lost trust in avast can't remove sality

[molitar]

Ok I have tried and tried full scans. It only finds a single file infected but online scan at panda found over 20 references to actual infected files.  I have lost my faith in this antivirus software that can't remove such a major trojan.

[alanrf]

Hmmm .... you give us very little information to work with or to respond to.

I just ran a free Panda online scan of my system. 

It told me I have 28 spywares and 2 viruses. 

The 29 spywares were references to cookies on my system.  Yes, I clear them every so often ... not one of the biggest frighteners around and 27 more than I get from my weekly Adaware & Spybot scans ... who to believe?

The viruses ... apparently Sober variants in a couple of my old Thunderbird archives ... that I never access and probably should delete ....  never reported by avast,  Ewido or Bit Defender in multiple scans .... who to believe?

I am not suggesting that you should not believe Panda ... but if, like me, you ran their free scan ... do do realize that their whole intent is to scare you into paying for their main product?

I am not trying to portray avast as the better product ... I think that you need to choose your antivirus product according to your needs.  If you are a really adventurous spirit in your web surfing and downloads it may well be that you need the absolute best in antivirus software that can cope with your risk taking.  That probably is best provided by a top rated paid for solution.

If your surfing and download habits are not quite so adventurous then very many- like me - have have found that avast has provided for us a very safe and virus free environment. 

Your choice - and we will be happy to welcome back to this forum when you decide avast is the best choice for you too.

[mauserme]

If I counted correctly avast! has 22 (+/-) detections for different variants of sality

http://www.avast.com/eng/vps-content-2006.html

It would be surprising if it missed that much.

[molitar]

Sorry it is Sality and it does find it, but it can not remove it properly at all.. can not remove or disinfect it.  It just kept comming back I end up having to download trial version of panda antivirus to get rid of it after many attempts.

[Thorny]

Molitar,

Have a look at the attached link for more information about sality and removal http://www.2-spyware.com/remove-sality.html

Cheers,

Thorny

[rvanweerd]

Having read this thread, I thought I give that panda a go, yet ironically enough avast detected it as a virus!?

panda asked me to download an activeX component, 8 MB, is that correct? I aborted the download anyway.

Anyone know of this issue. At the moment, I trust avast more than panda, but I would like a 2nd opinion.

thanks

[alanrf]

Yes, it does download the 8Mb of components (and more).  While running the Panda scan I (temporarily) disabled avast scanning. 

[Negeltu]

Having read this thread, I thought I give that panda a go, yet ironically enough avast detected it as a virus!?

panda asked me to download an activeX component, 8 MB, is that correct? I aborted the download anyway.

Anyone know of this issue. At the moment, I trust avast more than panda, but I would like a 2nd opinion.

thanks

Panda's virus definitions are not encrypted therefore avast will detect them as virii.  Panda's fault really.  No worries though.

[JerryM]

I stopped using Panda due to the  number of FP. If I want to use an on-line AV scanner I use Kaspersky, and Bit Defender.

Jerry

[DavidR]

Sorry it is Sality and it does find it, but it can not remove it properly at all.. can not remove or disinfect it.  It just kept comming back

Why can't it be removed, etc. what errors/warnings are you getting.

Files in use or in system folders (even malware) is protected by windows. If you have XP you can schedule a boot-time scan from within avast (not available in Panda as far as I'm aware). Or if win9x/ME boot into safe mode and run an avast scan from there.

Where was it originally detected, file name and location ?
Where does it keep coming back to, file name and location ?
What avast provider detected it, what were you doing, browsing, downloading, running an on-demand scan, etc. ?

It could be that there is another element that is restoring that virus, but we have little information to go on.

[Spiritsongs]

   "Sality" is more spyware than it is a virus, since it includes
       a keylogger . Best to use Ewido and/or an antiSPYWARE
       program .
       
       "Thorny"s link has info that Spysweeper can remove it
        and they offer a FREE "Trial"; many Experts on
        antiSPYWARE forums recommend this "trial" when
        appropiate .

[Lisandro]

       "Thorny"s link has info that Spysweeper can remove it
        and they offer a FREE "Trial"; many Experts on
        antiSPYWARE forums recommend this "trial" when
        appropiate .

Spysweeper could delete avast entries although...
If so, use the restore/recover or whatever it may be called to restore the deleted registry entry and update your definitions file for spysweeper. It reports incorrectly (false positive) the avast ashDisp.exe which is the icon you see on your system tray.

Lost faith in avast because it could not remove the infection?
What was the error message?
Can't you schedule a boot time scanning?

[Thorny]

Tech,

The link I posted also has information on the manual deletion of sality, which might be a better option?

The 2-Spyware.com site also contains the following advice "Sality infects local executable files, deletes files associated with installed security-related software including various antiviruses and firewalls."  Could this be the reason why Avast can detect and not remove this spyware?

Cheers,

Thorny

[Lisandro]

Could this be the reason why Avast can detect and not remove this spyware?

I'm not sure... someone from Alwil should come here to explain.
Anyway, avast can only clean CERTAIN infections to executable files, not all of them 

[molitar]

My worry is once it had infected executables.. like my dynsite.exe that I use for dynamic ip than Avast didn't even find it at all.  So it could not remove the dll file for it but would allow me to quarantine it.  But it found no other infections I even did a reboot in safe mode and did the scan. But Avast reported nothing else found.  Yet when I rebooted the computer and it came back up again a warning from avast about the dll it was reinstalled.  Tried again but to no avail so I decided to try some online scanners like panda, kaspersky, and bitdefender it found over 40+ files that it had infected.  Now that is scary since this installs key loggers which can get critically sensitive data.