One of the machines that I adminster got a bad case of W32Sality virus. it poluted lots of files on all three of the partitions of the system: XP os partition, the application program partition, and the data partition.
Did the following steps:
I completely shredded the files on the XP and application partition. I also reformatted the XP and application partitions. I want to try and salvage the files in the Data partition.
I got a new HD and installed a clean version of XP-fully patched, and SEP. and I made this disk the boot disk.Also disabled AutoRun on the system.
I booted the system in Safe Mode, no networking (and ethernet cable also pulled out), see the new HD with XP as my C drive and the data file on my old disk as F drive.
Ran SEP scan on the C drive, found nothing.
Ran SEP scan on the F (Data) drive, found 1030+ infections, all associated with .exe files, and all the instances were labled as Cleaned. They were all .exe files
Ran SEP scan on the C drive, found nothing.
Ran SEP on the F (Data) drive and found 800+ instances, mainly in the folder System Volume Information. All instances Cleaned.
Ran Scan again on both the XP and Data drives - found nothing.
So, my question is: Is this virus truly gone???? Any other precautions I can take to make sure it is really gone? ( probably will shred the SystemVolumeInformation on the Data drive) just to be sure, since I don't need any restore point information anymore.
Other related question: "Cleaned" means virus removed from file, file is still intact? and safe to run?
Quarantined means virus could not be removed so the file is 'jailed' ? In that case, the file should be shredded?
Is there a way to configure SEP such that when a USB device is inserted, a SEP scan is immediately kicked off to ensure no viruses are xferred?
Thanks for any help
-J