Inactive Infected with heur and win32/sality.nba virus

[marky20]

hi, my kapersky av detected an heur:trojan.win32.generic infection in my computer yesterday. then, as I tried scanning again my computer with ESET, it told me that my computer was infected with win32/sality.nba virus.

I need help, what should I do?

 

[marky20]

here's the eset log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=acc7cc7771419441939d01db8f332112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 10:27:26
# local_time=2012-07-18 06:27:26 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1280 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=57195
# found=41
# cleaned=0
# scan_time=6889
C:\KmInstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoi18viz.default\Cache\A\F8\6BBE9d01 JS/Agent.NGK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\Local Settings\Temp\nse99.tmp\215AppsChecker.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Download 2011\KM Twain Driver v311819.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Download 2011\msgr11us.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Download 2011\Photo_Crop_Editor_2.0.rar_downloader.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Download 2011\RealPlayer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Download 2011\wrar401.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Downloads\CNET_TechTracker_2_1_0_69_Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Downloads\gtk2123setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Downloads\IDpackFreeEdition8.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\wengiecay\My Documents\Downloads\SpeedyPC Pro Installer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMWizard.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Broadcom\BACS\BacsTray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\mmc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd8.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd17\PostInst\PostSetup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd22\Photo Pos Pro.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd23\ReflexiveArcade\unins000.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\Data\Disk1\Diagnosis\BrCollect.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\SetupDCP115C\Chn\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\SetupDCP115C\Fre\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\SetupDCP115C\Nor\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\SetupDCP115C\Por\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd28\SetupDCP115C\Spa\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\RECYCLER\S-1-5-21-1757981266-484061587-725345543-1003\Dd29\angry birds season\AngryBirdsSeasonsInstaller_1.5.1.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\ip1000x64190en.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\KM Twain Driver v311819.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\LichtnerFontInstaller.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\Photo_Crop_Editor_2.0.rar_downloader.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\R155463.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\RealPlayer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\sp24465.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\sp31335.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\sp42470.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\winzip155.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\Kyocera KX Driver 4.4\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
D:\STUFFS!\FROM C DIRECTORY\Download 2011\Kyocera KX Driver 4.4\Utility\KmInstCm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I

 

[Jay Pfoutz]

Hi! Welcome to the TechSpot forums!

The infection that you can see in the ESET online scan, Sality is what we call a file-infector.

These are particularly malicious, in that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.


What I highly recommend now is a reformat and a reinstallation of Windows XP.

Please let me know if you are prepared to do so.

You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.

So, with that said, do you have your Windows XP CD?

Guide for format and reinstall:
http://www.helpmyos.com/tutorials-s...-operating-system-the-easy-way-t1307.htm#3143

If you would like to try to disinfect the system anyway, no promises, but I can do the best I can possible.

 

[marky20]

dragon master jay, thank you for taking the time, as I have reinstalled my windows xp, as you have recommended. good thing, I have backed-up about 80% of my daughter's thesis in school a few days before getting infected.

again, thank you. I have learned so much just within days of joining this forum.

 

[Jay Pfoutz]

You're welcome. I'd like to assist in making sure you have the proper security setup for the computer...

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.