i have been having this problem for few months now, the virus disables task manager , registry editor , windows firewall , safe mode. i tried to download avast but the virus automaticly closed it and deleted the setup. i even tried to reinstall windows b4 but the virus still living in my pc

Could you follow the first post here http://forum.avast.com/index.php?topic=53253.0

Then once done post the resultant logs in this thread

here are the logs

here are the logs

I am afraid you may have Sality

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL DRV - File not found [Kernel | On_Demand | Running] -- -- (amsint32) O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AUtOplAY\comMAnd - "" = G:\kqmg.exe O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\AutoRun\command - "" = G:\kqmg.exe O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\eXplore\COmManD - "" = G:\kqmg.exe O33 - MountPoints2\{da8b492e-0756-11e1-8fa9-0008021de32e}\Shell\opEN\commanD - "" = G:\kqmg.exe [2011/08/22 17:59:02 | 000,103,140 | ---- | M] () -- C:\eswatj.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

THEN

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

just adding some info

from malwarebytes log

Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

Sality is a file infector…

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

uh the OTL took more than 1 hour already and still working, is that normal? ???

Only if you have never emptied your temporary files. Close OTL out and run the sality fixes please

hey i just cleared my temp files now and the OTL worked but iam unable to download the sality killer with or without IDM

I have just uploaded them to my skydrive here https://skydrive.live.com/?cid=32d8666f4048075b&sc=documents&uc=2&id=32D8666F4048075B!117

hey ive completed all the steps here, are there other steps or i can be sure that iam 100% sality free ;D

Could you now download and install Avast then run a full scan and let me know if it finds anything at all

i took 2 screen shots of the 15 infected files found by avast before deleting them, but they are
1.37 Megabytes does it mean i cant upload here?

It would be too large, the image/file size for attachments is 200KB.

When saving screenshots, only capture the active window, save in .gif format (good enough for quality) and gives a smaller file size.

That said there is no need to do screenshots when you can copy and paste from the scan logs. For detection on on demand scans, check C:\Documents And Settings\All Users\Application Data\Alwil Software\Avast5\Log (Windows 2000, Windows XP). Or C:\ProgramData\Alwil Software\Avast5\log (windows Vista, windows 7).

Also - Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

i rushed to deleting them cause i dont use those infected programs anymore so i dont need them, but the problem is i still cant find the log file, iam using the latest version of avast by the way…

Depending on your OS and settings, those folders may be hidden. You would need to change the windows explorer, Tools, Folder options, not to Hide files and folders.

Also, the avastUI, Scan Computer, selected scan (Quick/Full, etc.) More details, Settings, Report File, Generate report file option would have to be checked.

ah should have known that before i did the full scan and the pic cant change its size, i did another full scan and nothing is infected now, what should i do ???

Could you now run a fresh OTL scan selecting all usersand running the quick scan

scan complete

Looks like you may have been lucky - are you experiencing any problems ?