Is there a way to repair infected programs by virus/worms manually?

Asked By 130 points N/A Posted on -
qa-featured

My computer is devastated with viruses. Almost my .exe files are infected. I tried to scan it using a free version of the Avast virus scanner but it seems that the repair option doesn't work.

If I try to delete the infected files then things would get bad. M installed programs won't work. I do have an option of reformatting my computer but that would be the last option but if only I could repair the .exe files manually then that would be a better option. By the way the virus is win32/Salit. I don't have an Idea about this virus or where I got it from.

After I scanned my computer I've got 146 files which are infected, bad isn't it? Is there anyone who knows how to repair it manually or if there any software that may help me with my problem? Also if there are anyway of solving my problem please provide me on how to. I'm looking forward for your answer, I really want my computer to be virus free.

SHARE
Best Answer by Karl Missy
Answered By 5 points N/A #108294

Is there a way to repair infected programs by virus/worms manually?

qa-featured

Hi! Audrianna,

This sounds like a terrible situation. The problem with some Antivirus software is that they are not able to detect some other Malware. Win32/Sality is a virus that can integrate itself into the program and/or data files. Whenever the data file and/or program that Win32/Sality infected is run or opened, the virus will also operate and spread itself to other programs and/or data files. And that is why you have 146 infected files and counting.

To remove the virus manually, follow these 10 solutions:

1. Replace Antivirus – The first logical step to fixing this situation is to replace your Antivirus. As you have seen, your Antivirus was not effective in stopping this virus from spreading and giving you a headache at least the free one. Paid versions are always better which is why they cost money.

Some of the reputable Anti viruses are:
Kaspersky
BitDefender
Avira
AVG

2. Stop the spread – The Win32/Sality virus may have spread to other program or files that uses the Autorun feature in Windows. In this case, the virus can spread itself automatically.

  1. Click Start>Run
  2. Type regedit and press Enter
  3. Navigate to HKEY_CURRENT_USERSOFTWARE Microsoft Windows CurrentVersion PoliciesExplorer
  4. In the right pane of the window, you should see “NoDriveTypeAutorun”. Double click that
  5. Put “0xFF” in the Value Data
  6. Hit Ok and close the Registry Editor
  7. Reboot

3. Detect and Destroy – If you decide to replace your Antivirus, install the new one you want, update it and make another scan. Naturally, when the scan detects the virus, it may automatically quarantines or disinfects it or special steps will be provided to follow the instructions provided by the Antivirus if prompted.

4. Remove virus in Safe Mode – When in safe mode, most viruses and Malware are not operational. Therefore, if one of them is hiding themselves while in the normal booting state (which could explain why the Antivirus didn’t catch it), there is a good chance it won’t be hiding in Safe Mode and you’ll be able to see it.

  1. Restart your computer and as soon as it lights up hit F8 multiple times until you get to the Windows Advanced Options Menu.
  2. Choose Safe Mode.
  3. Choose your operating system.
  4. Login as the Administrator.
  5. Do another scan of your PC.
  6. Remove or Fix the infections found.
  7. If you find that you are not able to boot into Safe Mode, then just scan in Normal Mode.

5. Other Malware – Other than viruses, there might be some other malicious software that is wreaking havoc on your PC such as Trojans, spyware, keyloggers, worms, etc. Some Antivirus software cannot detect Malware or at least some of it.

Try one of these popular Anti-malware:
Spybot Search and Destroy
Malwarebyte’s Antimalware
Ad-Aware

6. Enable Safe Mode – If you find that you are not able to boot into Safe Mode, download and run this REG file:

7. Win32/Sality Remover 1.2.0.616 – This removal tool was created by AVG. Download from here. Install and Run it.

8. Delete modified Registry:

  1. Click Start>Run.
  2. Type regedit and press Enter.
  3. Navigate to this key:
  4. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandard ProfileAuthorizedApplicationsList
  5. Look for ”[INFECTED FILE]” = “[INFECTED FILE]:*:Enabled:ipsec”.
  6. Delete it.

9. Enable Registry Editor – If you find that you are not able to go to the registry editor, download and run this REG file.

10. Repair the installation of Windows XP – This type of installation should replace any missing or corrupt files.

  1. Boot from the Windows XP CD.
  2. Press Enter to setup Windows XP now.
  3. In the Windows XP Licensing Agreement screen, press F8 to confirm that you agree with the terms.
  4. Select the Windows Installation you want to repair (normally there is only 1 there) and press R on the keyboard to continue.
  5. Don’t worry about losing your files. Only system files that Windows XP is able to restore should be the ones deleted.
  6. Follow the next prompts in the repair process.
  7. After the repair, repeat solution 9 and 10 or does another virus scan.
Best Answer
Best Answer
Answered By 0 points N/A #108295

Is there a way to repair infected programs by virus/worms manually?

qa-featured

Hi!

Tony had explained splendidly how to remove the Sality.32 virus from your computer, please follow his instructions to clean your computer from the virus.

Now, as you said in your question, you want to heal the infected exe files on your computer from the Sality virus. It is vital because if you still have the infected files, even if your computer is free from a running virus, you will get reinfected as soon as you click on one of those 146 files. There is a really great tool from Grisoft that can help you to disinfect your files.

Just download these three files rmsality.exe/rmsality.nt/rmsality.dos .Put them on the same folder and run the rmsality.exe, it's as simple as 1, 2, 3.

Related Questions