0

#1 Limewire is "no longer".

yeah.. got to know that AFTER the install was finished!! i knew then n there it wasnt a very smart thing on my part to just CASUALLY try something out just coz i was hearing abt it. especially when u know its risky stuff!

"just a nice guy", very rare!

im finding it the hard way... though it could have been harder.. if u guys werent there, n if i had continued with my blissful ignorance of the mess iv gotten myself into!

P2P is VERY Dangerous.

i am gonna spread that message... maybe ill help out a few ignorant ones like me..

Edited by somjit{}: n/a

0

yeah.. got to know that AFTER the insatll was finished!! i knew then n there it wasnt a very smart thing on my part to just CASUALLY try something out just coz i was hearing abt it. especially when u know its risky stuff!


im finding it the hard way... though it could have been harder.. if u guys werent there, n if i had continued with my blissful ignorance of the mess iv gotten myself into!

i am gonna spread that message... maybe ill help out a few ignorant ones like me..

Good idea! Just tell others what you are going through right now. For the moment anyway, until gerbil can weigh in here, anything on your computer is at risk because of the possibility that you may have to resort to a reformat. I sincerely hope it will not come to that. I don't want to risk something here that may cause more damage so that is why I want him to take a look and advise before we go any farther.

0

totally delete anything you have downloaded using any P2P program

i didnt download anything using limewire, n i think its the only P2P program that i had installed. i say think because, ( this is really embarrassing ! ) i dont fully understand what a P2P program does actually, other than share files on the net..

0

u know.. just a few posts back, u said " just a nice guy, very rare!" ..

hey, u people here at daniweb are just that!! :) showing the patience u have showed to me and tons of others here who had asked for help!! u guys are just an awesome bunch of people!! :)

Edited by somjit{}: n/a

0

u know.. just a few posts back, u said " just a nice guy, very rare!" ..

hey, u people here at daniweb are just that!! :) showing the patience u have showed to me and tons of others here who had asked for help!! u guys are just an awesome bunch of people!! :)

We try, that's the best we can do. We just want to keep everyone and their computers safe and clean.
Hopefully we can get yours cleaned up and safe for the future.

0

Hopefully we can get yours cleaned up and safe for the future.

for(i=0;i<100;i++)
{
printf(" THANK YOU!! :) ");
}

hope i got the code right.. been nearly one year since iv written any C at all..

Edited by somjit{}: n/a

0

for(i=0;i<100;i++)
{
printf(" THANK YOU!! :) ");
}

hope i got the code right.. been nearly one year since iv written any C at all..

Well I know absolutely nothing about writing any coding or reading it either so...?

0

so i know something more than an industrious poster at daniweb?? if this is true.. this just made my day!! lol :D ( just fooling around sir, hope u dont mind:) )

Edited by somjit{}: n/a

0

so i know something more than an industrious poster at daniweb?? if this is true.. this just made my day!! lol :D ( just fooling around sir, hope u dont mind:) )

Hey I don't mind! I don't pretend to know anything like that! Hey I barely know enough to post right here! I depend on the experts like gerbil, crunchie and PP when I finally "hit the wall". :D
I'm not a sir by the way, my name is Judy. :)

0

I have sent an SOS to gerbil, crunchie and PP. Hopefully one of them will look in here soon and maybe give us an answer.

0

I'm not a sir by the way, my name is Judy. :)

These days having a female name is no guarantee of that :D

0

somjit{}.

Once a PC has been infected with Sality/Virut, the only course of action is to re-format and clean install.
Any other suspect files on any other drives should be deleted.

Virut/Sality is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

Good explanation here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

0

I'm not a sir by the way, my name is Judy.

hehehehehe!!! :D :D :P

MR jholland - a big guy from (quite obviously) holland, wearing a white cap, and blue striped polo t shirt, (the type they give on farmville!) who also has a 2nd marriage to his laptop, :D instead of telling his kids bedtime stories, battling his way through aaaaalll those logs giving solutions to every next guy from around the world!!
(nothing less than a super hero!! ---> HOLLAND MAN!! :D )

thats the idea of u that i had in my mind!! :D

Edited by somjit{}: n/a

0

@ crunchie : thanks, i will check out that link ( if that loads that is.. ) i was hoping for something other than a reformat, but if its gotta be done, then iguess its gotta be done :(

0

i read that. fortunately this link did load! okay i will do a reformat then, but since it attacks ..exe, .scr, .rar, .zip, .htm, .html. so thse files need to be deleted right? also as jholland said that there may be other files which may not be infected, but are carriying the infections with them. how do i detect them?

0

i have to go to college today, tommorow is holi, the festival of colours (google it if u dont know what that is).. were gonna play holi at college today.:) ill be back as soon as i get home.
thanks a lot for ur support till now, hope u will be there for just a while longer till these last few steps are done. hopefully ill have a clean computer before long. :)

and..
happy holi jholland, crunchie, gerbil, and pp, and also to everyone here at daniweb :)
cheers :)

Edited by somjit{}: n/a

0

My Advice would be to wipe it all except for any files that you cannot do without, provided they do not fall into the file extension that Sality attacks.

Also, please use full word/sentence English.

0

Also, please use full word/sentence English.

its a bad habit i picked up constant texting, ill keep it in check.

0

hi, iv come back with something iv been meaning to ask you guys,...
1.what are all these system volume information stuff? when i do the mbam scan, infections always seem to pop up at these locations.

and 2. somewhere in daniweb, i read that its a bad thing to use a registry cleaner:S why is that? that "advanced system cleaner" program that i had,it had a registry cleaner(and i used that a lot as well) and its very popular here, almost all my friends have this running on their machines. so no one really is ready to hear that it damages your computer to run a registry cleaner every other day.

0

Using a registry cleaner is really unnecessary, it will not speed the machine. If there is infection in the registry then good tools like MBA-M will usually remove those files.
advanced system cleaner has a VERY poor reputation and has been known to actually damage machines.
IF something must be done to the registry you need to know exactly what you are doing, make a back up BEFORE doing anything and do it manually.

0

make a back up BEFORE doing anything and do it manually.

how do i make a backup of the registry? and how do i restore it afterwards?

0

thank god i stil have a healthy add/remove list!! and thanks for the link to miekiemoes' blog... its quite a place to learn.
thanks again for still keeping up me.

1

Holi, eh? What colour did you end up?
I think I tried to guide you in my first post to save data files only and reinstall your OS and applications, for otherwise it can be an adventure discovering the damage Sality has done. Having chosen to attempt a cure you should have used the Kaspersky cleaner at least. The problem with Sality is that when it infects a file it writes its own [encrypted] code at the entry point it uses and attempts to save the original code it is replacing; unfortunately it does a bad job of the latter and so removal/curing software will find the file to be irrecoverable. Once the sys is cleaned you can replace them yourself, of course, but that may be a task neverending. And... was it completely cleaned...?
Backing up the registry? I would not be without ERUNT; it does not entirely supplant System Restore but in most cases is all that is needed. Use the option also in the Windows Backup task to occasionally do a System State backup.

Edited by gerbil: n/a

Votes + Comments
thanks for ur time to reply with a post on how the infections on my system work :)
0

I could have added... Sality incorporates a blocklist - any file or site mentioned in that list will not run or load. That would be why you experience problems with some sites. I don't know what is currently on that list but I would make a bet that the writers have included SalityKiller etc.
It is memory-resident, and so will choose whether to infect any executable that is run, or any html, and furthermore it writes into registry an entry that causes its driver to be loaded in safe mode.

0

Holi, eh? What colour did you end up?

i could have been one of those blue men intel used to advertise their pentium 4 processors! :D although red ears and green palms might have let that job slip from my hands! :P

for otherwise it can be an adventure discovering the damage Sality has done.

on the bright side i did learn a lot of new things from the replies that you, judy, and crunchie had given. a bit more aware of the dangers that lurk out there. :) and @gerbil, thanks for giving me the time and posting on how sality works. really appreciate it.

as of now, im waiting for an external drive from my friend, once i get that, ill start the backup and reformat process.

thanks again for all the help.
somjit.

Edited by somjit{}: n/a

-2

I would recommend you use to seagate, buffalo hard disk. It is compatible with a lot of operating systems, try it. Buy a hard disk that have around 500 GB. After you get it go and back up your stuft and reformat your computer. Keep posting updates about the process

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.