Couple of days ago, my computer desktop icons suddenly ran wild. I had no control what so ever to all exe files I click. Every time I click the icon, a massage which said “the file has been removed or move to other location” showed up
I tried to restored the computer system to earlier state by using system restore file, the result is null.
Then I run the AVG anti virus, the result showed that a virus resides in my computer, but the anti virus cannot cannot removed it. After several attempts, my AVG exe file was gone . I try to locate the AVG’s exe files and could not find one. Then I checked all the exe files, some worked fine but many could not.
The next attempt was trying to download a new file from the AVG’s site. But the web Mozilla browser could not locate the site, then I tried using internet explorer, the result was the same. Desperately I tried to go to a free registry editor download sites, the result was the same. All free registry editor sites where blocked
I tried installing Norton offline, the anti virus installation went fine until I click the Icon, nothing happened. I tried to locate the exe file….well it’s gone. Even the “search file”cannot locates it.
Thinking…, what must I do?
Thinking that the virus was able to detect an anti virus site directly, I tried the indirect approach which was to enter the anti virus site through a non anti virus or third party site such as Hippo File download
Well…. the idea worked out fine. I manage to enter AVG download center and downloaded a fresh file to my computer. After successful installation, I run the file, nothing happen, the exe file disappeared. Even a seems to be a successful installation of a free registry editor came up with the same result.
The computer itself cannot run in a Safe Mode.
Thinking AVG anti virus was not strong enough to remove the virus, I tried installing a free Avira Antivir Personal, by downloading through a third party site, the anti virus worked out fine. It was able to detect the “ws32/sality” aka”ws32/heur”. Several of the exe files were able to be healed. Then I noticed the 1410 files detected with the virus were residing in System Volume Information file folder which was located in the System Restore
How to open the System Volume Information folder :
Right click “Start – explore – tools – folder options – view – show hidden files and folders – (unchecked)hide protected operating system files”
Right click “system volume information – options – security – add (in order for you to open system volume information folder you have to add your PC user name in the “Group and user names” window) – apply – ok
Now you can click and open the system volume folder
Then go to System restore section in your window xp and turn it off.
Then you download a file Unlocker program (Google it up) and run it after the download is complete. It is a free small file which enable you to forcefully delete stubborn infected files.
Now again open the System Volume Information folder by clicking it, you will find many folders and inside the folder contain back up system information files usually with a running number eg. A1002008 – A1002020. If you have an Avira anti personal running, it will flash out sign which says that the file is infected.
Select the folder with virus in it and then delete it. If it says “the file cannot be deleted because it is used by other program” , use the file unlocker program to forcefully deleting the folder.
After successful deleting all the infected files, run the Avira anti virus again.
Last go to”show and hidden……..” unchecked it, while the “hide protected operating……” checked it, don’t forget to turn on the system restore.
The viruses now all gone and your PC back to normal again
Labels: Ws32 Sality