We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus?
Comments
-
I still think you'd be better putting your efforts into reinstalling windows rather than running hours & hours of scans.
From the portion of the DDS I quoted earlier, this is the variant you had (from the original MS link I gave you).
The payload doesn't make for good reading - most of which you've seen.Recent variants of Sality, such as Virus:Win32/Sality.AM, do not drop the DLL, but instead load it entirely in memory without writing it to disk. This variant, along with others, also drops a driver with a random file name in the folder "<system folder>\drivers". The driver is detected as Trojan:WinNT/Sality.
You are part of a botnet when infected with sality. Can you really trust the PC - even if you "clean" it?Deletes security-related files
Terminates security-related processes
Blocks access to security-related domains
Steals sensitive information
Some Win32/Sality variants can steal cached passwords and log keystrokes entered on the affected computer.
Downloads and executes arbitrary files
Win32/Sality variants usually attempt to download and execute other files.
Injects code into running processes
Prevents Windows from booting up in Safe Mode
Drops other components
Modifies %SystemRoot%\system.ini
Connects to a P2P network
Computers infected with the latest versions of Win32/Sality, such as Virus:Win32/Sality.AT, and Virus:Win32/Sality.AU, connect to other infected computers by joining a peer-to-peer (P2P) network. From other computers in the P2P network, they receive URLs pointing to additional malware components.
Lowers computer security
Modifies Windows Firewall to allow Internet communication
Disables Windows Firewall via the registry
Runs "netsh" to disable Windows Firewall
Redirects NETSH event tracing session logging
Turns off monitoring the installed antivirus software from within the Microsoft Security Center
Turns off security alerts in Windows Security Center
Disables Windows Task Manager
Turns "Offline Mode" off in Microsoft Internet Explorer
Allows hidden files to remain hidden
Prevents access to registry editing tools such as "regedit"0 -
I still think you'd be better putting your efforts into reinstalling windows rather than running hours & hours of scans.
From the portion of the DDS I quoted earlier, this is the variant you had (from the original MS link I gave you).
The payload doesn't make for good reading - most of which you've seen.
You are part of a botnet when infected with sality. Can you really trust the PC - even if you "clean" it?
I will reinstall. I just have to backup first and then work out where all my CDs are for all my applications and where all my registration/passes are for them. AOL will be the biggest one or I won't be able to get online.
Backing up starts now - but not all the PC users are around so I can't access all their files and know which ones they want saved - plus some will/may be personal so will start with mine.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards