Worm infestation
August 29, 2006 8:00 PM Subscribe
I made a new friend! Its name is Sality.
And despite all the pages I find googling it say things like "Threat Level: Low", it seems to have infected the vast majority of all the EXE files on my hard drive, including important things like Task Manager. And I've found nothing to suggest that it might be possible to disinfect the files short of just deleting them. Can I salvage my filesystem, or should I just take off and nuke the site from orbit?
And despite all the pages I find googling it say things like "Threat Level: Low", it seems to have infected the vast majority of all the EXE files on my hard drive, including important things like Task Manager. And I've found nothing to suggest that it might be possible to disinfect the files short of just deleting them. Can I salvage my filesystem, or should I just take off and nuke the site from orbit?
All the removal instructions I found say that you should delete all infected files after you've found them with a scanner. I don't think you're going to be able to heal them. Back up what you need and is clean and drop the bomb, I think.
And here I thought cleaning Vundo was a pain. I had it easy tonight.
posted by Dipsomaniac at 8:29 PM on August 29, 2006
And here I thought cleaning Vundo was a pain. I had it easy tonight.
posted by Dipsomaniac at 8:29 PM on August 29, 2006
Things to try:
Boot disk. Something like a BartPE disk with a virus scanner on it, probably Clam AV or another designed to run off of removable media. See if you can fix things from there; as it loads completely from CD, your repair program won't get infected during boot. If you have a Windows disk you can always make your OS work again. However, this won't fix your software - you'll either need to reinstall everything from source media or get it repaired with an antivirus program.
Second thing to try is to start --> run --> "sfc -scannow' to run the System File Checker, which will compare what's on your computer with the EXE and DLL files on your windows install disk.
Last thing to do once you have repaired your system with a virus scanner AND if sfc didn't fix your Windows problems is to do a repair reinstall. Should fix the system without killing your settings. Details here.
Warnings: You need a working system and a valid copy of Windows to make the BartPE boot disk. You also need the Windows CD to do a repair reinstall or run SFC.
posted by caution live frogs at 8:34 PM on August 29, 2006
Boot disk. Something like a BartPE disk with a virus scanner on it, probably Clam AV or another designed to run off of removable media. See if you can fix things from there; as it loads completely from CD, your repair program won't get infected during boot. If you have a Windows disk you can always make your OS work again. However, this won't fix your software - you'll either need to reinstall everything from source media or get it repaired with an antivirus program.
Second thing to try is to start --> run --> "sfc -scannow' to run the System File Checker, which will compare what's on your computer with the EXE and DLL files on your windows install disk.
Last thing to do once you have repaired your system with a virus scanner AND if sfc didn't fix your Windows problems is to do a repair reinstall. Should fix the system without killing your settings. Details here.
Warnings: You need a working system and a valid copy of Windows to make the BartPE boot disk. You also need the Windows CD to do a repair reinstall or run SFC.
posted by caution live frogs at 8:34 PM on August 29, 2006
...and good luck with it. I once spent three days cleaning up after an IRC bot in our lab. I know the pain you are now facing.
posted by caution live frogs at 8:35 PM on August 29, 2006 [1 favorite]
posted by caution live frogs at 8:35 PM on August 29, 2006 [1 favorite]
Sounds like a good time to do the ol' semi-annual windows re-install to me! :)
posted by antifuse at 2:04 AM on August 30, 2006
posted by antifuse at 2:04 AM on August 30, 2006
Seriously, the non-destructive reinstall is your best option. Don't waste any more time futzing around with trying to clean it up.
posted by briank at 5:18 AM on August 30, 2006
posted by briank at 5:18 AM on August 30, 2006
This thread is closed to new comments.
posted by Remy at 8:29 PM on August 29, 2006