Avast WEBforum
Other => Viruses and worms => Topic started by: kjcdude on December 17, 2009, 09:08:39 AM
-
I'm looking for some support on a very large infection with Win32/Sality and Win32/Tanatos across our entire network of about 160 pcs.
I've used the following removal tools which have all failed.
http://www.avg.com/us-en/virus-removal.ndi-67769
http://www.avg.com/us-en/virus-removal.ndi-90825
For those not familiar with sality it's good to know that it kills a lot of common anti-virus processes.
I've been unsuccessful with installing avast or even getting a console only version to run. Ideally I'd like to get avast installed on all 160 machines and have it run on next launch before windows loads.
I have been able to get clamwin installed and have ran that with the following paramaters. 'clamscan1.exe --database="C:\Program Files\ClamWin\bin" --recursive Z:\ -k -u -i --move="C:\virus" --memory'
I have found around 200-400 infected files on some computers. Again no matter what I run it will still not fully remove the infected files and still exists on the next restart.
If anyone has any suggestions or has a company/consultant that I could talk to in regards to this large problem that would be fantastic.
Thanks,
Kyle
-
Cleansing Win32:Sality requires a total format and a clean reinstall on all PCs because not only it infects files but it can drop a keylogger as well.
Win32/Tanatos, another name for Win32:BugBear, is a worm that drops a trojan with keylogging and backdoor capabilities.
You could use Dr. Web CureIt (http://www.freedrweb.com/cureit/?lng=en).
Once you rid yourself of Sality and Tanatos, you will need a firewall (including a network firewall).
-
Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/search?q=virut
How Clean A Patching Virus (Virut or Sality)
http://www.youtube.com/watch?v=FGDl-IMOt1g
-
How Clean A Patching Virus (Virut or Sality)
http://www.youtube.com/watch?v=FGDl-IMOt1g
That video was done on May 26, 2009 and the infection has mutated several time since then so I would go with what miekiemoes recommends.