Hey Everyone, One of the computers at work is infected with the win32.sality virus. We can’t even login under administrator. It keeps just cycling us back to the login screen. We purchased and downloaded the avast bart and ran that which found all the files but we still can’t login to run any kind of removal tool. Is there any kind of bootable removal tool? Any suggestions would be greatly appreciated. :-[

Sality can be a nasty one to remove

I will send a PM to our expert malware remover Essexboy. He usually enters the forum late UK time

Thanks! Any help is greatly appreciated. ;D

Try this one,it may help until essex’s log
http://support.kaspersky.com/viruses/solutions?qid=208279889

Thanks, Trying that now!

Sality killer works reasonably well - but be aware that some of your system files may be damaged by the virus

As it is a work computer I would highly recommend that you isolate it, remove any data you need and then wipe it

Well the virus was on a server and we wanted to avoid the rebuild option. We have successfully removed the virus and are now able to log on but somethings aren’t working correctly. Is there some sort of repair tool? Does the Avast BART have something that can help?

Unfortunately this virus damages system files as it does its work. Cleaners cannot rebuild the infected files - Sometimes SFC /Scannow works to replace the damged files

did the sality killer help you?

Actually what we did was run the SalityKiller multiple times (each time it kept finding new infected files) and then we booted a full version of Kaspersky which finally removed the virus but I think the damage is done.

Update! So now that we are up and somewhat running we tried to do a sfc /scannow to fix any system files and that doesnt seem to be working to well. Is there anything on the Avast Bart that will run a similar function?

You could try a repair install - this will replace all windows files but retain your data. However, all programmes will need to be re-installed