Win32:Salicode... Sality

Sulail · August 8, 2017, 6:29pm

I just used a CD in my laptop and since then, avast is catching these viruses

inf autorun-gen@bhv wrm
Win32: Salicode
Win32: Sality

How can I get rid of them?

Pondus · August 8, 2017, 6:31pm

Instructions https://forum.avast.com/index.php?topic=194892.0

Sulail · August 8, 2017, 8:13pm

Attachments.

SassDrake · August 8, 2017, 11:58pm

Open Notepad (click Start button → type notepad.exe → press Enter)
Copy text from code block below and paste it into Notepad

RemoveProxy:
() C:\Users\AL-KARAM\Desktop\u1603.exe
() C:\Users\AL-KARAM\Desktop\utmp\u.exe
GroupPolicy\User: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\14078778.js [2017-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\14078778.cfg [2017-01-01] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
S2 OpenDHCPServer; C:\Windows\TEMP\OpenDHCPServer.exe [X]
2009-07-14 04:01 - 2009-07-14 05:44 - 080200320 ___SH () C:\ProgramData\mscfl.exe
2016-09-05 12:57 - 2016-09-05 12:57 - 000000110 ____H () C:\ProgramData\obid31
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ChromeHTML: ->  <==== ATTENTION
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000\...\ChromeHTML: ->  <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\All Users:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\AppData\Roaming:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Temp:5B661474 [123]
C:\Users\AL-KARAM\Desktop\u1603.exe
C:\Users\AL-KARAM\Desktop\utmp\u.exe
EmptyTemp:

Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Sulail · August 9, 2017, 4:02am

Attachment.

Many thanks

SassDrake · August 9, 2017, 8:02am

Does Avast still report threats?

Sulail · August 9, 2017, 8:15am

No, it is perfect! You are a genius. Many thanks!

SassDrake · August 9, 2017, 8:32am

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Win32:Salicode... Sality

Announcements