Spread the love! TechSpot Tech Gift Shortlist 2017

[Not curable-Sality] Malwarebytes anti-malware can't remove virus

By Motivationalist
Mar 23, 2013
  1. Hi guys,
    My PC is infected by virus. I downloaded and updated MBAM and performed quick scan (more then 10 times) and keep getting "6" detections which seems MBAM is not able to remove them (even after restarting on completion of scan every time).

    Following are the details of MBAM detections that keeps on coming up ever time I scan the system.

    Malware.Packer.Gen (Vendor)........... C:\iodq.exe
    Virus.Sality (Vendor)........................... Registry key
    Virus.Sality (Vendor)........................... Registry key
    PUM.Disabled.SecurityCenter............ Registry Data
    PUM.Disabled.SecurityCenter............ Registry Data
    PUM.Disabled.SecurityCenter............ Registry Data

    Please help out to remove torjan completely from my machine.

    [P.S some programs are poping out this error (runtime error r6002 floating point) when I try to execute them]

  2. Broni

    Broni Malware Annihilator Posts: 54,140   +378

    I'm afraid I have very bad news.

    You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:

    Backup all your documents and important items only.
    DO NOT backup any files mentioned above.

    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

    For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

    To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

    Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

    To find out more information about how you may have got infected in the first place, you can read this article.

    I am sorry I cannot give any better news.
  3. Motivationalist

    Motivationalist TS Rookie Topic Starter

    Hi Borni,

    Thanks for your feedback.

    Need your more advice on reformatting the OS....

    1) Well, I don't have any bank/credit account information or any other confidential information stored in any of my drive to worry about. (I mostly have videos, photos, and books in pdf format, some academical softwares etc.)

    2) If I wipe all data from the C drive (OS drive) and reinstall the windows in it after formatting only C drive, then immediately install antivirus and antimalware on machine (also update it). Then Scan whole system including other drives like (D, E, F)........ Will it repair the data? and if not, will the Sality virus from other drives attack again my OS partition even if I would have updated antivirus installed? (If I just open any picture or any video, something like that from other effected partitions)

    Thank You!
  4. Broni

    Broni Malware Annihilator Posts: 54,140   +378

    2. You should be OK.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...