Win32 / Sality infection

[anis2505]

Hi to all,

I don't where this topic fits.

Anyway I have a lazarus app that's getting infected by a win32 / sality virus.

is there anyway to block viruses from infecting my apps.

Please don't tell me to install an  antivirus it's not on my local machine to do so

thanks in advance.

[marcov]

Maybe you can sign the EXE and then the OS won't run it if the signature is invalid?

But no in general there is not much you can do. Removing all rights except execute might confuse some of the stupidest virusses

[Cyrax]

You need to get rid the virus infection.  If it is not your own machine, tell its owner to run off line (aka Live CD) antivirus program.

Avira Rescue System : http://www.avira.com/en/download/product/avira-rescue-system

[anis2505]

Hi,

I was at work when I posted the thread. I went home now.

Thanks for response anyway the problem it's not one or two machines it's at least 30 machines.

anyway thanks

regards

[Handoko]

Sality virus is a hard-to-removed computer virus because of its polymorphic behavior. You may need to use several malware tools to increase your chances to fully remove it.

Try these:

SalityKiller from Kaspersky:
http://support.kaspersky.com/viruses/utility

Stinger from McAfee:
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Emsisoft Free Emergency Kit:
https://www.emsisoft.com/en/software/eek/

As far as I remember, all the mention tools above are free and do not require installation.

[Martin_fr]

if you cant install an AV on those machines, how to you know that your app gets infected?
And also why singling out your app? Wouldn't the virus also infect any other app on those machines?

But as others said, you need to remove the source of the infection. If they virus is present and active on those systems, it really does make no different if it infects your app or not (unless you want to copy that app to other systems, but I would recommend never to trust any exe that comes from an infected system)

[bylaardt]

submit your exe file to Sha256 and compare with a external text file content.
If the sha result is diferent, your exe file was modify without permissions.
Your exe can compare itself and warning messages can alert about possible contamination.

[Martin_fr]

microsoft provides a tool for checksums https://support.microsoft.com/en-gb/kb/841290

or using powershell https://gallery.technet.microsoft.com/PowerShell-File-Checksum-e57dcd67

[RWC]

@anis2505 - Not sure if this will help you but may help someone.

I once had a virus infecting exe files and preventing them from running so I renamed a clean copy of Malwarebytes.exe to Malwarebytes.com and to my surprise it ran and removed the virus.

Of course it's always worth checking your \Windows\Start Menu\Programs\Startup folder and check msconfig startups and regedit run's & run once but I expect you've done that already. Good luck.