Author Topic: Can't ever get rid of this virus, please i need help  (Read 9490 times)

0 Members and 1 Guest are viewing this topic.

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Can't ever get rid of this virus, please i need help
« on: August 22, 2011, 03:38:45 PM »
i have been having this problem for few months now, the virus disables task manager , registry editor , windows firewall , safe mode. i tried to download avast but the virus automaticly closed it and deleted the setup. i even tried to reinstall windows b4 but the virus still living in my pc  :'(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't ever get rid of this virus, please i need help
« Reply #1 on: August 22, 2011, 04:09:27 PM »
Could you follow the first post here http://forum.avast.com/index.php?topic=53253.0

Then once done post the resultant logs in this thread

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #2 on: August 22, 2011, 06:21:00 PM »
here are the logs

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #3 on: August 22, 2011, 06:22:29 PM »
here are the logs

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't ever get rid of this virus, please i need help
« Reply #4 on: August 22, 2011, 06:37:23 PM »
I am afraid you may have Sality

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- -- (amsint32)
    O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AUtOplAY\comMAnd - "" = G:\kqmg.exe
    O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AutoRun\command - "" = G:\kqmg.exe
    O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\eXplore\COmManD - "" = G:\kqmg.exe
    O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\opEN\commanD - "" = G:\kqmg.exe
    [2011/08/22 17:59:02 | 000,103,140 | ---- | M] () -- C:\eswatj.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download  Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip 
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: 

under Windows 2000 run the registry file SafeBootWin200.reg 
under Windows XP run the registry file SafeBootWinXP.reg 
under Windows 2003 run the registry file SafeBootWinServer2003.reg 
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36797
Re: Can't ever get rid of this virus, please i need help
« Reply #5 on: August 22, 2011, 06:42:58 PM »
just adding some info

from malwarebytes log
Quote
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

Sality is a file infector...

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #6 on: August 22, 2011, 09:27:26 PM »
uh the OTL took more than 1 hour already and still working, is that normal?  ???
« Last Edit: August 22, 2011, 09:34:09 PM by Bassem »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't ever get rid of this virus, please i need help
« Reply #7 on: August 22, 2011, 09:53:51 PM »
Only if you have never emptied your temporary files.  Close OTL out and run the sality fixes please

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #8 on: August 22, 2011, 10:06:38 PM »
hey i just cleared my temp files now and the OTL worked but iam unable to download the sality killer with or without IDM
« Last Edit: August 22, 2011, 10:18:53 PM by Bassem »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #10 on: August 22, 2011, 11:47:34 PM »
hey ive completed all the steps here, are there other steps or i can be sure that iam 100% sality free  ;D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't ever get rid of this virus, please i need help
« Reply #11 on: August 23, 2011, 12:16:05 AM »
Could you now download and install Avast then run a full scan and let me know if it finds anything at all

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #12 on: August 23, 2011, 01:44:31 AM »
i took 2 screen shots of the 15 infected files found by avast before deleting them, but they are
1.37 Megabytes does it mean i cant upload here?
« Last Edit: August 23, 2011, 02:00:17 AM by Bassem »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84118
  • No support PMs thanks
Re: Can't ever get rid of this virus, please i need help
« Reply #13 on: August 23, 2011, 02:15:38 AM »
It would be too large, the image/file size for attachments is 200KB.

When saving screenshots, only capture the active window, save in .gif format (good enough for quality) and gives a smaller file size.

That said there is no need to do screenshots when you can copy and paste from the scan logs. For detection on on demand scans, check C:\Documents And Settings\All Users\Application Data\Alwil Software\Avast5\Log  (Windows 2000, Windows XP). Or C:\ProgramData\Alwil Software\Avast5\log (windows Vista, windows 7).

Also - Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Bassem

  • Newbie
  • *
  • Posts: 16
Re: Can't ever get rid of this virus, please i need help
« Reply #14 on: August 23, 2011, 02:45:20 AM »
i rushed to deleting them cause i dont use those infected programs anymore so i dont need them, but the problem is i still cant find the log file, iam using the latest version of avast by the way...