Win32:Salicode... Sality

I just used a CD in my laptop and since then, avast is catching these viruses

inf autorun-gen@bhv wrm
Win32: Salicode
Win32: Sality

How can I get rid of them?

Instructions https://forum.avast.com/index.php?topic=194892.0

Attachments.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
RemoveProxy:
() C:\Users\AL-KARAM\Desktop\u1603.exe
() C:\Users\AL-KARAM\Desktop\utmp\u.exe
GroupPolicy\User: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\14078778.js [2017-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\14078778.cfg [2017-01-01] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
S2 OpenDHCPServer; C:\Windows\TEMP\OpenDHCPServer.exe [X]
2009-07-14 04:01 - 2009-07-14 05:44 - 080200320 ___SH () C:\ProgramData\mscfl.exe
2016-09-05 12:57 - 2016-09-05 12:57 - 000000110 ____H () C:\ProgramData\obid31
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ChromeHTML: ->  <==== ATTENTION
HKU\S-1-5-21-2764175199-3929174775-3743065970-1000\...\ChromeHTML: ->  <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\All Users:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\Users\AL-KARAM\AppData\Roaming:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6 [64]
AlternateDataStreams: C:\ProgramData\Temp:5B661474 [123]
C:\Users\AL-KARAM\Desktop\u1603.exe
C:\Users\AL-KARAM\Desktop\utmp\u.exe
EmptyTemp:
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Attachment.

Many thanks

Does Avast still report threats?

No, it is perfect! You are a genius. Many thanks!

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.