954,184 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
5 Years Ago
0

w32.sality virus problem

My problem is here

I have 6 computers connected with ethernet switch and ADSL router for internet connection. one system win2K other five is win98. resently a virus affect all our systems (virus name w32.sality) still we unable to clean it. if i scan with norten virus not found. but we get virus found message very offen with each and evry exe files. The virus message is follwoing:

"" Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Sality.U
File: C:\DRIVER\WIN98II\SUCATREG.EXE
Location: C:\DRIVER\WIN98II
Computer: CHEMICAL2
User: sevak
Action taken: Clean succeeded : Access allowed
Date found: Tuesday, December 19, 2006 3:16:57 PM ""

Secondly, due to this problem one of our systems win2K when i switch on it immediately all the five systems internet sharing is gone out. after some time we are get the internet sharing after remove the dns numbers from win2k computer.

Even i tryed DHCP setting also. when the system browse the internet the adsl router light and ethernet switch light for router and the problem facing win2k system light are blinking very fast. If i remove the dns numbers or from win2k computer then all other is work fine.

We configured each system ip like this 192.168.1.2 to x.x.x.7 the router ip is 192.168.1.1.

I have changed the router setting as DHCP and checked with ipconfig all other computors working fine, they automatically asigned by router ip as 192.168.2.103 and 192.168.2.105.

But this particular computors show ip as 164.254.163.124, 255.255.0.0 and gateway 0.0.0.0.

Is there any solution for this two problem without reinstall the OS.

Please guide me

elangkin
Newbie Poster
9 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Norton isn't exactly a good anti-virus program. I would recommend Macafee or AVG, but that is up to you. I think a simple scan on all the computers will get the job done. Use the following instructions.

Please download and install ewido anti-spyware tool Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
This in very important to get updates
When updating has finished. Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see the following site: HERE

You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!Open Ewido
Click on scanner top of Ewido sceen
Click on Settings
Under How to Act click on Recommended Action choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take awhile give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido
Reboot back to normal mode

I think a scan by a good scanner like this should do the trick. If not, we will go from there. Also plz provide the log(s) for the scan(s).

kylethedarkn
A.K.A. The Laughing Man
Team Colleague
628 posts since May 2006
Reputation Points: 55
Solved Threads: 39
 
5 Years Ago
0

HI kylethedarkn

Thanx for ur advise. I have done all as per ur instruction, AVG found too many spywares from my computer and clean it, now the network problem solved but AVG only work in win2k, im not able to install it in my other systems what i have installed win98.

what should i do.

elangkin
Newbie Poster
9 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Ok i'm pretty sure win98 has a safe mode, so do the following. Boot into safe mode by tapping F8 during startup and selecting safe mode and delete the following file.
C:\DRIVER\WIN98II\SUCATREG.EXE

See if that helps considering thats the one norton says its cleaning.

kylethedarkn
A.K.A. The Laughing Man
Team Colleague
628 posts since May 2006
Reputation Points: 55
Solved Threads: 39
 
5 Years Ago
0

Thanx Kylethedarkn

I deleted C:\DRIVER\WIN98II\SUCATREG.EXE in safemode all the three systems but still i get the virus information from this three computers.

elangkin
Newbie Poster
9 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Double check to make sure that the file didn't just comeback. Also Norton really isn't a good Anti-Virus So i would recomend getting Macafee or AVG.

Also can you post the log from that AVG scan on the 2k computer.

kylethedarkn
A.K.A. The Laughing Man
Team Colleague
628 posts since May 2006
Reputation Points: 55
Solved Threads: 39
 
5 Years Ago
0

Here it is

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:50:45 PM 12/20/2006
+ Scan result:

G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/of_play_ins_w_2039.exe -> Adware.OnFlow : No action taken.
G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/tsad.dll -> Adware.TimeSink : No action taken.
G:\Backup\Softwares\win2k\Utils\Downloaders\Reget 1.8.exe/tsadbot.exe -> Adware.TimeSink : No action taken.
C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : No action taken.
G:\Backup\Softwares\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : No action taken.
C:\WINNT\system\winlogon.exe -> Backdoor.SdBot.xd : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/Eat/patch.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b2/Patch/DELTATEAM/WINRAR_2.80Beta 2 CRACK.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b3/Patch/EAT/wr28b3.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b4/EAT/patch.exe -> Backdoor.Theef.111 : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b4/TNT_2/patch.exe -> Backdoor.Theef.111 : No action taken.
C:\WINNT\system32\i -> Downloader.Ftp.ab : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\21mHM0dPpr.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\6109cAl99h.zip/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\cmg0041a-2006-10-11.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\21mHM0dPpr.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\6109cAl99h.zip/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\3_AVG_anti-spware_ver_5_cracks.rar/3 AVG anti-spware ver 5 cracks\cmg0041a-2006-10-11.rar/crack.exe -> Downloader.Small.ddp : No action taken.
C:\Documents and Settings\god\Desktop\AVG\AVG[1].Anti.Spyware.v7.5.0.50.Cracked.PROPER-CRD.rar/run.exe -> Downloader.Zlob.asy : No action taken.
C:\Documents and Settings\god\Desktop\Copy of AVG\AVG[1].Anti.Spyware.v7.5.0.50.Cracked.PROPER-CRD.rar/run.exe -> Downloader.Zlob.asy : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CNYHSJAH\bn50[1].exe -> Hijacker.Costrat.e : No action taken.
C:\dkj.exe -> Hijacker.Costrat.e : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\winrar.zip/WinRAR 2.8 Crack.exe -> Logger.Banker.zn : No action taken.
C:\WINNT\system32\scsi2usb.dll -> Logger.Goldun.lo : No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msoffice.exe -> Logger.Haxspy.ar : No action taken.
C:\WINNT\system32\drmlklza.exe -> Logger.Haxspy.ar : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/PhRoZeN CReW/patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/ROYAL ACCEZZ CREW/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b1/Patch/The Hobgoblin/WinRAR28b1_p.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b2/Patch/ROYAL ACCEZZ CREW/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
G:\Backup\Softwares\win2k\Utils\Zip Tools\crack for winrar.zip/WinRar_new_crk/2.80.Beta/280b5/Owl_Key/Real_Work_For_Old_Keys/owl_wr28b5.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\WINNT\system32\scsipsrvc.sys -> Rootkit.Agent.at : No action taken.
C:\Documents and Settings\god\Cookies\god@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\god\Cookies\god@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\god\Cookies\god@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\god\Cookies\god@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\god\Cookies\god@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\god\Cookies\god@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\god\Cookies\god@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Program Files\Temp.Htt -> Worm.VB.nei : No action taken.
D:\Program Files\Common Files\Corel\Temp.Htt -> Worm.VB.nei : No action taken.
D:\Program Files\Temp.Htt -> Worm.VB.nei : No action taken.
E:\photoshop7.0\Box Shots\Temp.Htt -> Worm.VB.nei : No action taken.

::Report end

elangkin
Newbie Poster
9 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Ok use the log to check the other computers for any of the same infections that were on your 2k computer. If you find any on the other 98 computer then go into safemode and delete them.

kylethedarkn
A.K.A. The Laughing Man
Team Colleague
628 posts since May 2006
Reputation Points: 55
Solved Threads: 39
 
5 Years Ago
0

Ok i'll doit

Kylethedarkn, but let me know first, what is no action taken in the log report.

elangkin
Newbie Poster
9 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Becaue the log was saved before you actually clicked apply all actions. So as far as the log knew you didn't do anything, when really you did.

kylethedarkn
A.K.A. The Laughing Man
Team Colleague
628 posts since May 2006
Reputation Points: 55
Solved Threads: 39
 
3 Years Ago
0

Thread is over 2 years old. Please do not resurrect old threads.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed