hi bleeping computers experts. my laptop microsoft vista buisness had been infected by w32 sality. run button disappear from start, my task manager cannot be started, regedit was disabled by adminstrator but im the adminstrator. All my .exe is infected. im running SDfix\a2cmd.exe, norman malware cleaner, AVG free edition and virus remover for W32 sality now. i also tried errosmart and antispyware, but after scanning and removing threats, task manager and regedit is still not enabled.
i really need serious help here. i have hijackthis in my computer too. seriously need instructions to clear this W32 sality.

Actually that's another site, this is TechSpot

Please try here: New Preliminary Removal Instructions

oops sorry. i posted my problem on bleeping computer but no one replied so i copied from there and paste it here and i forgot to change it to techspot. im runing malwarebytes and superantispyware now and also SDfix kaspersky virus removal tool. everytime i boot up my laptop and try to log into windows, it will auto restart. i have to reboot and press F8 and select 'boot from last known good configuration' to log in to windows.

Hi. this is my logs.

Hi :

Highly unusual for Adobe Reader to be a "Running Process", as indicated in your
HijackThis log . This MAY be the Source of your infection because Researchers found a new hackertoolkit that uses nothing but Adobe securityleaks in order to infect systems. "PDF Xploit Pack" ( http://www.trustedsource.org/blog/15...e-PDF-Exploits )adds all kind of exploits to PDF-files. When a certain exploit has successfully infected the OS, the IP address is sent to the attackers, so they need to try again. This to reduce the time it takes to manage the bots.

Use of PDF-files is becoming more and more popular amongst malcreants, this because other toolkits also have PDF exploits now. A year ago only 3% of the exploits were PDF directed.

After uninstalling Adobe, seriously consider using the safer "Foxit Reader" .

i uninstall adobe reader but it does not solve my problem. task manager and regedit still disabled. when i boot my laptop and i try to log into my user account, it says "The group policy client failed to log on, The media is write protected" and then i automatically restart after showing the message for 0.5 second.

Hi :

I see other problems, but doubt resolving them would change your "Situation" .
Since no one else is responding, I suggest you ask the experienced, certified,
"Microsoft Most Valuable Professionals" on the Support Forums at
http://aumha.net for help . And do NOT post a HijackThis Log that has been run
in "Safe Mode" unless "Normal Mode" will not run .

ok thnx. anyway i used group policy to enable my regedit. inside HKCU\software\microsoft\windows\currentversion\policies\System, disabletaskmgr and disableregedit is set to 1. so i set it to 0 and off regedit. but after i close regedit, it will automatically set to 1 again and regedit is disabled by adminstrator again. So i guess it is the virus that cause this to happen.

Download RatsCheddar

It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, Double click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

to kimsland

hey. eh that ratscheddar is useful at the first time. after that once i open regedit and close it. taskmgr and regedit is disabled again and ratscheddar dun work anymore. anyway more importantly is that my OS cant boot normally. when i tried to log in, its says "The group policy client failed to log on, The media is write protected" and then it automatically restart after showing the message for 0.5 second. i have to boot and press F8 and select boot from last known good configuration in order to log into windows.

Please tick and fix these entries in HJT

it seems like im unable to delete it. i click fix checked. and then rescan again, the thing is there again.

Can you try Startup Control Panel and remove it from there
Also are you in an Administrator account

i try uninstalling antispyware, it says fatal error occured removing driver: uninstallFilterDriver : LoadLib : The specified module could not be found. i cant seems to find AVG7 things in my add and remove programs.

Means AVG7, files (well the above HJT log files), are gone
By removing them in a new HJT scan, all should be ok

What Antivirus are you presently using?

yup im in adminstrator account. what u mean by "Means AVG7, files (well the above HJT log files), are gone
By removing them in a new HJT scan, all should be ok" im using adaware, spybot search and destroy, malwarebytes, Superantispyware, SDfix.

I'm referring to Post#11 above

Run HijackThis again, and remove those entries

Also part of the New Preliminary Removal Instructions was to install (and update) an Antivirus.

I tell you what, do the following:

Uninstall any live protecting programs like Spybots S&D, then download Avira free Antivirus.
Do a full update. Then do a full scan

Please do these steps (which are also part of the New Preliminary Removal Instructions you completed, you did complete those steps, didn't you??)

hmm im unable to delete these hijackthis entries. everytime i delete it keep coming back.

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)

i did follow the New Preliminary Removal Instructions as u can see from post #4, after doing it i posted the logs of malwarebytes, Superantispyware and hijackthis.
i uninstalled Spybot S&D and installed avira, im going to do a full scan now. thnx

i ran avira scan and it detect almost all my .exe files as W32\sality.

Almost all as in referring to on your system? I once encountered a problem like this, and I would recommend a reformat to be ultimately safe, especially if it keeps coming back through different program exe's.

I ended up cleaning and uninstalling almost every important program/software/game on my system because apparently such trojans infect exe files, and perpetuates its codes on other exe files. As such, you can delete/clean the original bad trojan file, but the infection remains stuck on your system.

There's no knowing which files have been infected and are just lying dormant waiting to be run and infect more exe files on your system.

to momok

hmm i have thought of reformatting but im using vista and i duno how to do a reformat. all i have is a Windows vista recovery DVD. but everytime i boot up with the with recover DVD inside or choose repair my computer, it will hang at a black screen after loading for awhile. i waited for 1 hour but nothing happened. System restore is also not working. everytime i do system restore and restart my laptop, it will say the system restore had failed.