Win32 Sality virus mainly spreads though removable medias like the USB flash drives and external HD’s. This virus are is known as the variant of “new folder” virus and are capable of replicating itself into every folder inside the hard disk.
Common problems with Win32 Sality includes:
1. Able to install any antivirus or any software.
2. System functionality like Task Manager, Reg-edit , MS-config etc. can stop working & in some cases control panel as well as your folder options.
The Sality Removal Tool is mainly designed to scan and kill win32.sality virus and does not offer removal of any other variants. Viruses like khatra.exe and ghost.exe virus which is also comes under the same Sality variant.
So, I am coming up with the 3 methods to remove Win32 Sality completely.
Download the following three files (rmsality.exe, rmsality.nt, rmsality.dos) from here and run the rmsality.exe file.
You can also specify the disks (or partitions) to heal as a command parameters, e.g.: “rmsality C: D:”. Run the rmsality.exe file as an administrator (in windows vista and windows 7) to start the tool for scanning.
Download the latest Avast Home edition from here and install the anti virus and scheduled a boot up scan. During boot scan when the virus is detected just press 1 to delete the files.
Note: Do not select Delete all infected files as it can delete some system files resulting in system crash. Delete any .EXE or .COM apps that you think may be infected.
This method I came across through Sastrowijoyo’s blog article. I am just posting it here for easy reference.
1. Take your infected hard drive out of your PC.
2. Go to someone who have the latest updated Kaspersky antivirus (AVG won’t work)
3. Put your hard drive to his/her PC
4. Run his/her windows.
5. Scan your hard drive using his/her Kaspersky antivirus. You’ll find out that most of your .exe files have been infected.
6. Disinfect all of them
7. You will find that some files in your system32 couldn’t be disinfected. This is the core of the virus. get rid of them.
8. You will find that a file couldn’t be deleted. This is the main problem. i haven’t find out how to delete this. Just leave it alone
9. Copy the installer of the kaspersky from his/her computer.
10. Run your windows, install the kaspersky and update it to the latest version.
11. Your PC is safe now.
To have your Reg-edit and Task managers
To have your Regedit and Task managers working back as normal you’ll need to restrict anything tweaking it, try this:
Enable Task Manager
Start->Run and type gpedit.msc Navigate to User Configuration -> Administrative Templates -> System -> Ctrl+Alt+Del Options on your right ensure that Remove Task Manager option is set to “Disable”
Repeat for regedit and ensure that Prevent Access to Registry Editing Tools is set to “Disable” under Systems close the window after making the changes restart your PC and you are free again. Just watch out for the virus though.
Disable Autorun Feature of Windows
How to Remove Autorun.inf virus Completly from System can help you remove autorun.inf from your windows operating system. This can further eliminate any probability of viral programs self activation and do all the damage.
Did you liked the post? Feel free to post your queries, opinions & views through your comments.