Tuesday, April 7, 2009

dealing with Sality

My desktop PC isn't connected to the internet. So I didn't need to install any anti virus software on it. Because there's no way it could get infected right? - WRONG!! That's what I just found out. I donno how the virus snuck into the computer. It must have been a infected pendrive is all I can think of. But, anyhoo, the task at me was was to first figure out which virus it was. And how did I do it? I just hooked in a pendrive , ran a few applications and presto, the pendrive was now infected. And I scanned it on another computer to find the culprit. But, was it any simple virus? NO, it just happened to W32.Sality.

About W32.Sality

RISK : It doesn't really do much damage, but it is a damn nuisance is what it is.
MO : It infects all executable files adding a small but of code to them, which results in them being detected as infected.
DETECTION : Most all anti virus programs will be able to detect it.
REMOVAL : This is the main problem with Sality. The only anti virus capable of actually disinfecting Sality happens to be Kaspersky. All other software just delete the infected files. SO if you dont have a backup of your executable files, you are pretty much screwed.
COMPLICATIONS : You cannot install Kaspersky on an infected system as the virus just courrupts the antivirus leaving it helpless.
WORK AROUNDS:
1. Install Kaspersky on a clean system. Connect the infected harddisk to the system and clean it out.
2. Start the System Configuration Utility ( Start > Run > msconfig ). Go to Startup tab, click on disable all. Now goto the Services tab, ensure that Hide all Microsoft services is checked. Click on Disable All. Restart your computer, install and run Kaspersky.

And that's how I finally won back my PC.