Win32:Sality-AD

[comecats]

Hi
My computer is saying I have a virus called Win32:sality-AD.
I have avast installed and never had any problems with it before but everytime I try and delete the virus it pops up 10 seconds later still saying i habe the virus.
Please help, I don't know what to do

[Lisandro]

Welcome. Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
What avast! version and VPS file (virus database) number, for instance, 0646-1 (see About dialog of avast!), are you using?

[comecats]

I am using version 4.7 of avast

Datei-Name                    C:\WINDOWS\System32\vmmdiag32.exe
Malware-Name                Win32:Sality-AD
Malware-type                   Virus/Worm
VPS Version                    0646-1,  11/07/2006

I hope that with this information it is possible to find some solution

[Lisandro]

I am using version 4.7 of avast

Datei-Name                    C:\WINDOWS\System32\vmmdiag32.exe
Malware-Name                Win32:Sality-AD
Malware-type                   Virus/Worm
VPS Version                    0646-1,  11/07/2006

I hope that with this information it is possible to find some solution

Can you please try:

1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
4) Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).
5) Boot and then enable your System Restore again (number 1).

[DavidR]

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can't delete or move files in use. So schedule boot-time scan in avast's menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn't in use and avast should be able to deal with it.

That is why you can't delete it, so you should schedule a boot-time scan, etc. follow Tech's instruction.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

[comecats]

Tech, I thank for much to you the aid that you rendered to me…
seems that the solved problem this.

no longer it appears the warning of warning of avast

[DavidR]

Now you have a little quiet time without all he** breaking loose, I suggest you spend a little time checking out the DropMyRights link, prevention is much less painful than cure.

Welcome to the forums.