Not a virus

[tharindu]

This is not virus
 
 These programs detected by avast resalt as virus
 
These programs are virus ?? 

 Regedit (C:\Windows)
 Rundll32.exe (C:\Windows\System32)
 Taskmgr.exe (C:\Windows\System32)
 Utorrent.exe (C:\Program Files\Utorrent)
 Photo scape.exe (C:\Program Files\Photoscape)

  I'm so sad please Help me these programs are not virus What i do

[DavidR]

What malware name is given by avast ?

How do you know they aren't a virus ?
As some of these files especially the first three have been targets for malware in the past.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select 'Extract' it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

[Pondus]

and....does your avast have latest update?

[tharindu]

OK

I re install my all software's
 but my computer's all software was virus but Windows notepad.exe ??

[DavidR]

Which is why I asked about the malware name given by avast (and the other questions) as there is a possibility that you have a file infecter which targets .exe files.

[DavidR]

I see you have started another topic about this, which just causes duplication for those trying to help.

I have replied in that topic, http://forum.avast.com/index.php?topic=111964.0, but you should continue in this topic, hopefully one of the moderators can move this topic to the viruses and worms forum where it should be.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and and attach the logs in this topic, not in the LOGS topic.

[tharindu]

virus name :-

              Wordpad.exe = WIN32:salicode
              Notepad.exe in System32 folder = WIN32sality
              kimml.sys in system32 > driver folder = Win32:malware-gen


             Another all exe virus names = Win32:salicode

[mchain]

virus name :-

              Wordpad.exe = WIN32:salicode
              Notepad.exe in System32 folder = WIN32sality
              kimml.sys in system32 > driver folder = Win32:malware-gen


             Another all exe virus names = Win32:salicode

hi tharindu,

http://en.wikipedia.org/wiki/Sality  You definitely need assistance from a certified malware removal expert for this. 

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and and attach the logs in this topic, not in the LOGS topic.

Once the logs requested are attached as DavidR has asked, then a malware expert can come in and help you.  To start this process, run AdwCleaner, Malwarebytes, OTL, and aswMBR.  Attach all logs in your next reply.

[essexboy]

We will work only in this thread

The following programme may need to be run several times and no guarantee can be given

Download  Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip 
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: 

under Windows 2000 run the registry file SafeBootWin200.reg 
under Windows XP run the registry file SafeBootWinXP.reg 
under Windows 2003 run the registry file SafeBootWinServer2003.reg 
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

[tharindu]

HI mchain

AdwCleaner

   Log file 

       # AdwCleaner v2.103 - Logfile created 12/29/2012 at 12:15:24
       # Updated 25/12/2012 by Xplode
       # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
       # User : User - WIN2006
       # Boot Mode : Normal
       # Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
       # Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [716 octets] - [29/12/2012 12:15:24]

########## EOF - C:\AdwCleaner[R1].txt - [775 octets] ##########

[essexboy]

Could you run sality killer first please and then follow up with the OTL scan

[tharindu]

Ok i find problem

 I temporarily disable Avast shield for 10 minutes

 And virus was activated
 minutes
 Virus damage all kind of Exe files

 Now What I Do now

 Please reply

[DavidR]

Follow essexboy's (malware removal specialist) instructions in Reply #8 above, there wasn't anything about disabling avast in those instructions (that I can see).

[essexboy]

Disabling Avast has allowed the virus to spread, sality killer may not work now.  However run it at least three times

[tharindu]

AFTER 12 Hours scans was finiched ! Now what i do ?