Just got a new hard drive installed on my computer with Windows 7 x64 Ultimate preloaded. Soon after, I found out that the technicians who set it up somehow managed to get it infected with Sality. I would prefer to avoid reinstalling - there may be very little installed on the new drive, but this machine has been through so many reformats, I’m getting a bit tired of the recovery process. Avast seems to have found and removed all of the infected files - most of them were in an install of Nero, which I also removed - but I’m concerned about stability with so many files moved to the chest.
Not sure how to retrieve the actual log files and post full copies of the text here, if that’s even possible, but the boot scan I just ran tossed up at least a dozen errors claiming various CAB files were corrupt (although most of them seemed to have other extensions). Presumably, it would be easier to determine whether the problem can be solved with individual software reinstallations if they were all listed.
Files infected, as far as I know - taken manually from the log viewer, because I don’t see an export button:
Win32:Sality:
C:\Config.Msi\1c5222.rbf
C:\Config.Msi\1c5228.rbf
C:\Config.Msi\1c58dc.rbf
C:\Config.Msi\1c5a27.rbf
C:\Config.Msi\6d1343.rbf
C:\Config.Msi\cebb4f.rbf
C:\Config.Msi\cebb50.rbf
C:\Config.Msi\cebb55.rbf
C:\Config.Msi\cebb5f.rbf
C:\Config.Msi\cebb66.rbf
C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
C:\System Volume Information_restore{6DE539DA-CFBA-4562-B4E4-9B0FCF5390C9}\RP457\A0122539.exe
(Note: These following files are listed twice in the Chest for some reason)
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
C:\Windows\Installer$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
Win32:Sality-GR:
C:\Users*snip*\AppData\Local\Temp\winnvwrc.exe|>[UPX]
C:\Users*snip*\AppData\Local\Temp\xapksp.exe|>[UPX]
If there’s a way to view all the details of the scans performed, and more importantly, to recover fully without reformatting the drive, more info about it would be much appreciated.