Just to let you know,there is not any av that can remove sality.Sality is a wellknown,nasty file infector.
Try to kill it with that
http://support.kaspersky.com/viruses/solutions?qid=208279889
Merry xmas
I think a lot depends on the extent of the infection, and how soon after injekt the disinfection procedure is begun. If malware like Sality gets away on you, then the running state of the computer will be severely compromised, and almost certainly be marked with substandard performance / broken system. Sometimes windows Repair option can mend any performance loss in XP, but from what I gather the remnants of the infection are not removed in the process. Reformat is often the better option.
Also important - what is the strain of the malware?
For example, the attributes and makeup of the malware will differ by strain on a scale upwards to worst case scenario
Recently I had an encounter with sality that could've been worst case scenario, but fortunately the recovery process was commenced early. The malware was first detected when a USB was plugged into the computer (see image below of win32 sality). I disinfected the USB and scanned / cleaned system. But not sufficiently - here is notes on what to do about win32 sality - from a Kaspersky web page (
sorry I didn't record the source url so I cannot cite).
http://docs.google.com/View?id=ah85g3kzb4tn_279d8f48k7qfrom web page
http://support.kaspersky.com/viruses/solutions?qid=208279889 (as above in members quote)
Because I was rushed to do other things, I allowed a user continue on the system. Malware atributes were still active but I guess not fully blown because the user didn't mention any performance loss. However, when I briefly ran the system that night to view the detection data, another malware file transferred, this time from within C: drive (see image Win32: Malware-gen). And I'm guessing a bit here - because I was so rushed, the recovery was stilted with no time to keep a record. The next day after boot the system performance quickly deteriorated, and I once again ran avast bootscan, which detected the Malware-gen file. (I have since run windows Repair option and uninstall/reinstall avast, so no more records of events are available).
Here is my posts from the time to avast forum
http://forum.avast.com/index.php?topic=52028.msg569527#msg569527After avast boot scan, I ran ComboFix for the first times ever (twice), which seemed to help, and a general search and destroy throughout system and registry, the combined effect of which was to cripple the virus. Nevertheless, system response to disinfection had been hostile. I was unable to turn antivirus off for Combofix. Relentless obstruction included keylogger barriers, denials of service, reset group policies include file/folder ownership
refusal of permissions (to delete), modifications to config settings, and so on. Neither did I manage to get a whole picture because once crippled, the malware was truly spent, and regardless, I kept on wiping whatsoever toxic that remained.
By that stage I was fully involved in disinfection, and had put everything else to one side. I ran the Kaspersky recommendations, and for a couple of days tried to mend manually any incorrect modifications engineered by the virus. Then I followed an essexboy guide for removal of security tools, then uninstall avast, run windows Repair, and reinstall avast. Finally, work to build system to optimal performance.
As my post says, I usually run into small fry malware, so it doesn't bother me too much when a non-priority computer is threatened - often means I will get a bit of practice at malware fighting. And I can afford to lose a system (I have surplus, my overriding advantage when it comes to malware infections). This time I might have lost the system, and yet my intuition tells me that even with a case of virut, and as long as I strike reasonably early, I should be able to recover the system without recourse to reformat.
I'm sure there will be some on the forum that will not agree with this intuition. And that is a good thing because in today's environment, we should never underestimate the capabilities of malware and the bundled software packages that make up their force and effect.
(edit - document has been edited)