What's going on? Can anyone help?

More replies
Relevance 62.32%

i have a freecom external hard drive. it was working fine until one day it decided to stop working.

this light on the drive lights up but i can't hear anything working inside it. and now it won't show up as a drive when i open windows explorer.

please help?

Answer:External hard drive not showing as a drive in windows 7

Hi have you tried it in another computer to see if it works there

12 more replies
Relevance 62.32%

I've never seen this before. Double click on e:\ in my computer and it says not a valid win32 application. Seen it when opening applications but not a drive! all other drives are fine. First time i saw it it was looking for install.exe, which i remember deleting a week or so ago. Most likely because it was a missing shortcut in registry or because it was corrupted or something simular. I dont know what to do about this, as I said never seen it happen b4 on a drive. You can open e drive when you right click and explore but when double click sometimes it tries to locate install.exe. No virus, but did have a few recently, I wont put it down to that though and dismiss because I am very vigilant and remove virus immediately, and scan twice a day, always scanning b4 opening apps. Weird one! Logically, how do i stop it looking for install.exe when openning?
thanx
 

More replies
Relevance 61.91%

HELP.. i have been infected with WIN32/Sality..what do i do..i ran AVG antivirus scan and it tells me that 148 files have been infected in C, D,E, F drives.
 

Answer:Help..Win32 Sality infection

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 61.91%

Dear Friends..It seems i have been infected with win32/sality virus. No matter how hard i try, i m not able to remove it from my computer. My taskmanager, regedit, safemode etc are all disabled. I tried rmsality but it did not detect the virus but no use.I reinstalled windows but of no use. it again reappears....pls save my computer. i do not want to completely fromat it.pls. find below the HijackThis log..and other ifo thru RSIT...Logfile of random's system information tool 1.05 (written by random/random)Run by Administrator at 2009-02-05 11:06:52Microsoft Windows XP Professional Service Pack 2System drive C: has 12 GB (58%) free of 20 GBTotal RAM: 1278 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:06:56 AM, on 2/5/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Spy... Read more

Answer:Infected with Win32/Sality

Hello.You have a very nasty infection present as you mentioned. Most experts think it's best to format because of this infection's nature. Take a read below please.Sality Infection WarningUnfortunatly One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallMore information over here and hereBackup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any a... Read more

3 more replies
Relevance 61.91%

sality drives me nuts!!!! I've tried HJT in safety mode, hitman pro 2.6, rm sality, f-secure, but I can't get rid of it!!! please help me

my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:06:53, on 21-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\progfiles\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
D:\virusscanners\hijack this\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGFI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\... Read more

Answer:win32.sality.k AAAAAAAAHHHH!!!

Win32/Sality.K is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components. Win32/Sality has been known to be downloaded by variants of the Win32/Bagle family.

For more detailed information regarding the functionality of the Win32/Sality family, please visit the Win32/Sality description elsewhere in our encyclopedia.

Visit this site as this is the source: http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=53099
 

1 more replies
Relevance 61.91%

Cheeseball81 said:

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.Click to expand...

my computer is also infected with "win32.sality.E" and the files which are infected are all exe files in C,D,E,F. i ran bitdefender scan on my computer and i had all of the infected files in quaran... Read more

Answer:Win32 Sality Infection

10 more replies
Relevance 61.91%

Recently I avast! 4 Home Edition detected the Win32:Sality virus in memory, so it asked me to do a boot-time scan to scan and clean the virus. After I rebooted my PC, the avast! 4 boot-scan deleted many important .exe files which were actual working programs. When my PC restarted, I reinstalled many of the programs, but most of my cleaners and spyware programs, refused to work. I use CCleaner, Spybot -Search & Destroy and avast! 4. Both CCleaner and Spybot fail to start and avast! 4 just restarts my PC when I try to run it. I tried re-installing but it does not help. Infact, when I try to run the avast!4 setup, my PC restarts again.Also safe mode stopped working. I then formatted my C:\ and reinstalled a fresh copy of Windows XP Home Edition and all my programs, but CCleaner and Spybot still refuses to start, and avast! 4 setup still restarts my PC.I went through a lot of frums on the internet, but some of the cleaners won't start just like CCleaner. Also other spyware programs can't find anything wrong.I finally used UnHackMe and now atleast my Safe mode is working. CCleaner, Spybot and avast!4 still won't work. For that matter no cleaner works.Please help me.*****Logfile of random's system information tool 1.04 (written by random/random)Run by Eric P Pereira at 2008-12-14 12:43:17Microsoft Windows XP Home Edition Service Pack 3System drive C: has 17 GB (44%) free of 38 GBTotal RAM: 1279 MB (62% free)Logfile of Trend Micro HijackThis v2.0... Read more

Answer:Help after Win32:Sality attack...

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

2 more replies
Relevance 61.91%

my computer has the win.32.sality virus i used to have 17000 infections but they all cleaned except the ppl at the other forum say for the mothre infection it isnt clean, they said it couldnt be removed so i turned to you i read on google that you cured it i need help i also have a dll.exe problem that says to report the problem to microsoft...i dont want to format my computer help pls... here is my hj log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:39 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\vsnct511.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\msnms... Read more

Answer:Win32.sality.p found need help pls....

and i already have combofix and kaspersky downloaded
 

1 more replies
Relevance 61.91%

Pardon my language and anger, but I really hate this "King of Virus" called Sality.

I got infected with a strange variant, possibly Win32\Sality.ag and it is spreading through my network like a monster on steroid.

I think it has downloaded a few "helper virus" to assist it over the weeks using its own peer to peer downloader.

I cant remove it, I've tried using nod32, kaspersky rescue disk, avg rescue disk, dr web rescue disk and bitdefender rescue disk. I've also tried many many removal tools.

Kaspersky Rescue disk couldnt finish mounting my drive, got error.
Avg rescue disk cant remove it.
Dr web cant even detect it.
Bitdefender rescue disk wont load for some reason. (my last resort)

Task mgr, regedit and various antiviruses are all disabled and the virus is dropping .tmp, .Lnk files all over my systems.

It searches for network share in my network and drop its payload in them, creating lots of porn shortcuts as well.

I've scoured the internet for a way to kill this monster to no avail, it is almost impossible to remove it short of reformatting ALL MY PC in the network (oh god plz no).

I wanna use Bart PE to boot into windows and find the rootkit files it created and delete them but I have no idea which file it is, because they have random names and .sys extension in C:\windows\system32\drivers folder.

I edited my registry and disabled autorun and tried to remove as many virus files as possible but it kept... Read more

Answer:I HATE WIN32\SALITY !!!!!!!

Disconnect as many of your pc's from the network as soon as possible. Run SalityKiller and MSRT on each pc while still disconnected from the network. Then extract and run Sality Reg Keys on each infected pc.Make sure KB2286198 is installed on each pc/server. Install it manually if you have to do so.You'll also need to delete all of Sality .LNK files.

2 more replies
Relevance 61.91%

Hello

I have a problem with my pc. Every time I boot the pc i get the message that wmimgr32.dll is infected by Win32 Sality, that I then move into the container (with Avast).

I have gone through the whole procedure described in:

http://forums.techguy.org/security/485332-plz-help-rid-win32-sality.html

but I still get the message on every reboot.

I┤d be very thankful if you could help me...

my hijack log is:
Logfile of HijackThis v1.99.1
Scan saved at 02:30:37, on 03.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\TBPanel.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\zulu\LOKALE~1\Temp\Rar$EX00.891\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-... Read more

Answer:Solved: Please help me.......Win32 Sality

16 more replies
Relevance 61.91%

Hi, i think ive got my Win32.Sality.NAM problem can you check my HJT log to see if its gone

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Billy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {066BD3A2-062B-4DCD-B655-94414FFEC6E0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'To... Read more

Answer:┬┐Win32.Sality cleaned?

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 

1 more replies
Relevance 61.91%

I have recently found out that I am infected with Sality, and I would like to remove it without formatting my computer. I've tried everything I can think of, but i've had no luck. I thought I removed it, but it just turns out that it had not infected anymore files until today. Any help I can get with this would be great. I'm running Windows XP SP3.

More replies
Relevance 61.91%

OS: Windows XP Professional SP3

VIRUS: Win32/Sality (as far as I know...)

ANTIMALWARE: uninstalled Virus Chaser, replaced with Microsoft Security Essentials

DETAILS/RANT:
I've been trying to get rid of this Win32/Sality on my work computer for about a week now; browsing through forums will only get one so far... I'm a total noob at this, so if there's any additional info you need please let me know.

So, here's how it's gone so far.

*Finally* succeeded in getting one of the IT guys to reformat this piece of junk this morning. I remembered to ask him to repartition it as well. I'm not quite sure how to find the specs of this thing; all i know for sure is they installed Windows XP SP3. Most of my other programs are in Korean; I teach English online and basically have to just download the video, phone and messenger programs from the company sites.

The first thing I noticed after the reformat was I couldn't seem to access any microsoft websites on Internet Explorer. Got Google Chrome instead and everything worked fine from there.

Uninstalled "Virus Chaser" (this weird security program they installed from an old CD)

DLd Microsoft Security Essentials, updated it, plugged in my external hard drive and scanned it. It found "Win32/Sality.gen!p" on E:\Seagate\Registration\Seagate-Release.exe. I picked Disinfect and got back an error message:

Microsoft Security Essentials couldn't apply the action(s) y... Read more

Answer:trying to remove Win32/Sality

it sounds like the infection is on an external drive. if in fact you do have an external drive connected, dissconnect it and scan again and see if it comes up. if you dont have an external drive(or flashdrive) connected, and your bringing up drive e, you may have some issues with a reload.

but if it is on an external. pull the info you need off of it and run a full format on it

4 more replies
Relevance 61.91%

I just downloaded Avast to help find some virus's on my comp now, that it's "detected" one it says it can not find the file. Can anyone one help. This is the info that I'm getting

File name: C:\Windows\system32\vcmgd32.dll file

malware name: Win32:sality-Al

malware type: virus\worm

Vps version: 0704-0, 01/18/2007
I've tried to move the file to "the chest" & repair the problem but, I keep getting a message saying:

Avast! the system cannot find file specified
cannot process: "C:\Windows\system32\vcmgd32.dll" file

I haven't tried deleting it because I don't know what/where it is and if it will effect other parts of my computer.

I'm also trying to put a Trojan horse in the chest but, it seems to pop up again.

File name: C:\Docume~1\Admin\Locals~1\Temp\Wintpqe.exe\[UPX]

Malware name: Win32Agent-SB[Trj]

Malware type: trojan Horse

VPS version: 0704 - 0, 01/18/2007

ergh can someone help me out?
 

Answer:Win32 sality infection Help!

11 more replies
Relevance 61.91%

Hi my computer is infected with win32.sality.p virus and my antivirus can't fix it and I don't know what to do. That virus is screwing up my system (programs won't open, can't uninstall programs) I need help on how to delte that

thanks in advance

here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 2:57:45 AM, on 8/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\jjncsaaa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EX... Read more

Answer:Solved: win32.sality.p === NEED HELP

16 more replies
Relevance 61.5%

Recently my computer was infected with the Sality virus. I'm not sure exactly how it got on there, and I'm also not certain if there are any other infections in the computer. The virus has infected quite a few executables on the computer, including a lot of my installed programs. I'm not sure if any system files were infected.
 
I've tried removing the virus myself, as according to MBAM the virus files are the system32/vcmgcd.dll and .dl_ files. However, whenever I've tried to remove them or even overwrite them with blank files (and making them read-only) they get overwritten on the next startup.
 
I'm pasting and attaching the files mentioned in the guide:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.2.1
Run by Ippy Kwew at 19:10:20 on 2013-08-24
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1418 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\WebConnect\updateWebConnect.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\a... Read more

Answer:Computer infected with Win32.Sality

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505492 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 61.5%

Hey guys woke up this mornen to Win32/Sality.NBA and got rid of most of it i guess with an eset scan then a superantispy ware scan and even did maleware scan but I am unable to get in task manager and cant remove any programs. says task manager has bin disabled by your administartor..I am admn..seems like it leave some of itself behind and nothen can get rid of it all. What can i do?

Answer:Win32/Sality.NBA is really kicken my butt

Hello, there are 5 methods to fix this here Task Manager Has Been Disabled By Your Administrator,one should work.

5 more replies
Relevance 61.5%

I thought I was running pretty virus free on my system. I run Spysweeper to take care of the spyware, but just recently downloaded Avast. Upon scanning, it found over 4000 occurances of files infected with Win32:Sality-AB. The program wont repair any of the files, the only option I have is to put them in the "chest". My question is, how do I fix or remove these files permanantly? Any help is appreciated.

Thanks in advance!
 

Answer:Over 4000 occurrances of Win32:Sality-AB

If you just downloaded AVAST, try updating the most recent definition files. Most of the time, the initial application download doesn't have the latest definitions.

The latest defs will most likely be able to repair the files.
 

2 more replies
Relevance 61.5%

How do I remove win32.sality.aa from an NT4 machine ?

I used the kaspersky salitykiller.exe app to sort xp machines, but wont work on NT4

Any help would be greatly appreciated

Olly
 

Answer:REmoving Win32.Sality.aa from NT4 machine Help

You cannot effectively clean a computer that has a file infector like Sality. See this article by miekiemoes, a highly respected member of the malware removal community:

http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

You need to back up all important data such as documents and photos but no executable files (programs) or you will reinfect the new installation and reformat. Programs will need to be reinstalled using the original media. Given the age though, it sounds like this system should be retired.
 

3 more replies
Relevance 61.5%

Hello, I am hoping you can help me with my problem which I think is a virus. I will give you a quick history of what has been happening.

The first problems started about 3 weeks ago, my computer would stop shutting down when I asked it to. It would take about 15 minutes to shut down or restart when asked. Then my PC screen would freeze and make a high pitched beep tone [this has now stopped], I had to restart when this happened. I thought that I may have to install XP fresh again but then it started showing symptoms of a virus.

Virus symptoms:

1. About 2 weeks ago my Explorer wouldn’t start correctly. There would be the background wallpaper but no icons. I would open Windows Task Manager and try to ‘run new task’ > explorer.exe however it wouldn’t work. However it would ALWAYS work after the second boot.

2. This week it has started doing the same thing however sometimes it will boot Explorer first time but programs will not work, especially things related to the internet e.g. Msn, Opera, iexplorer. When this happens I need a fresh restart.

3. I previously had AVG 8.5 installed however I thought it was pretty rubbish so I installed Microsoft Security Essentials which is much better at finding viruses. It found a few viruses straight away. Virus: Win32/Sality.gen!enc KEEPS reappearing and being deleted. Once this virus was deleted the first few times my PC seemed to be fixed but coming on it today it doesn’t seem to be workin... Read more

Answer:Explorer problems, Win32/Sality.gen!enc

a 72 hours Bump!

15 more replies
Relevance 61.5%

how to remove virus on MacBook: Win32:Sality-FUM [Drp] and Win32:Patched-AFX[trj] ? My Avast antivirus notice them but cannot remove from BOOTCAMP/pagefile.sys and BOOTCAMP/Program Files/Graugon/MPEG/ljt.exe. Many thanks for your reply, Eric

Answer:VirusWin32:Sality-FUM [Drp] and Win32:Patched-AFX[trj]

You can look these ways.Sality infection removal tools for macintoshhttp://is.gd/B7oudVSality virus removal tools for macintoshhttp://is.gd/FdMtlFOr,Slave your HD to a Windows HD/comp ( no need to bolt it in, just cable it & leave it outside the case ) You may have a choice of jumper settings on the master HD, such as master with slave or ms.Then run this for starters.http://www.softpedia.com/get/Antivi...Repeat search procedure for the other virus.

2 more replies
Relevance 61.09%

I have a slave drive (E that is now showing as a removable drive. I simply used it to store data, but now it's just showing as a removable drive.

Anyone ever dealt with this before? Know of a way to retrieve my data?
 

Answer:Fixed Drive showing as Removable Drive

i'm assuming it's a sata drive? if so, i've been seeing alot of this lately. anyway, have you tried rebooting (to see if you can access your data)? are you getting an error message when trying to access/retreive your data (if so, what)? more details would help. what is your os, etc? - sos
 

4 more replies
Relevance 61.09%

Someone please help me.
I am trying to set up our server which we have on my sisters new laptop. when I go to 'map network drive' and click 'browse' the server called 'BGE-B-NAS' doesn't appear on the list. I have tried multiple times and nothing seems to be working. I also tried to type it in manually but it just said that 'windows cannot access \\BGE-B-NAS\Companydata'. Is it to do with the fact that this is a laptop and it is using the wifi instead of being wired?

Any help would be very helpful and thank you in advance for the help.

Answer:Drive not showing up when trying to map a network drive (Laptop)

sorry for anybodies bother but it worked in the end

0 more replies
Relevance 61.09%

I plugged a new SATA drive into my computer and my BIOS sees it and it shows up in windows xp device manager but it doesnt show up in my computer. How can I fix this (I restarted my computer 10 times).

EDIT>>>>>>>***OH I lied, it's not showing up in device manager.****<<<<<<<
 

Answer:SATA Drive not showing up on drive list

7 more replies
Relevance 61.09%

I think its a virus problem and I haven't installed my any antivirus ...I cant view my photos ..my system is getting slow ... and showing low memory and after that my pc gets restarted ....
Please Help !!!

More replies
Relevance 61.09%

I had an old (6 months old) internal hard drive that I had setup as an external drive go bad yesterday so I replaced it with a brand new internal drive that I am trying to connect using my esata connector. It is the same exact setup as I had for my old drive that did work for 6 months.

The new hard drive shows up in Device Manager, and in the Devices and Printer panel, but it does not show up in my Computer Panel under Hard Disk Drives.

Does anyone have any idea of what can be happening and where I should look to make this new hard drive visible as an accessible drive?

Answer:New hard drive not showing up as an accessable drive

Hi,

When you click Start & right-click 'Computer', select manage. See if it comes up under drive management and if so it may be showing as unallocated space.

Try...Partition or Volume - Create New and skip straight to Step 4


OS

3 more replies
Relevance 61.09%

Had to reinstall XP on my wifes HP desktop. All went well except when you click on my computer.  C: drive is ok but D: drive (internal) shows up as a flash or jump drive. Plus it wants to scan D everytime windows boots up.  I did not format the drive before the reinstall, just replaced the copy of Windows on c.  Its a single sata drive the I partictioned the last time I changed out the hard drive.

Answer:Internal drive showing up as a flash drive

This is a desktop with two internal SATA drives? What is the model number of the HP?

11 more replies
Relevance 61.09%

when i insert a cd its not detecting
 

Answer:showing too many disk drive(CD DRIVE not detecting)

The screen shot looks like you have virtual drive software installed.

Regardless, is the drive recognized by the BIOS? Is it recognized by Windows? If it's recognized by Windows, it will be listed in Device Manager, in Drive Manager, and should also been seen in Windows Explorer.

If the drive is recognized, and it's simply not recognizing discs, the drive is most likely faulty.
 

1 more replies
Relevance 61.09%

When I use the "Safely Remove Hardware and Eject Media" icon/tool, to remove a USB stick, my internal SSD drive shows as a choice to be removed. How can I get the SSD off this list?

In Device Manager, under Disk Drives, looking at the SSD drive's properties there is no "Removal Policy (i.e. choice of "Quick Removal" or "Better Performance") like the removable hard drive on my laptop has.

Answer:How can I stop my SSD drive from showing as a Removable drive?

Normally you need to install or update your SATA AHCI driver to correct this. You are most likely currently running on the generic Windows driver.

Check your motherboard manufacturer's website for a current Windows 10 driver. (Or laptop manufacturer's website if this is a different rig than that in your specs).
If no 10 driver, then use the most recent one.

If no SATA/AHCI driver there, then you can get one if you install the most current version of Intel Rapid Storage Technology Driver.
However I have read some articles that say that W10 does not need IRST, but nothing conclusive. Perhaps someone else here could comment on that.

0 more replies
Relevance 61.09%

When I use the "Safely Remove Hardware and Eject Media" icon/tool, to remove a USB stick, my internal SSD drive shows as a choice to be removed. How can I get the SSD off this list?

In Device Manager, under Disk Drives, looking at the SSD drive's properties there is no "Removal Policy (i.e. choice of "Quick Removal" or "Better Performance") like the removable hard drive on my laptop has.

Answer:How can I stop my SSD drive from showing as a Removable drive?

Normally you need to install or update your SATA AHCI driver to correct this. You are most likely currently running on the generic Windows driver.

Check your motherboard manufacturer's website for a current Windows 10 driver. (Or laptop manufacturer's website if this is a different rig than that in your specs).
If no 10 driver, then use the most recent one.

If no SATA/AHCI driver there, then you can get one if you install the most current version of Intel Rapid Storage Technology Driver.
However I have read some articles that say that W10 does not need IRST, but nothing conclusive. Perhaps someone else here could comment on that.

15 more replies
Relevance 61.09%

I have plugged in my samsung external hard disk drive and under my computer it only shows an "A" drive for floppy disks.
I'm running vista, 32 bit. Can anyone give me some advice please.

Answer:Samsung External Drive Showing as A drive

Can you access it still by going into it?
http://www.windowsreference.com/windows-vista/how-to-use-disk-management-in-vista/
Disk Management can be used to reassign a drive letter.

10 more replies
Relevance 61.09%

Hard drive is: WD My Book Essential 2 TB

It was working fine the other day then I updated my computer. I looked and noticed there was an update titled: Western Digital Technologies - Other hardware - WD SES Device, released April, 2015. I don't know if it's the same as the external or what.

I did try uninstalling this but could not find it in the installed updates. I installed it 6/7/15 and before this it worked fine, now when plugged in, it shows up as CD Drive and when I double click it, it says application not found.

Any help would be much appreciated, thanks.
 

Answer:External hard drive showing as CD Drive

Was the update through Western Digital or Microsoft?
 

14 more replies
Relevance 61.09%

Someone please help me.
I am trying to set up our server which we have on my sisters new laptop. when I go to 'map network drive' and click 'browse' the server called 'BGE-B-NAS' doesn't appear on the list. I have tried multiple times and nothing seems to be working. I also tried to type it in manually but it just said that 'windows cannot access \\BGE-B-NAS\Companydata'. Is it to do with the fact that this is a laptop and it is using the wifi instead of being wired?

Any help would be very helpful and thank you in advance for the help.

Answer:Drive not showing up when trying to map a network drive (Laptop)

sorry for anybodies bother but it worked in the end

1 more replies
Relevance 61.09%

I had an old (6 months old) internal hard drive that I had setup as an external drive go bad yesterday so I replaced it with a brand new internal drive that I am trying to connect using my esata connector. It is the same exact setup as I had for my old drive that did work for 6 months.
The new hard drive shows up in Device Manager, and in the Devices and Printer panel, but it does not show up in my Computer Panel under Hard Disk Drives.
Does anyone have any idea of what can be happening and where I should look to make this new hard drive visible as an accessible drive?

Answer:New hard drive not showing up as an accessable drive

You might need to assign Drive Letter. Go to Disk management see if you can find it there. If so right click on it and click on Assign Drive Letter.
Hope this helps,
Captain

3 more replies
Relevance 61.09%

I need to use my USB flash drive to set up my wireless network, to transfer files from one PC to another. The drive appears in my computer as a local drive rather than a removable one. That means that the network wizard (XP Home) doesn't list it as an option to transfer files. I think I am missing something obvious but can someone give me a nudge in the right direction?ThanksDon3002

Answer:USB Flash drive showing as local drive

I don't know how I did it, but it now appears as a removable drive. Thanks anyway.

2 more replies