When you will view your files on your USB drives, it seems that nothing happens because all the folders are seems in the list but actually all of them are the virus already. It uses a folder icon to deceive possible victims to double-click it. It executes then the maliscious code on the system and start spreading through other drives it see then opens the folder so that you will not suspect that there’s something wrong with your system. W32/Sality Virus is really quite tricky because it combines all possible method of spreading it through the system.

What I hate about it is it can be fixed by AVAST and there’s no way you can do about it. Leaving me no choice but to delete the infected .EXE files. Another thing is that since you can’t see the folder in Windows Explorer because of what it did on the file attibutes, you need to manually reset the file attribute through the command prompt. The problem is that if you have a lot of folder to unhide, it will really very painful in your part. That’s why what I did was I made a VBS script (with the help of VBSEdit) that recursively change all the folders on the drive I like. The script that I made resets the attribute of all the folder to zero. This way it unhides all the folder that hides by the Sality virus. If you want to use the VBScript, you can download it here (just don’t forget to rename it to fixfolder.vbs) but I am recommending that you don’t run it on your system drive (C:\>)  and use it at your own risk. It work on me but if something bad happens to any way not related or related to this script, well don’t blame me.

Here’s the code:

' Reset the file attributes of All the Folder in a specific Drive
' Change Z:\ to the drive letter where you want the change will happen.

cDrive = "Z:\"

Set FSO = CreateObject("Scripting.FileSystemObject")
ShowSubfolders FSO.GetFolder(cDrive)
WScript.Echo "Done with fix."

Sub ShowSubFolders(Folder)
    str = ""
    For Each Subfolder in Folder.SubFolders
        str = str & " " & Subfolder.Path
        subFolder.Attributes = 0
        ShowSubFolders Subfolder
    Next
End Sub

W32/Sality Virus – Unhiding the Folders is a post from: Bleuken.com

No related posts.

Windows family of OS is the only target of this worm from Windows 2008, Vista to XP Home and Professional edition. According to Microsoft Support, to prevent such infection of this virus, operating system  installed prior to October 2008 should be updated to the recent security patches provided by Microsoft. Recent maliscious software removal tool of Microsoft can detect and remove this infection. However, if the system is already infected, it prevents you to access security related website thus disallowing you to access Microsoft Support page and other anti-virus websites that can help you remove this infection. You need to remove it manually or via an anti-virus program from another computer. Microsoft Support at http://support.microsoft.com/kb/962007 provided a step-by-step instruction on how to remove the infection manually.

Latest news about this worm said that the payload of Conficker is still about to come and just waiting for it to be activated. The high-tech culprit behind this is not yet traced but being tracked down by authorities. What the security experts scared about this infection now is that the possibility that someone might discover the activation of this worm and the uncertainties on how many computers can be accessed by hackers with full administration rights. Companies and organizations around the world that uses a unupdated operating systems are in danger of this security issue and should act on this immediately.

If you want to avoid/prevent this kind of infection to your PCs using Microsoft’s OS, make sure that you always update the system with the security patches from them. It will only take a minute to do that and it will be for the best of your system so you should provide time for it. If you neglect it, you might lost a lot of things. Be aware and be updated. Get a security patch always!

For related news and stories about Conficker, just visit the following sites:

http://news.bbc.co.uk/2/hi/technology/7832652.stm

http://en.wikipedia.org/wiki/Conficker

http://support.microsoft.com/kb/962007

Conficker Worm/Virus, Removal and Prevention is a post from: Bleuken.com

Related posts:

1. Most Effective “Anti-Virus” For You
2. Removal and Prevention of Gumblar.cn Infections
3. Free Tools for Virus, Worm, Malware & Spyware Prevention & Removal