Reply to thread

Message: [QUOTE="casey.o, post: 14226837"] Now that I have my personal computers fairly back to running normally, except those who I just formatted and put away in the closet, since I rarely used them anyhow, I have tackled the ORIGINAL computer that CAUSED this whole virus attack. This computer was purchased on Ebay, was just a tower (not a whole system), and came with XP-Pro freshly installed on the small 40G HDD. I never really intended to use it to run XP, I bought it because I have an identical motherboard, but needed a "costly" CPU cooling fan and heatsink, and wanted a nicer case, as well as a floppy drive since my old one is dying, and a CD drive, since my old one died and was never replaced. Anyhow, it cost less to buy this complete tower. with CPU fan, CD player, floppy drive and a nice case, than to buy everything separately. plus I got a spare power supply and 40G HDD. Not to mention much more RAM. But who would suspect that a fresh install of XP would contain a virus.... particularly the Sality virus, which (from what I read), is one of the worst viruses in existance. It's a system killer, and I now can see that, after having to fomat the HDD on several of my other computers and start over from scratch. The only OS that survived was Windows98Se. Anyhow, I now have this *NEW* tower isolated. I ran salitykiller.exe (free from kaspersky), and it found and cleaned 439 files, 3 processes, 24 threads. Whether is's completely clean and safe, I dont really know, but it does appear to be. However, I wont allow any removable media to enter another of my computers until that media is formatted or destroyed. But what remains is only a partial operating system. Only some of the built in programs work. It boots just fine, and looks normal while it's booting. But I am finding that loading many of the programs give me error messages and they wont load. "System File Checker" (SFC) went bonkers, told me that many .DLL files were missing, and .EXE files were corrupt or missing. It tols me to insert the XP CD. But I jhave no intention to repair it. It will get formatted soon. But I decided to see what damage was done before I do. After telling me to insert my XP CD, to do the repairs, I clicked on CANCEL. It would close that window, and create an identical window immediately. They began to multiply. Soon the whole taskbar was filled with identical boxes telling me to insert the CD, and the faster I closed them, the faster more were created. This could have gone on for infinity, and the START button would not work, nor would CTRL-ALT-DEL. I finally pulled the plug, and let it reboot. I later found these endless loops were occuring from other instances or executed .EXE files. Regedit does work. I opened the registry and found that probably 75% of all entries have "value not found" or "No Value" in the entries, particularly in the /Windows and /NT categories. (Compared to looking at the registry in a normal working XP, these mostly all have some useful data in them). So, apparently this virus removed much of the registry, as well as .EXE and .DLL files, as well as modifies some .EXE files. In the end, what was once a working install of XP, still looks like XP should, but it's a worthhless operating system. Much stuff just wont run, and what does run, is limping along, or causes these endless loops that can not be stopped. I was however able to extract the registry key from it, which I wrote down on paper to avoid copying it via floppy, whichj might possibly infect another computer again. Now comes the "self destruct" mode. Since my final goal is to format the drive, I am going to start to abuse the files. Remove large chunks of the registry, and see how long it takes to completely die. But I wanted to share what this virus does, and I will add to this, that while another of my computers were under attack, I was at a WIFI spot, and could NOT access any of the Anti-Virus websites, had problems accessing Microsoft.com, I did manage to start numerous downloads of AV software from OTHER sites (such as oldapps.com) of AV software and every one of them got to 99% complete, and quit downloading, yet I did successfully download unrelated files, and even save a youtube video. (Somehow, I think the virus detected at 99% that the file was an AV type file). Of the AV software taht I was able to run, MS Secirity Essentials ran, but ran for hours until it was destroyed by the virus, and the MS Maliscious killer app was also consumed and destroyed by the virus. I have determined that there is no saving any installation of XP once this virus gets into the system. I tend to question whether or not it affected Win2000. Salitykiller.exe did not find problems, but I was not going to take chances, and I just removed the Win2000 folders and replaced them from my backups. I'd tend to believe that Win7 and 8 would also be destroyed, but I dont use them, so I can only guess.... BTW: Besides salitykiller.exe (Free from Kaspersky) AVG has avg_remover_slt.exe (also free) I've run both, several times on all my computers that I use, and scanned EVERY file. The damages all occurred inside the operating systems, with the Windows/system32 folder getting hit the hardest, files with .PID extension ALL getting hit hard (whatever they do?). Files like .JPG, ..TXT, .MP3/MP4, .DOC, and other none executible files were not affected. According to articles abotu this virus, it affects .EXE and .SCR files. But I now see it also removes .DLL files and also infests those .PID files. That's what I wanted to share...... [/QUOTE]

Verification