Malware.Sality Worm.sality win32/sality removal Guaranteed

Detailed explainations of errors/bugs. cause and fix (if any). also support for your problems here.
Post Reply
User avatar
KEN
Special
Special
Posts: 751
Joined: Thu Jan 28, 2010 8:11 am

Malware.Sality Worm.sality win32/sality removal Guaranteed

Post by KEN »

This is not a copy and paste,i m writing this coz i just finished up solving and cleaning my pc with this malware,so read :)
For me this virus is the God of Malwares.It will hav a great damage on the victims pc.If u hav this virus,i hav a bad news for u.It will corrupt many of your .exe files and if not cleaned it will corrupt all of your files with .exe or .rar extensions :|
It opens backdoors for your pc so a hacker can hack into your system easily,it executes a keylogger so dont log into some bacnking sites or dont post some crucial info just like that,also if will delete setup of most common antiviruses,i tryed to install zonealarm but it wont allow to install it then it deleted its setup :(

--Symptoms of Malware--

Task Manager - Disabled
Registry Editor (regedit) - Disabled
All files with .exe extension corrupted
"Show Hidden Files And Folders" works but returns to "hide" in few seconds
Cant Install any software
Cant Install any anti-virus
Cant Boot in safe mode (--BEWARE--Dont try to boot in safe mode,if u try to boot in safe mode then u wont b even able to boot normally next time and u will hav to reinstall Your windows)

--Removal--

First things first,Before doing anything-DISABLE SYSTEM RESTORE OR EVEN IF U REMOVE SALITY IT WILL COME BACK-if u want to hav a look at task manager but cant access it then click start > run then run this command to temporary access task manager for 3-4 seconds.After the command press ctrl+alt+delete within 4 seconds or u will hav to run the command again.

Code: Select all

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
1 > Remember that first u need to make sure wat u r dealing with so to make sure download "pc tools internet security 2011" from http://www.pctools.com .I dont know y but this is the only security suite that installs without any problem and sality cant stop it from installing.Then update it and do a full scan with it.If there is sality on your pc then it pc tools will name it as "Malware.Sality" or "Worm.Sality"
If u DONT want to work hard and willing to spend money then u can buy pc tools and remove it BUT if u want to remove it for FREE and without any difference as paying then continue:


2 > Now when u r sure that its sality on your system then u need removal tool for it.Its called "sality remover" from avg(Included in attachments) BUT BE SURE TO DO THIS:
Remember that all your .exe will b corrupted by virus(only pctools wont get corrupted).This is a bit trick that i thought can work and yes! it did worked.u will need to change the extension of your sality remover to .cmd so virus leave it as it is.If your pc tools also hav problem then change it too to .cmd.In the attachment i already hav it to .cmd so u dont need to do anything.


3 > Before launching sality remover,make sure u shut down your pc tools internet security or sality remover will only detect malware but wont clean it.DO NOT and i repeat DO NOT uninstall pc tools only shutdown it temporarily as u will need pc toolsl later.Now run sality remover and let it do its job.Depending on the amount of .exe u hav on your HDD time of scan varies.It could be from 1 hour to nice 8 hours :)
for me it took 5 hours on hard disk with nearly 80GB of .exe files so be patience,watch tv,do exercise,cook something :D


4 > When the job is done,reboot and start pc tools and scan with it to see if there is any other sality left,if there r less sality files left like just 5-10(in my case 2 sality were left) browse to those files and delete them manually(make sure system restore is disabled) now download ZONE ALARM Internet security latest version from http://download.zonealarm.com/bin/free/ ... story.html Or u can get it from http://www.zonealarm.com
When u hav its setup,uninstall your pc tools,then restart then install zonealarm.Update your Zone alarm and do a nice full scan with it and live your happy life :)

--NOTE--
While searching the web i saw many people saying its impossible to remove this virus and only Hard disk format can remove this.I also thought to do a format of hard disk but sethioz said to me that format is for noobs who cant fix problems :D and he is very much correct.Also notice that dont believe web always,they say it cant b removed but i proved to remove it 100%
people r bit retard these days,cant do bit hard work and put an effort so we cant believe web always.Took me near to 8-9 hours to fully solve the problem,i lost all hopes hours back,only 1 thing came to my mind,sethioz said: "whenever my pc screws up,i fix it ASAP without sleeping and eating"

Thanks to sethioz for motivating me to solve this problem instead of doing a format.

Pass for the sality remover rar is: hello
Attachments
sality removal tool.rar
(449.42 KiB) Downloaded 701 times
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Malware.Sality Worm.sality win32/sality removal Guarante

Post by Sethioz »

Too long and messy, i would just use my linux live cd, install wine and win AV there, scan the win partition using it and remove any traces of it. that simple.

for ppl who does not know much about linux, then it means that linux does not use .dll or .exe extensions, which means that it is immune to all type of windows affecting viruses.
User avatar
KEN
Special
Special
Posts: 751
Joined: Thu Jan 28, 2010 8:11 am

Re: Malware.Sality Worm.sality win32/sality removal Guarante

Post by KEN »

correct,but there r people who dont hav linux :-\
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Malware.Sality Worm.sality win32/sality removal Guarante

Post by Sethioz »

doing all that takes longer than to download linux.
User avatar
KEN
Special
Special
Posts: 751
Joined: Thu Jan 28, 2010 8:11 am

Re: Malware.Sality Worm.sality win32/sality removal Guarante

Post by KEN »

no no,linux was somewhere 1 gb and u know the blazing speed net i m using :P
well all the things i hav written seems pretty long but there is not actually much to do other than get the attachment file,scan with it,then with pc tools and done.At last to get zone alarm or watever the user seems a good antivirus.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Malware.Sality Worm.sality win32/sality removal Guarante

Post by Sethioz »

there are different types of linux. ubuntu normal version is about 600mb, but you can always find one that has only basics, just enought to run the scan.

this goes into offtopic already, no more about linux.
Post Reply