Virus/Trojan That stops Regedit+TM+access to some files

Discussion in 'Malware Help (A Specialist Will Reply)' started by Turok, May 25, 2010.

Page 2 of 2
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After giving this some more thought, I think we need to face the below facts and stop wasting anymore time.

    Sality infections cause a lot of problems/damage ( much like Virut and other PE file infectors). Many legitimate executable type files on your PC are more than likely infected and have to be disinfected which is not an easy thing to do nor is it reliable. In most cases, like yours, it is very difficult to run anything and real full blown antivirus scanners must be run in an attempt to locate and disinfect all the infected files. There is no way you can clean this kind of infection manually since any single remaining process or file will just respawn the infection and we cannot determine all of the infected files by just looking at logs. Since there is no reliable way you can deal with this manually and since the infection blocks the use of online scanners and would likely just infect any antivirus program that you try to install now, you do not have much choice on what to do next. And that choice is to format and reinstall. Also you cannot reliably make any backups of any executable type files on your PC with risking the possibility of just starting the infection over again if you put the files back on this PC.

    Also to make things worse, if you used any kind of flash/usb drives one this PC (even digital camera cards and similar) or if you connected this PC or the USB devices to any other PCs, they are all likely infected.

    So this is actually a lost cause and the fastest and safest most reliable method to fix this is to format and reinstall.
     
    chaslang, May 29, 2010
    #51
  2. Turok

    Turok Private E-2

    I just wanted to know does this virus KEYLOG or save passwords+usernames i have been using or no? and what happens if i just keep this virus on my pc and never take it out what would happen it seems to not grow stronger and just block taskmanager + regedit and hide hidden folders + take off firewall this only.
     
    Turok, May 30, 2010
    #52
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes some variants may steal information and log keystrokes. Also since it breaks your security programs, you are extremely susceptable to getting many other dangerous infections. In addition, it will spread to anything you connect to this PC including networked PCs or even flash drives (including thumb drives, digital camera memory, iPods and similar devices) and will thus spread to other PCs where you may use these devices. This is not something you can live with on your PC.

    You can read a little more info on it in the below:

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fSality

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99



    If you or anyone else has been using this PC for any financial related transactions, you are at risk of having information stolen and need to check with your financial institutions. You also need to use a different uninfected PC to change ALL passwords. Do not use a public PC at a library, internet cafe.....etc. You should also read the below:

    http://www.dslreports.com/faq/10451

    http://www.dslreports.com/faq/10063
     
    chaslang, May 30, 2010
    #53
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds