Not a virus

This is not virus

These programs detected by avast resalt as virus

These programs are virus ?? :-\

Regedit (C:\Windows)
Rundll32.exe (C:\Windows\System32)
Taskmgr.exe (C:\Windows\System32)
Utorrent.exe (C:\Program Files\Utorrent)
Photo scape.exe (C:\Program Files\Photoscape)

I’m so sad please Help me these programs are not virus What i do :frowning:

What malware name is given by avast ?

How do you know they aren’t a virus ?
As some of these files especially the first three have been targets for malware in the past.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

and…does your avast have latest update?

OK

I re install my all software’s
but my computer’s all software was virus but Windows notepad.exe ??

Which is why I asked about the malware name given by avast (and the other questions) as there is a possibility that you have a file infecter which targets .exe files.

I see you have started another topic about this, which just causes duplication for those trying to help.

I have replied in that topic, http://forum.avast.com/index.php?topic=111964.0, but you should continue in this topic, hopefully one of the moderators can move this topic to the viruses and worms forum where it should be.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and and attach the logs in this topic, not in the LOGS topic.

virus name :-

          Wordpad.exe = WIN32:salicode
          Notepad.exe in System32 folder = WIN32sality
          kimml.sys in system32 > driver folder = Win32:malware-gen


         Another all exe virus names = Win32:salicode

hi tharindu,

http://en.wikipedia.org/wiki/Sality You definitely need assistance from a certified malware removal expert for this.

Once the logs requested are attached as DavidR has asked, then a malware expert can come in and help you. To start this process, run AdwCleaner, Malwarebytes, OTL, and aswMBR. Attach all logs in your next reply.

We will work only in this thread

The following programme may need to be run several times and no guarantee can be given

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

HI mchain

AdwCleaner

Log file

   # AdwCleaner v2.103 - Logfile created 12/29/2012 at 12:15:24
   # Updated 25/12/2012 by Xplode
   # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
   # User : User - WIN2006
   # Boot Mode : Normal
   # Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
   # Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [716 octets] - [29/12/2012 12:15:24]

########## EOF - C:\AdwCleaner[R1].txt - [775 octets] ##########

Could you run sality killer first please and then follow up with the OTL scan

Ok i find problem

I temporarily disable Avast shield for 10 minutes

And virus was activated
minutes
Virus damage all kind of Exe files

Now What I Do now

Please reply

Follow essexboy’s (malware removal specialist) instructions in Reply #8 above, there wasn’t anything about disabling avast in those instructions (that I can see).

Disabling Avast has allowed the virus to spread, sality killer may not work now. However run it at least three times

AFTER 12 Hours scans was finiched ! Now what i do ?

Did it disinfect all files ? Is Avast still reporting Sality ?

yes I’ts disinfected all damaged exe but saltikiller was completly not finished it’s got 12 hours

Sorry for my bad english because i’m 13 years old boy !!

Your English is good

Once it has completely cleared sality then run the following programme

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

Big problem be’cos Notpad missing in virus chest in avast

Download a copy of notepad from here https://dl.dropbox.com/u/73555776/notepad.exe and place in the windows folder