DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   w32.sality virus problem (http://www.daniweb.com/forums/thread65318.html)

elangkin Dec 19th, 2006 9:59 am
w32.sality virus problem
 
My problem is here

I have 6 computers connected with ethernet switch and ADSL router for internet connection. one system win2K other five is win98. resently a virus affect all our systems (virus name w32.sality) still we unable to clean it. if i scan with norten virus not found. but we get virus found message very offen with each and evry exe files. The virus message is follwoing:

"" Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Sality.U
File: C:\DRIVER\WIN98II\SUCATREG.EXE
Location: C:\DRIVER\WIN98II
Computer: CHEMICAL2
User: sevak
Action taken: Clean succeeded : Access allowed
Date found: Tuesday, December 19, 2006 3:16:57 PM ""

Secondly, due to this problem one of our systems win2K when i switch on it immediately all the five systems internet sharing is gone out. after some time we are get the internet sharing after remove the dns numbers from win2k computer.

Even i tryed DHCP setting also. when the system browse the internet the adsl router light and ethernet switch light for router and the problem facing win2k system light are blinking very fast. If i remove the dns numbers or from win2k computer then all other is work fine.

We configured each system ip like this 192.168.1.2 to x.x.x.7 the router ip is 192.168.1.1.

I have changed the router setting as DHCP and checked with ipconfig all other computors working fine, they automatically asigned by router ip as 192.168.2.103 and 192.168.2.105.

But this particular computors show ip as 164.254.163.124, 255.255.0.0 and gateway 0.0.0.0.

Is there any solution for this two problem without reinstall the OS.

Please guide me

kylethedarkn Dec 19th, 2006 8:00 pm
Re: w32.sality virus problem
 
Norton isn't exactly a good anti-virus program. I would recommend Macafee or AVG, but that is up to you. I think a simple scan on all the computers will get the job done. Use the following instructions.

Please download and install ewido anti-spyware tool
  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido
Reboot back to normal mode

I think a scan by a good scanner like this should do the trick. If not, we will go from there. Also plz provide the log(s) for the scan(s).

elangkin Dec 20th, 2006 9:45 am
Re: w32.sality virus problem
 
HI kylethedarkn

Thanx for ur advise. I have done all as per ur instruction, AVG found too many spywares from my computer and clean it, now the network problem solved but AVG only work in win2k, im not able to install it in my other systems what i have installed win98.

what should i do.

kylethedarkn Dec 20th, 2006 3:09 pm
Re: w32.sality virus problem
 
Ok i'm pretty sure win98 has a safe mode, so do the following. Boot into safe mode by tapping F8 during startup and selecting safe mode and delete the following file.
C:\DRIVER\WIN98II\SUCATREG.EXE

See if that helps considering thats the one norton says its cleaning.

elangkin Dec 21st, 2006 8:25 am
Re: w32.sality virus problem
 
Thanx Kylethedarkn

I deleted C:\DRIVER\WIN98II\SUCATREG.EXE in safemode all the three systems but still i get the virus information from this three computers.

kylethedarkn Dec 21st, 2006 3:25 pm
Re: w32.sality virus problem
 
Double check to make sure that the file didn't just comeback. Also Norton really isn't a good Anti-Virus So i would recomend getting Macafee or AVG.

Also can you post the log from that AVG scan on the 2k computer.

elangkin Dec 22nd, 2006 2:55 am
Re: w32.sality virus problem
 
Here it is

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:50:45 PM 12/20/2006
+ Scan result:

G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/of_play_ins_w_2039.exe -> Adware.OnFlow : No action taken.
G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/tsad.dll -> Adware.TimeSink : No action taken.
G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/tsadbot.exe -> Adware.TimeSink : No action taken.
C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : No action taken.
G:\Backup\Softwares\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : No action taken.
C:\WINNT\system\winlogon.exe -> Backdoor.SdBot.xd : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/Eat/patch.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b2/Patch/DELTATEAM/WINRAR_2.80Beta 2 CRACK.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b3/Patch/EAT/wr28b3.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b4/EAT/patch.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b4/TNT_2/patch.exe -> Backdoor.Theef.111 : No action taken.
C:\WINNT\system32\i -> Downloader.Ftp.ab : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\21mHM0dPpr.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\6109cAl99h.zip/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\cmg0041a-2006-10-11.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\21mHM0dPpr.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\6109cAl99h.zip/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\cmg0041a-2006-10-11.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\AVG[1].Anti.Spyware.v7.5.0.50.Cracked.PROPER-CRD.rar/run.exe -> Downloader.Zlob.asy : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\AVG[1].Anti.Spyware.v7.5.0.50.Cracked.PROPER-CRD.rar/run.exe -> Downloader.Zlob.asy : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CNYHSJAH\bn50[1].exe -> Hijacker.Costrat.e : No action taken.
C:\dkj.exe -> Hijacker.Costrat.e : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\winrar.zip/WinRAR 2.8 Crack.exe -> Logger.Banker.zn : No action taken.
C:\WINNT\system32\scsi2usb.dll -> Logger.Goldun.lo : No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msoffice.exe -> Logger.Haxspy.ar : No action taken.
C:\WINNT\system32\drmlklza.exe -> Logger.Haxspy.ar : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/PhRoZeN CReW/patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/ROYAL ACCEZZ CREW/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/The Hobgoblin/WinRAR28b1_p.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b2/Patch/ROYAL ACCEZZ CREW/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b5/Owl_Key/Real_Work_For_Old_Keys/owl_wr28b5.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\WINNT\system32\scsipsrvc.sys -> Rootkit.Agent.at : No action taken.
C:\Documents and Settings\god\Cookies\god@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\god\Cookies\god@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\god\Cookies\god@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\god\Cookies\god@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\god\Cookies\god@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\god\Cookies\god@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\god\Cookies\god@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Program Files\Temp.Htt -> Worm.VB.nei : No action taken.
D:\Program Files\Common Files\Corel\Temp.Htt -> Worm.VB.nei : No action taken.
D:\Program Files\Temp.Htt -> Worm.VB.nei : No action taken.
E:\photoshop7.0\Box Shots\Temp.Htt -> Worm.VB.nei : No action taken.

::Report end

kylethedarkn Dec 22nd, 2006 3:50 pm
Re: w32.sality virus problem
 
Ok use the log to check the other computers for any of the same infections that were on your 2k computer. If you find any on the other 98 computer then go into safemode and delete them.

elangkin Dec 26th, 2006 5:09 am
Re: w32.sality virus problem
 
Ok i'll doit

Kylethedarkn, but let me know first, what is no action taken in the log report.

kylethedarkn Dec 26th, 2006 11:26 am
Re: w32.sality virus problem
 
Becaue the log was saved before you actually clicked apply all actions. So as far as the log knew you didn't do anything, when really you did.


All times are GMT -4. The time now is 11:29 am.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC