Sality virus is one of the viruses that infect executable (*.exe) files in the computer and in some cases also file with the extension *.com, *.dll and *.scr. When it infects a file, some viruses variant will install a helper component in the Windows System folder.
Names of this component will vary by Sality variant (source: Norman website): Syslib32.dll (All early versions) Olemdb32.dll (Sality.M, 3:03 version) Wmimgr32.dll (Sality.N, 3:04 version) Vcmgr32.dll (Sality.P / Q, version 3:07) Vcmgcd32.dll (Sality.R, 3:09 version) Wdmfmc32.dll (Sality.S, 3:07 version) If the virus has infected *.exe files in Windows System (eg explore.exe), then you will not be able to run Windows explorer and your windows will run abnormal/ unstable.
Some Sality variant/virus aliases:
Sality, Win32/Sality, Sality.AA, Sality.AE, Sality.AH, Sality.AM, Sality.AR, Sality-302, Sality-302.dll, Sality-302.lz, Sality-304, Sality-304.dll, Sality-304.lz, Sality-309, Sality-309.dll, Sality-309.lz, Sality-400, Sality-400.dll, Sality-400.lz, Sality-400.sys.
Symptoms when Sality infected your computer:
1.Task manager can not run, if you press Ctrl+Alt+Del will show error message: "Task manager has been disabled by administrator". When ever you change its settings in "gpedit.msc" it changes back to the same after some time.
2.Regedit disabled with the error message "Registry editor has been disabled by administrator".
3.Folder options. You can not display hidden files. When you check "Show Hidden" files in the folder options options; it changes to "do not show hidden files" again when you click OK.
4.Once you plug the USB into the computer, this virus will generate autorun.inf file and some virus file.
5.Antivirus and firewall are not working. You can't run it and you can't scan with it; even you can run it and scan with it, the virus won't be found or the virus will be found but anti virus can't clean/delete it.
6.Windows can not run in Safe Mode.
How to clean/delete Sality?
You need 2 tools to eradicate this viruses:1.Norman Malware Cleaner which can be downloaded in one of the following links:
2.Win32.Sality.AE Symantec Removal Tool, can be downloaded at:
Cleaning the Virus:
1.Turn your computer system restore off. Open Control Panel and then double-click System. In the System Properties select the System Restore tab and check on the “Turn off System Restore”.
The question is, whether there are files still infected. Maybe it was. To be certain, run the Symantec Removal Tool Win32.Sality.AE once again. Even so, perhaps there is still virus-infected files by Sality in your computer. Run your anti-virus with the update virus definition. If your antivirus can not clean the virus, the infected files should be removed. But it need to do carefully and ask the expert to help if you are still not sure, because if the deleted files is windows system file, your windows will be uninterrupted or can not even working. Good luck..
Hi friends,
ReplyDeleteI wrote this article base on my personal experience. One day, my office colleague bring me his new laptop, he said his internet connection is very slow, and his computer speed as well. When I tried to change some windows setting tru Task Manager, it didn't work. Also the regedit.
Looking around in the internet I found this tips, I tried, it is working. But, finally his computer not 100 percent working normally. As I told you above, after all cleaning process using Norman Malware Cleaner and Symantec W32. Malware remover tools, you need to scan with your antivirus. If you have no powerful enough antivirus, some resident viruses will still remaining in your computer. Can't being cleaned/healed. And if you want this infected file(s)not exist anymore, u need to delete it. The ""most important"" thing, this file could be windows system file, or other executable file that will cause problem if deleted. So be careful, or ask your expert friend
wow thats great :)
ReplyDeletethaks buddy this is really useful for everybody.
Nice to visit here. i added this on my favourate
sachin running seo courses in delhi and currently focusing on packers and movers in pune packers and movers in mumbai kolkata
Nice Info and good tool...keep posting my friend!
ReplyDeletehttp://andystonecold2009.blogspot.com
My Blog PR 4 and who want to exchangelink with my blog,can visit my blog and tell me,ok....
ur blog is really nice and interesting, You have maintain it so beautifully that I truly like & enjoy it
ReplyDelete