Sality infection...

[DSSRUEL]

Hello there... Im new to Avast... first incident...

OS.. Win98
Avast... 4.7 Pro for 60-days

Avast detected this intruder as Win32:Sality-AM ...

Question:  How is it that detection works but protection fails ?

[DavidR]

Sorry can you explain how the protection fails ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
What actions have you taken to try and resolve the problem, e.g. what option did you choose when it was detected and what hapened ?

[DSSRUEL]

Step by step for clarity...

1. The PC was ON since 6am
2. In the afternoon I look at the screen and Avast is
---showing the message... Sality is here...
-----------------------------------------------------------------------------
Q1.  HOW come Avast detect this intruder...

BUT dont protect against it ?

SO the message is.... You are infected and here is the cause ?


Q2. Sality is already in the Avast virus list ?
----------------------------------------------------------------------------

How many files or which files is NOT the question...

The Question is... WHY this happen

Avast was supposed to protect that PC from "known" treats

-----------------------------------------------------------------------------
The last AV on that PC was Norton... now give a try to Avast
-----------------------------------------------------------------------------

[Lisandro]

Q1.  HOW come Avast detect this intruder...

Are you using the screen saver scanning (module)? Which is your screen saver?

BUT dont protect against it ?

What do you mean don't protect?
Maybe the file is on your system but the virus wasn't started (executed).
Which is your Standard Shield sensibility? High or Normal?

Q2. Sality is already in the Avast virus list ?

Yes...

[DavidR]

If you can answer the questions about the infected file, its location and what action you took we might be able to offer an answer.

I didn't ask about numbers of infected files, just the one/s being alerted on to try and identify why. It is possible it has been on your system dormant or the remnants of a previous infection not fully cleaned.

[mauserme]

The Question is... WHY this happen

Sality-AM was added to the detection 3 days ago (15 Jan 07)

http://www.avast.com/eng/vps_history.html

It probably arrived on your computer just prior to that and just now executed (as Tech said).

Or maybe you're a bit behind on the updates.

[DSSRUEL]

Sality-AM was added to the detection 3 days ago (15 Jan 07)
It probably arrived on your computer just prior to that and just now executed (as Tech said).
Or maybe you're a bit behind on the updates.

Thats the answer I need...
AT infection time... Avast was hands-down... this is a NEW treat or variant...
I can deal with that... Symantec publish their solution this week also...
ON updates issue... Automatic updates are there...

I will take care of damage recovery... backups are available...

Now... Need your suggestions on ALL settings to FULLY protect this PC

I dont want more surprises...

This agenda is for TONIGHT... can you reply today ?

Thanks for your efforts...

[Lisandro]

Now... Need your suggestions on ALL settings to FULLY protect this PC

I know it's a generic answer but antispyware applications (freeware): download, install, update and run it.
Ad-Aware
Spybot Search and Destroy
Spywareblaster
A-squared
Ewido

Besides this, I suggest:
1. A good firewall (Comodo, ZoneAlarm, Kerio).
2. avast running at least Normal sensitivity level. If you're paranoid, use High level 

[polonus]

Hi DSSRUEL,

Here are the desinfection info on this malware:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-022414-0346-99&tabid=3

polonus