[Closed] Please read my logs after doing 6 steps of removing a virus
- Thread starter plan32
- Start date
- Status
Bobbye
Posts: 16,313 +36
Welcome to TechSpot! I'll be glad to review your logs. But you missed this in our directions:
Once you get the logs pasted in, I'll review them.
==========================================
My Guidelines: please read and follow:
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Once you get the logs pasted in, I'll review them.
==========================================
My Guidelines: please read and follow:
- Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
- Read my instructions carefully. If you don't understand or have a problem, ask me.
- If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
- Follow the order of the tasks I give you. Order is crucial in cleaning process.
- File sharing programs should be uninstalled or disabled during the cleaning process..
- Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you. - Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Bobbye
Posts: 16,313 +36
Thank you for the update. Be advised tha this is what you have:
Not good news- you have a Sality virus infection: This is the malware that exploits the .lnk vulnerability.
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web
It then creates and starts a service to load the driver. The driver blocks access to a variety of security software vendor web sites.The virus then disables security software services and ends security software processes. It also disables registry editing and the task manager.
http://www.symantec.com/connect/blogs/all-one-malware-overview-sality
Windows fails to correctly parse shortcut files, identified by the ".lnk" extension. The flaw has been exploited most frequently using USB flash drives. By crafting a malicious .lnk file, hackers can hijack a Windows PC with little user interaction: All that's necessary is that the user views the contents of the USB drive with a file manager like Windows Explorer.
Tests showed that the exploit works even when AutoRun and AutoPlay -- two functions that have previously been used by attackers to commandeer PCs using infected flash drives -- are disabled. The rootkit also bypasses all security mechanisms in Windows, including the User Account Control (UAC) prompts in Vista and Windows 7, ...
Worm is named Win32/Stuxnet.A.
Because of these actions, We recommend you do a reformat/reinstall. Attempts to clean this virus to include the backdoor capability usually fail.
You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
Not good news- you have a Sality virus infection: This is the malware that exploits the .lnk vulnerability.
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web
It then creates and starts a service to load the driver. The driver blocks access to a variety of security software vendor web sites.The virus then disables security software services and ends security software processes. It also disables registry editing and the task manager.
http://www.symantec.com/connect/blogs/all-one-malware-overview-sality
Windows fails to correctly parse shortcut files, identified by the ".lnk" extension. The flaw has been exploited most frequently using USB flash drives. By crafting a malicious .lnk file, hackers can hijack a Windows PC with little user interaction: All that's necessary is that the user views the contents of the USB drive with a file manager like Windows Explorer.
Tests showed that the exploit works even when AutoRun and AutoPlay -- two functions that have previously been used by attackers to commandeer PCs using infected flash drives -- are disabled. The rootkit also bypasses all security mechanisms in Windows, including the User Account Control (UAC) prompts in Vista and Windows 7, ...
Worm is named Win32/Stuxnet.A.
Because of these actions, We recommend you do a reformat/reinstall. Attempts to clean this virus to include the backdoor capability usually fail.
You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
- Status
Similar threads
Latest posts
-
Repair shop reports receiving 200 melted RTX 4090s per month, up from last year- WhoCaresAnymore replied
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Endymio replied
