|
Help me out getting rid of sality.NAQ |
Post Reply 
|
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
Spynet 
Senior Member 
Joined: 13 September 2007 Location: Iran Online Status: Offline Posts: 112 |
 Post Options
 Quote Reply
 Topic: Help me out getting rid of sality.NAQPosted: 22 April 2009 at 7:12am |
|
ok, sounds like that I should use an rogue antivirus for this purpose, and I did it ...
i downloaded ESET Nod32 ver 4.x and it cleaned my system ! congratulations to myself and eset  , anyway thanks all guys ...and why eset and Symantec choose low level of it's risk !? I can't solve the problem after two days, my self ! it was the greatest virus I have seen ever ! anyone has a binary of sality !? if there's something please put it here or send to my box . thanks - Arash |
|
 |
|
|
redhawk
Moderator Group 
Joined: 14 September 2005 Location: United Kingdom Online Status: Offline Posts: 1220 |
Post Options
Quote Reply
Posted: 21 April 2009 at 6:15pm |
|
Although malware may use random file names most do not bother to spoof the creation dates.
If you scan for files around the time of the infection then you would have a better idea which files need renaming / removing. Richard S. |
|
|
|
|
controler
Senior Member
Joined: 01 October 2006 Online Status: Offline Posts: 222 |
Post Options
Quote Reply
Posted: 21 April 2009 at 5:08pm |
|
It doesn't appear to address eEye's software or their website. I also don't see it targeting Comodo, You could give them a try also.
Maybe it would be worth a try. http://free-antivirus.eeye.com/ http://forums.comodo.com/beta_corner_cis-b133.0/ |
|
|
|
|
SvenBomwollen
Senior Member
Joined: 29 August 2008 Location: Germany Online Status: Offline Posts: 1400 |
Post Options
Quote Reply
Posted: 21 April 2009 at 4:13pm |
|
Hello, Spynet.
Win32.Sality uses random filenames. So it will not be possible to tell you the name of the driver file (%variable%.sys) or the executable names (%temp%\win%variable%.exe and %temp%\%variable%.exe) Yet, the Eset writeup on Win32.sality.naq combined with the Sysmantec writeup on w32.sality.ae should be good starting points for hunting the beast down and getting rid of it. The bigger trouble is that it is a file infector. This means even if you remove the original malware files completely, the changes which it will have applied to other executable files will not be undone. So any executable file may cause a re-infection when it is launched. Kind regards, SvenBomwollen |
|
|
|
|
Spynet
Senior Member
Joined: 13 September 2007 Location: Iran Online Status: Offline Posts: 112 |
Post Options
Quote Reply
Posted: 21 April 2009 at 11:19am |
|
recently i've been infected with win32.sality.NAQ as nod32 notified me,
unfortuantely, This malware is very Robust and with 2 days defensing
with it I've got no chance for cleaning my Box ...
I used other 3rd party applications like eset nod32, Spyware doctor, and Malware Bytes' anti-malware but no chance ! it confused me, please help for removing and cleaning my system . I changed my windows but then it activate automatically and disable my task manager and registry editor, also I need win32.sality.NAQ binary and device driver  |
|
|
|
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
