Help in cleaning malware (Kukacka and Salicode)

Hi,

I would like to seek your help in removing a malware(s) from my system. I have also read the “Logs to assist in cleaning malware” thread and I have attached the 3 logs files (MBAM, OTL and Extras)

Please let me know if additional details would be required.

Thank you

Hi

Here’s the last log file (aswmbr)

Looking forward to your assistance

Thank you

malware expert is notified…

something to read about file infectors
http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

I can see no sign of sality there at the moment, but we will check that out

The following programme may need to be run several times and no guarantee can be given

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)


:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hi

I might have made a mistake of running the salitykiller twice. Nevertheless, here’s the new OTL log file.

Thank you

Did sality killer detect anything ? What problems are you experiencing ?

Salitykiller detected some from the D: drive (internal partition) and cleaned it up.

I was not experiencing any major problems when I started this thread. I only encountered virus alerts from avast. After which, i scanned the system and found that there were a number of files which were infected. That’s when I did some research and stumbled upon this forums.

I did a full system scan from Avast earlier and it did not detect any Sality or Kukacka. I guess the problem is solved?

Thank you

Good, Avast can clean sality but I always like to double check. Enjoy

Same here. Better safe than sorry.

Thank you again Essexboy and the whole team. Keep up the good work!

***sorry for the big fonts (if any) as I am viewing this from a mobile device.