Bulletin

ghae:

also i want to ask how to delete msg. history in chikka?tnx a lot!

ghae:

got prob with my chikka account,while typing in the msg window,the page does not scroll - in the sense i can’t read the latest text i am writing nor the new msg i will receive unless i manually click on the scroll tab.can u help?tnx

Ric:

to hero (or anyone): can anyone teach me the basics of command prompt for helping me prevent my computer from virus attacks from flash disks.

reset:

thanks for replying to my query and for taking the time to post it in my blog. appreciate it so much.

reset:

hi! is it possible to replace your main harddrive with a higher capacity drive without reinstalling all existing softwares? tnx

jerome:

you can also used usb disk security in your computer to protect it from being infected from viruses od\f your flash drive

hero:

hey ric you can move any viruses from usb by mastering your command prompt…

ric:

hi. a file named “scrap” was found in my flash disk and i cannot seem to format my flash disk. is this a virus? how can i remove it?

chehe:

svchost.exe is most likely not a virus…

Ric:

how do i deal with svchost.exe?

hehe:

daniel used nod32 instead

daniel:

il try your suggestion to remove it manully.

daniel:

iv tried noob killer but the problem came back again. iv deleted the register key of disable task manager and regedit but the reg key appears again after i deleted

msrheico:

i was here =)

blue:

blog hop! yay! may tutorial!
(loved the chikka post) linked you pala! (hope u dnt mind doing same)
ask ko lng kung may c++ compiler ka na complete…thx

msrheico:

hi copernicus. ive linked u to my site. dont u mind adding me? hehehe. tnx

copernicus:

download noob killer

Ric:

hi copernicus. my laptop just got infected with silentsoft virus. how do i manually remove this? (and other viruses too)

frances:

nice site! link ex? :D

Leave a message ▼

Win32/Sality.NAR virus

Thursday, August 14th, 2008

This is a virus I got from a Flash drive that shook my head for three days. Once ran in your computer, it will infect your exe files so when you run a certain program, the virus will also run. One of the symptoms when I got this were disabled task manager and registry editor, avira doesn’t run although it is set as automatic, ccleaner and procexp are rejected from execution. I was able to clean this virus using ESET NOD 32 (only the trial version). Noob Killer didn’t work as well as Super Anti Spyware, Spyware Doctor, AVG Antispyware, and Lavasoft SE.

 

Conclusion:

I therefore conclude that Anti-viruses are like an imperfect human. Some anti-viruses detect certain viruses while some just don’t/can’t. 


Posted by copernicus at 12:33 am | permalink

Previous Comments

Hey Copernicus,

I’m in a very similar situation as yourself a few days ago. My desktop is infected with the SALITY.NAR after using an infected USB flash disk.

I’ve ran a scan using ESET NOD32 and cleaned the infected files from another OS (I have a dual-boot machine), but it hasn’t got rid of it fully. Any ideas? I wonder if I need to run the scan within XP itself?

Cheers,
Shreyas

Posted by Shreyas at August 19, 2008, 12:47 pm

what’s the other OS? maybe the version ESET NOD32 you used is only compatible with windows that’s why it didn’t work with the other OS. And I’m not sure if there’s ESET’s version for other OS.

Posted by copernicus at September 1, 2008, 10:47 pm

its not just the registry…also all exe files and PE files…reformat other partition and don;t use your exe files found on the other partition…that may help…

Posted by moymoy at December 30, 2008, 5:08 pm

didn’t you guys read the ESET thread bout this virus?

it terminates many antiviruses, and antispywares won’t able to detect it.

Use AntiVir Personal, i installed and scan full system, now the virus is gone.

Always leave your AV on.

Posted by xlaw at January 7, 2009, 9:36 am

As far as i can see,theres no definite solution to sality worm.Anti-viruses and big networks can sit and watch. :) worm of the year! lolz

Posted by cliff at January 13, 2009, 3:13 am

win32/sality.nar.virus

Posted by pangsan at February 14, 2009, 9:34 pm

yap worm of the year…

Posted by moymoy at March 6, 2009, 6:47 pm

hahaha! WTF…this is insane! damn this virus and the one who created it..Go to hell!!! hahaha

Posted by veench at March 17, 2009, 11:17 pm

sality.nar copiny its code to last section of pe files if last section havent enough space it will create a new section also it virus have varity types and realase a dlls and packages that this pakages will load to memory and do virus functionality a good reason for dissable this virus is that we kill its modules process in memory with taskmanagers like pexplorer or pe editor and then clear its codes from last of our pe file with pe editor then repair registry key that this virus changed like “showall” key or disableregistryeditors value . one note that this virus create autorun.inf file to your hard disk for configor your drive for run automatic virus but this file is protected and hidden and you will not able to see that .after repair changed registery keys you can configore your browser to see protected and hidden files and then delete it .
for keys that this virus will change usualy search in the web u will found good information .
we have one good proverb “best sulation for problem is clearing that” format all your storage or at least delete excution files if you dont need them after change your windows.
sorry for i know a few english.
contact with me if you want.

Posted by stranger at May 2, 2009, 2:21 pm

got infected with this virus, it affected all exe files n my system and apparantly this is a memory resident virus…. ESET nod32 internet security wa s able to detect and claimed it had deleted the virus but when i restarted my machine infection is still there… so what i did was slaved my drive to a system installed with Avast 4.8 pro and did a torough scan, got rid of the virus but lost all the exe files, fortunately it didnt affect my documents, next step I ran a parallel install of windows xp and reinstalled my softwares…. darn its a lot of work…

Posted by RC at August 7, 2009, 4:39 pm

i have been infected with this virus and i have re-installed my os but the virus is still there used nod 32 to get rid of it, nod32 detects it all right has deleted two virus file and all my system restore file but i still have doubts that the virus is still running.can anyone provide some solution to this virus?

Posted by ishan at September 25, 2009, 11:18 pm

I have a solution for this problem. We also have the same problem in my company and able to resolve it with this ff. steps:

*Download Symantec Endpoint Protection.
*Make sure you back-up all your files (including the patched virus .exe).
*if your drive is partitioned. Reinstall/Reformat your C:\ so you can have a new OS installed.
*After OS installation, make sure internet connection is disabled and you downloaded the Symantec Endpoint Protection.
*Install Symantec Endpoint Protection and check the Auto-Protect and uncheck the Auto-Update.
*After installed and the auto-protect is activated. Enable your internet connection and update it.
*After updated, you can now run a full scan or try searching for your patched .exe files and it automatic cleans the win32.sality with no harm.

Hope it works for you!

Posted by sakuragibart at September 30, 2009, 12:05 pm

Add a comment