Welcome to TechSpot. Bad news though. If you did have a Sality malware infection, you most likely will still have it. Let's check and see what your status is:
Open
VirusTotal
- Open Windows Explorer: Windows key + E> Go to Tools> Folder Options> View tab> Cleck 'show hidden files and folders.'> Apply> OK
- At the upload site, click once inside the window next to Browse.
- Press Ctrl+V to paste each of the following, one at a time into the window
[*]explorer.exe (Path is C:Windows)
[*]userinit.exe (Path is C:Windows System32
[*]svchost.exe (Path is C:\Window\System32
- Click on the Upload button.
- IF file shows 'already analyzed' press Reanalyze now button[/b]
When scans have all been done, please go back and check 'do not show hidden files and folders'> Apply> OK.
Please post the scan results in your next reply.
======================================
Also, please run the Eset Online virus scan. You should have rebooted the computer following your efforts to remove this> if you have not, please do so before runnng the scans.
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
This is the malware that exploits the .lnk vulnerability. Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web
It then creates and starts a service to load the driver. The driver blocks access to a variety of security software vendor web sites.The virus then disables security software services and ends security software processes. It also disables registry editing and the task manager.
[b]http://www.symantec.com/connect/blogs/all-one-malware-overview-sality[/b]
The exploit works even when AutoRun and AutoPlay -- two functions that have previously been used by attackers to commandeer PCs using infected flash drives -- are disabled. The rootkit also bypasses all security mechanisms in Windows, including the User Account Control (UAC) prompts in Vista and Windows 7, ...
Because of these actions, We recommend you do a reformat/reinstall. Attempts to clean this virus to include the backdoor capability usually fail.