Infected PC please help.

Yes jose, CIS installation was the latest version (3.12.111745.560)and so were its definitions. i guess sality tampered with CIS and disabled the antivirus. i think a re installation would have solved the problem.
the comodo antivirus is overall very impressive however it still does need some more work.
i’m installing CIS again but would prefer avira over comodo antivirus for now.

Thank you.

The antivirus was set to on access and was in proactive updated mode.
D+ helped a lot by checking the spreading of the virus and alerting every time a new application(unknown) ran.

Hi Guys,

Hi comoder,

That was actually a bit strange that you were infected after all if you were in Proactive Mode having those alerts. Probably you did not answer appropriately.

Mainly, leaving AV behind - the Sality is not new as you said.
On the contrary - it is very old.
Sure, it does have variants (those could be a “bit newer”)

It modifies a huge range of registry entries. It attempts to disable processes and services & so on… so, basically what I am trying to say the AV (any) can miss the variant (who cares about AV? :smiley: )

But the Defence+ should’ve acted appropriately.

It seems either it did not or you were allowing a lot of stuff.

Then, you would definitely have more Alerts in case you have any Behavioural Blocker (BB) Are you using such. If not, please considers to choose & install BB

My regards

yeap…

yes may be i did allow something i shouldn’t have.
isnt D+ a BB or something like that? if not than i don’t have a Behavioral Blocker, could you suggest me a good one for xp.
does it take up much system resources, as mine are not high.
sorry for my ignorance about this.

Hi guys
i have a little question. Is there a virus/malware that can wipe off your file system? just curious.
Regards.

D+ is a HIPS. It’ similar to a BB but not exactly the same (google around and check).
If you have your CIS in Proactive Security Configuration, the FW in Safe Mode and D+ in Clean PC Mode, you have no need for anything else. It can be a little difficult to work with. Watch the following video.

  http://www.youtube.com/watch?v=P-Nw2ySRVQs

It’s too bad that you didn’t post right after the scan with Avira rescue CD (with rename option).
Because I think that if, at that point, we had configured CIS for maximum performance (FW at Block all Mode and D+ at Paranoid Mode) we would have managed to have the PC booting in safe mode.

Jose.

may be that would have worked. i had no plans to reinstall windows. i didn’t know forcing windows to boot in safe mode will render the pc useless. it was the last option for me as i couldn’t get the windows to boot in any mode after forcing the safe mode.

thanks for posting the video but i already have CIS installed and configured relevantly. CIS-comodo proactive security, D±safe mode,firewall-safe mode.
i guess this is the worse virus infection I’ve had to face in 8 years of using computers. though this didnt cause much loss but was still a pain.

though this didnt cause much loss but was still a pain.

I know what you mean. I once had my PC unable to boot (because of a stupid mistake of mine). I had to go for a system recovery from the partition disk. That was part of the reason I moved to CIS. At least something good came out of it.

Jose.