The blog contains information about different types of viruses and properties of viruses.
Sality Virus:
Symptoms and Removal.
Symptoms and Removal.
It was two weeks ago a friend of mine gave me his pen drive to copy some of the softwares from my computer to his computer. Since I was in a hurry and trusted my antivirus for my computer's safety, I didn't check for the viruses in the pen drive. After a few minutes I noticed that the icons of anti virus and firewall disappeared. So I tried to run the applications from the start menu, but in vain. Then I tried to run the anti malware program. It also doesn't open. Then I tried to reinstall my anti virus. But it didn't worked. At last I had to format my computer. Then I collected the details about the virus to prevent the future attack. The situation that allowed the virus to enter into my computer were:
Sality is a family of file infecting viruses.It spreads by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable drive when connected to a computer. In addition, Sality includes a downloader trojan component that installs additional malware from the internet. Sality virus have keylogging and back door capabilities. It may infect executable files by prepending its code to host files.
Symptoms of infection:
Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped files when the drive is accessed.
Removal:
Try deleting with an anti virus software. If it fails, then remove the hard disk from your computer and connect it to your friends computer and boot into the operating system installed in his computer. Then run the updated anti virus in his system. Anti viruses like avast or BitDefender or Kaspersky or etc can be used. AVG is a bit lame. Repair or delete the viruses found on the scan. Care must be taken not to open any of the drives or files in your hard disk before running the anti virus in your friend's system since it may infect his computer. Then detach the hard disk from his computer and connect it to your computer. Then install a good and updated anti virus with real time protection in order to prevent future infection. Avast provides real time protection and I am satisfied in its functioning. So I am recommending it for your computer.
- My carelessness to disable auto run before inserting pen drive.
- Even though the antivirus was powerful to detect and remove Sality virus, it lacks real time protection that enable the virus to over power anti virus.
Sality is a family of file infecting viruses.It spreads by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable drive when connected to a computer. In addition, Sality includes a downloader trojan component that installs additional malware from the internet. Sality virus have keylogging and back door capabilities. It may infect executable files by prepending its code to host files.
Symptoms of infection:
Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped files when the drive is accessed.
Removal:
Try deleting with an anti virus software. If it fails, then remove the hard disk from your computer and connect it to your friends computer and boot into the operating system installed in his computer. Then run the updated anti virus in his system. Anti viruses like avast or BitDefender or Kaspersky or etc can be used. AVG is a bit lame. Repair or delete the viruses found on the scan. Care must be taken not to open any of the drives or files in your hard disk before running the anti virus in your friend's system since it may infect his computer. Then detach the hard disk from his computer and connect it to your computer. Then install a good and updated anti virus with real time protection in order to prevent future infection. Avast provides real time protection and I am satisfied in its functioning. So I am recommending it for your computer.