CIS identified some of the samples in my system as infected by SALITY. That’s pretty good.
But, when I clicked on clean…it hangs for a while, after one or two minutes it says it needs to restart the system inorder to clean this file.
If I click “OK”, it restarts the system and after restart it says “failed to clean”.
It then leaves two .tmp files along with the original file.
It repeats the same process for all the samples one after the other.
Can some one confirm this behaviour ?
I can send the samples if someone is ready to check this…
As far as file permissions and other locking are considered, the files are just in a folder on the DESKTOP, they are not active. I can manually cut, copy or delete them just normally in explorer.
Note: I observed the same thing happening with CCE also.
That’s the point. Can we expect a 5.11 ? CIS 6 is surely not anyway near as it seems from the proceedings…
I almost stopped using CCE or CIS for malware scans, because whenever it encounters sality or virut infections, the unending reboot cycle starts…if the number of infections is high, even to click “no” for all the reboot requests (one at a time) has become a very painful job.