Nasty Virus
Posted: August 4th, 2010, 8:09 am
Wilson's mugging e-mail reminded me that I meant to post this yesterday.
http://content.usatoday.com/communities ... w/1?csp=hf
http://content.usatoday.com/communities ... w/1?csp=hf
One of our clients' servers was recently infected with Sality. Talk about a nightmare...we were able to remove the virus, but in doing so killed the server, so we had to a complete restore from backup..they lost about a day's worth of work. It's pretty rare to encounter an infection that bad, and on a server.Although there have been multiple (malicious software) families that have picked up this vector, one in particular caught our attention this week--a family named Sality, and specifically Sality.AT. Sality is a highly virulent strain. It is known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It is also a very large family--one of the most prevalent families this year.
The most prevalant viruses we have seen lately are rootkit viruses..these are pretty nasty too, but easy enough to get rid of (although it took a while for us to find the right tools). I'd recommend that everyone keep Malwarebyte's Antimalware installed on their computers, and run a scan every week or two. If indeed you are infected with a rootkit, this program will not be able to remove it..you need to use ComboFix..it's the only one we've found that really does a solid job. Signs of the rootkit infection are redirected websites, or the inability for you to click on links from Google or other search engines. (You once again get redirected..but you can get to your target if you copy and paste the posted URL.)