For me this virus is the God of Malwares.It will hav a great damage on the victims pc.If u hav this virus,i hav a bad news for u.It will corrupt many of your .exe files and if not cleaned it will corrupt all of your files with .exe or .rar extensions :|
It opens backdoors for your pc so a hacker can hack into your system easily,it executes a keylogger so dont log into some bacnking sites or dont post some crucial info just like that,also if will delete setup of most common antiviruses,i tryed to install zonealarm but it wont allow to install it then it deleted its setup :(
--Symptoms of Malware--
Task Manager - Disabled
Registry Editor (regedit) - Disabled
All files with .exe extension corrupted
"Show Hidden Files And Folders" works but returns to "hide" in few seconds
Cant Install any software
Cant Install any anti-virus
Cant Boot in safe mode (--BEWARE--Dont try to boot in safe mode,if u try to boot in safe mode then u wont b even able to boot normally next time and u will hav to reinstall Your windows)
--Removal--
First things first,Before doing anything-DISABLE SYSTEM RESTORE OR EVEN IF U REMOVE SALITY IT WILL COME BACK-if u want to hav a look at task manager but cant access it then click start > run then run this command to temporary access task manager for 3-4 seconds.After the command press ctrl+alt+delete within 4 seconds or u will hav to run the command again.
Code: Select all
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
If u DONT want to work hard and willing to spend money then u can buy pc tools and remove it BUT if u want to remove it for FREE and without any difference as paying then continue:
2 > Now when u r sure that its sality on your system then u need removal tool for it.Its called "sality remover" from avg(Included in attachments) BUT BE SURE TO DO THIS:
Remember that all your .exe will b corrupted by virus(only pctools wont get corrupted).This is a bit trick that i thought can work and yes! it did worked.u will need to change the extension of your sality remover to .cmd so virus leave it as it is.If your pc tools also hav problem then change it too to .cmd.In the attachment i already hav it to .cmd so u dont need to do anything.
3 > Before launching sality remover,make sure u shut down your pc tools internet security or sality remover will only detect malware but wont clean it.DO NOT and i repeat DO NOT uninstall pc tools only shutdown it temporarily as u will need pc toolsl later.Now run sality remover and let it do its job.Depending on the amount of .exe u hav on your HDD time of scan varies.It could be from 1 hour to nice 8 hours :)
for me it took 5 hours on hard disk with nearly 80GB of .exe files so be patience,watch tv,do exercise,cook something :D
4 > When the job is done,reboot and start pc tools and scan with it to see if there is any other sality left,if there r less sality files left like just 5-10(in my case 2 sality were left) browse to those files and delete them manually(make sure system restore is disabled) now download ZONE ALARM Internet security latest version from http://download.zonealarm.com/bin/free/ ... story.html Or u can get it from http://www.zonealarm.com
When u hav its setup,uninstall your pc tools,then restart then install zonealarm.Update your Zone alarm and do a nice full scan with it and live your happy life :)
--NOTE--
While searching the web i saw many people saying its impossible to remove this virus and only Hard disk format can remove this.I also thought to do a format of hard disk but sethioz said to me that format is for noobs who cant fix problems :D and he is very much correct.Also notice that dont believe web always,they say it cant b removed but i proved to remove it 100%
people r bit retard these days,cant do bit hard work and put an effort so we cant believe web always.Took me near to 8-9 hours to fully solve the problem,i lost all hopes hours back,only 1 thing came to my mind,sethioz said: "whenever my pc screws up,i fix it ASAP without sleeping and eating"
Thanks to sethioz for motivating me to solve this problem instead of doing a format.
Pass for the sality remover rar is: hello