How to remove latest win32.sality and Trojan

Symantec Endpoint protection 11.0 small...
August 22, 2010 at 00:30:57
Specs: Windows XP
I have faced the problem in my company that sality virus regenerating inside after detecting and cleaning. Currently we are using Symantec Endpoint Protection. But the virus spreading over the network and immediately disables the Symantec Antivirus and also I have tried to clean using lots of tools like rmsality, sality killer, combofix, dr.web, rescue disc, even many antivirus like Kaspersky, McAfee, Symantec, AVG, etc. nothing can detect this main virus, its detect something but regenerating itself. Kindly give me a solution. Thank you for your extreme help.

See More: How to remove latest win32.sality and Trojan

August 22, 2010 at 02:15:46
Quickest and most cost effective way I can think of is too..

Convert and Back up all of your data files if possible to a text format... and what I mean by that is not changing the Font to Text; but exporting the files to an binary text format. ASCII

That will filter out any worms or Trojans that is attached to you data. inshort backing up all your keystoke work.

Then peruse over the files using a a dos editor looking for machine code.
Deleting any if you find it...
Next step would be to have another PC that is not effected by the virus or trojan... set up that PC to recieve Emails in ASCII Format only.

Then Send you Back ups to that computer via email...
If the virus trys to move with the data it will be frozen in a ASCII Format... which you will be able to quickly identify as machine code when perusing over the data the second time...

Then Moving the Data to an unaffected PC exporting the information back into the appropriate software packages.

"The Export option" should be found in the file menu based on your software being used to record your business activities.

"New unaffected PC" can be a computer that has been removed from the network that has had fresh install of all your programs and operating systems. "After reformatting the drive"
Hope that helps

Report •

August 22, 2010 at 02:25:01
Ps Keeping the unaffected PCs off the network until you have methodically gone over every PC...

On other thing I can add it to Clone the hard drive from the first Re installation and duplicate that Hard drive for each other pc on the net work keeping each PC off the network until the such time that every PC has been done .

Then Restrict the Employees from accessing the internet freely.

Report •

August 22, 2010 at 05:41:41
Dear Gibs Thanks 4 your kind response and information, your information is most valuable but we have the lots of machine, and the users are also bz schedule in the project and moreover here around 180 PCs and we are 3 system members only so that its very difficult to do this. If any tool are better antivirus to do this perm means it will very helpful to us.

Report •

Related Solutions

January 10, 2011 at 05:40:27
Use GData Anti Virus, ja peguei esse vírus aqui na Universidade Federal do Tocantins, ele corrompi ate o anti vírus, mas depois que adquirimos o Gdata nosso problema foi solucionado, estamos usando a versão Business do Gdata, hoje mesmo peguei o referido vírus porem o mesmo já foi deletado pela antivírus ok

Report •

January 10, 2011 at 08:05:48

Report •

Ask Question