Cleaning up virus-infected files

Remove all ads!

As I mentioned yesterday I got a nasty case of virus contamination from W32/Sality.L. As far as I can tell the system is now clean and the virus hasn't made a return. However I have over a hundred exe files in Quarantine and I would like to have some of them back. From what I can tell Avira (my current anti-virus) cannot clean them, all it can do is stick them in Quarantine and make sure the infection doesn't spread. I've found a couple of Sality removal tools on the net (one from AVG's website) but they refuse to run under 64-bit Windows (Vista Home Premium in my case). Anyone knows a tool I can use under 64-bit Vista to clean the infected files and get them back, or is the only solution to just delete these files and forget about them?

 

I like using Iobit advance system care on Vista 32; I'm not sure about Vista 64 though.

 

A cleanup won't really help with a virus infection. You'll never be really sure whether the removal tool really found all of the infected files, and you'll never really know if the virus left a backdoor open for its next version. You shouldn't use your system for anything that is sensitive, like paying with your credit card. By the by: Sality is also a keylogger, meaning that it is designed to steal sensitive info so I would also make sure that your creditcard hasn't been hacked.

I'd suggest you backup all nonexecutable files (exe's and dll's that were used after the infection and before detection are a lost cause,) reinstall your system and try to prevent any behaviour that led to a virus infection in the first place.

 

OK thanks for the info. I think I'll just format and reinstall the OS, seems to be the only way to be sure.

 

A re-install would also be my recommendation.

I have now gotten myself an 8GB Sandisk U3 US stick, that I use for saving all my (web) e-mails to so I won't have to bother whether my comp is Vista 32, 64 or XP or Win7. Currently I use Vista 64 bit, Win7 64 bit and XP 32bit. It is a pain to either solely rely on web-mail or to synchronise multiple installations of Thunderbird. What I want to say with that is this: 'Outsourcing' some of my private data to a device I can simply plug out and keep physically safe somewhere (admittedly, at the expense of speed) has made re installations far less trouble prone for me. Of course, the other thing that solution lends itself to is centralising storage of bookmarks.

Of course, the task of keeping the stick virus free remains, but that means, whatever I process to the stick passes web mail provider's virus check, my virus check and ultimately my stick's virus check. It's not that much of an issue.

 

The restoration is done. I've reconfigured everything (a bit of a pain, but oh well), downloaded all the updates and everything's up and running again. I think I've figured out where the virus came from - I had DosBox on a USB drive and the main exe there was infected, so it must have contaminated everything when I ran it on this system. I don't know why the antivirus didn't pick it up on runtime, and I don't know how the USB drive got contaminated in the first place (probably when I plugged it into a friend's PC). I'll just have to be more careful from now on.

Thanks everyone for the suggestions and advice!