Win32:Salicode... Sality

[Sulail]

I just used a CD in my laptop and since then, avast is catching these viruses

inf autorun-gen@bhv wrm
Win32: Salicode
Win32: Sality

How can I get rid of them?

[Pondus]

Instructions     https://forum.avast.com/index.php?topic=194892.0

[Sulail]

Attachments.

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

RemoveProxy:
() C:\Users\AL-KARAM\Desktop\u1603.exe
() C:\Users\AL-KARAM\Desktop\utmp\u.exe
GroupPolicy\User: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\14078778.js [2017-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\14078778.cfg [2017-01-01] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
S2 OpenDHCPServer; C:\Windows\TEMP\OpenDHCPServer.exe [X]
2009-07-14 04:01 - 2009-07-14 05:44 - 080200320 ___SH () C:\ProgramData\mscfl.exe
2016-09-05 12:57 - 2016-09-05 12:57 - 000000110 ____H () C:\ProgramData\obid31
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ChromeHTML: ->  <==== ATTENTION
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000\...\ChromeHTML: ->  <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\All Users:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\AppData\Roaming:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Temp:5B661474 [123]
C:\Users\AL-KARAM\Desktop\u1603.exe
C:\Users\AL-KARAM\Desktop\utmp\u.exe
EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[Sulail]

Attachment.

Many thanks

[Sass Drake]

Does Avast still report threats?

[Sulail]

No, it is perfect! You are a genius. Many thanks!

[Sass Drake]

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.