General discussion


Removing Virus

By Happylover27 ·
I have a friend whose son downloaded a virus - win32/Sality - I have reformatted the hard drive, but virus remained; what A/V program is best to remove it? Should she obtain new hard drive?
Currently, she uses Grisoft Anti-Virus-Free, but cannot remove virus.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Removing Virus

The virus did not survive a disk format. He was re-infected after the OS was re-installed

Collapse -

by ewgny In reply to

Again, the virus did not survive a Disk Format.
The virus was re-introduced to the computer after the OS install. either by a disk used to re-install software, another computer on the network, or the internet.

Collapse -

by Happylover27 In reply to Removing Virus

I am aware that the virus remained, my question was: What A/V program (if any), should he use? Or should he go out and purchase new hard drive?

Collapse -

If you like free AV..

by mikemrclean In reply to

If you prefer free AV products (I have used AVG Free for eons) You might like to get Avast Home edition. Once it installs it does a complete "Pre-boot scan" that gets bugs that may exist before the system can protect them. Don't forget that bugs can hide in the master boot record of the drive. Boot with a Win98 floppy and run "fdisk /mbr" to restructure the MBR to normal. It runs without any prompt or detectable change, your DOS prompt just returns to blink. DONT run it if you dual boot into another operating system like Linux, it will remove the bootloader for that system.

Collapse -

by zlitocook In reply to Removing Virus

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode or Safe mode with Command Prompt.
Run a full system scan and delete all the files detected.
Remove the lines that the worm added to the System.ini file.

For specific details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
How to disable or enable Windows Me System Restore
How to turn off or turn on Windows XP System Restore

Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

Collapse -

by zlitocook In reply to Removing Virus

If you did a format and a clean install the virus would be gone. Is this a OEM CD for XP not a copied CD? If it is not a real CD it could contain the virus or it could reload with new programs. It also could load from a flash drive, floppy or back up device.
Look at the post ten things to do to a PC before connecting it to the internet. It is here on TR.

Collapse -

by wcp In reply to Removing Virus

The best practice to clean install Windows in existing Windows system is to delete all partitions in the HD, to turn the computer off for at least 30 seconds, and then to install Windows.

The idea behind this practice is that a few known virus remain in the RAM and would come back even if the HD was formatted and Windows got clean installed.
After Windows installation, make sure Firewall is enabled or installed and AV is installed before surfing web.

As far as AV program is concerned, I recommend you try Kaspersky or Virobot. They both have 30-day trial version available.

1. Kaspersky ?
2. Virobot -

Refer to
I strongly recommend you use one of the listed in the above site. If your AV is not listed, it may not be as good as you think it is.

Collapse -

by HAL 9000 Moderator In reply to Removing Virus

You don't need a new HDD but you do need a Wiping Utility to Wipe the HDD before you even consider reloading the system.

One of the many available Utilities that writes zero's to every sector of the HDD several times will destroy all traces of most Virus and shutting down and unplugging will remove any Memory Resident Virus so after you wipe the HDD and have powered down you should then be able to reload the OS and software without a problem. I always install the OS and then an AV program and update it before going onto anyplace on the net as it's way too dangerous not to do this.

From previous experience Boot & Nuke is an excellent wiping utility and is available here


Collapse -

by Kiltie In reply to Removing Virus

The other posts have good info, especially about the possibility that it remains in RAM a while, best to leve the machine off for a bit.

Also good is that you are reformatting and rebuilding, none of the worry about saving data, programs etc.

Here are two links:
From Symantec:

from Computer Associates:

There are others (Google the virus name) but those should get you started.

I noted that AVG has a fix for this virus, but hadn't released it yet, according to the report I read.

However, it is a network aware virus, that could be the source of re-infection. You DID disconnect from the network and the internet before rebuilding didn't you???

If you can rebuild cleanly, then another network computer is the likely culprit, if not, there is another source for the virus to re-infect, eg a damaged copy of an install CD, a secondary hard drive.

After a clean rebuild, install an AV FIRST, then add programs one at a time, to try and find out if any particular one is causing it.

If all goes well, connect to the Network first (stay off the internet) and check again for infection.
Then connect to the internet, try again.

Each of these stages should help you pinpoint the source of infection.

A wild guess here: Another computer on the network is the source, if so, you have another job to do, on that one........ then every other machine connected.

Good Luck and please post back on results, we are always interested which, if any, of the tips we gave helped. I have a comprehensive list of online scanners (19 of them) if you want to try one, all free!! As I find more, I keep updating my list, no doubt there are more and more becoming available.

Collapse -

by Dumphrey In reply to Removing Virus

Personally, I have had good luck with AVG Free-edition for AV needs. One one occasion I did get infected and needed to manually remove the virus, but it was fairly simple. No AV product is foolproof. And personally I refuse to use any Symatec or Macafee home product. NOD32 is a very good AV solution to purchase, antivir, AVG, and Active Anti Virus Shield (AOL branded, but free from Kaperksy Labs)are all good choices. No matter what AV you use, someday, sometime, you will get infected. AV is 1/2 the solution, the other 1/2 is browsing and downloading habits.

Related Discussions

Related Forums