W32.sality is detectable by McAfee so this must be a new variant. Try the Safe Mode methods as described here: Required reading re: Malware Removal .
Also if possible, submit a sample to McAfee Labs: Submit a Sample .
If all that fails try the FREE version of THIS tool. It can be installed and run in 'Safe Mode with Networking' if necessary (reached by tapping F8 repeatedly while booting up). Make sure you update it before running.
I moved this provisionally to Malware Discussion > Home User Assistance by the way.
I"VE TRIED EVERYTHING RELATED TO SALITY, but NONE SEEMS TO WORK!!
ONLY 'IKARUS & IMMUNET' CAN DETECT IT!!
THE FOLLOWING ANTIVIRUS SOFTWARE FAILED TO:
[MCAFEE- TRENDMICRO- ESCAN- BITDEFENDER- AVAST- AVIRA- NORTON- AVG SALITY REMOVER- SALITY KILLER BY KASPER- MALWAREBYTES- PANDA- VBA32- NOD32-]
ONLY IMMUNET & IKARUS CAN DETECT IT
THE PROBLEM IS: I CAN'T ACCESS 'SAFE MODE'!!
EVERYTIME I UPLOAD A FILE DETECTED BY IMMUNET TO VIRUSTOTAL & THREATEXPERT, IT COMES OUT CLEAN!!
HOWEVER, WHEN I SCANNED BY 'SPYWARE DOCTOR', IT FOUND NO SALITY IN EXECUTABLES, BUT FOUND MANY WORM.SALITY FILES IN THE REGISTRY & THEY ALL END WITH THE WORD 'LEGACY'...ANY IDEAS?
Try not using all capitals as it makes it difficult to read. I suggest you download Hijackthis and post its log on one of the following specialist forums for expert advice.
Do not post Hijackthis logs here, we can't help with those!
Post the logs at a specialist Forum:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
I see you also posted at the Avast forum:
Are you running two antivirus by any chance? If so...then running two antivirus on the same machine can give f/p`s.
As for the Legacy keys...those are drivers or services that are no longer installed on the machine, subsquently they are placed in the Legacy key.
I suggest you follow SafeSurf`s advice and post your OTL logs as requested.
thank you, sir!!
i really appreciate it!
i'd like to tell you smething :
i've already posted @ malwarebytes & avast forumes..
malwarebytes said: NO ANTIVIRUS CAN REMOVE SALITY!!
avast: stuck !!
i give up!
i've tried everything.... anything you can think of!
hijack doesn't help cuz this malware uses very sophisticated techniques to hide itself from antiviruses...
thank you, anyway!
Thank you , sir
just wanna tell you sth: i'm formatting!
I give up!
indeed no antivirus can beat 'Sality'!