How to remove sality virus
K. Sality Description
What is Sality?
This is a quote from Norman website :
“A family of fileinfecting viruses with backdoor and keylogger capabilities. Some variants install a helper component in the Windows System folder. Names on this component vary by Sality variant:
SYSLIB32.DLL (All early versions)
OLEMDB32.DLL (Sality.M, version 3.03)
WMIMGR32.DLL (Sality.N, version 3.04)
VCMGRD32.DLL (Sality.P/Q, version 3.07)
VCMGCD32.DLL (Sality.R, version 3.09)
WDMFMC32.DLL (Sality.S, version 3.07)
…and others.This DLL is then injected into running processes.”
Another alias : Sality, Win32/Sality, Sality.AA, Sality.AE, Sality.AH, Sality.AM, Sality.AR
L. How to know your computer is infected by Sality Virus :
These is the indications :
- Task manager is disabled.
- Registry Editor is disabled.
- Show all hidden files and folders are not working.
Hiden Files Folder setting always checks “Do not show hidden files and folder” option. You can’t change the option, even if you check “Show hidden files and folder” option
- Firewall and anti virus are not working.
You can’t run it and you can’t scan with it; even you can run it and scan with it, the virus won’t be found or the virus will be found but anti virus can’t clean/delete it.
- The virus infects .exe files on every partition of you harddisk.
Almost all your .exe files on your computer will be infected (included explorer.exe, uninstall.exe, etc). Some of your .exe applications still may run, but some of them won’t run (it will kill the runing process of infected .exe aplication or/and show an error message)!
- The virus may infects some .com and .scr files.
- The virus may infects some .dll files on your Windows folder.
- If you plug in your USB Device on your computer, it will create an autorun.inf file + a random virus file.
Pic1 :
The virus created an autorun.inf file + a random virus file (pwkmla.cmd) on my sample UFD. - You can’t boot your Windows in safe mode. You will failed if you try to boot your Windows in safe mode, and your system will restart automatically.
M. Virus Removers
Before deleting the virus, you should download these tools :
- Norman
SafianoMalware Cleaner
Choose one of these two links :
Download 1 : http://download.norman.no/public/Norman_Malware_Cleaner.exe
Download 2 : http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
- Symantec Win32.Sality.AE Removal Tool
Choose one of these three links :
Mirror Download 1: http://www.ziddu.com/download/3653712/FxSltyAE.rar.html
Mirror Download 2: http://rapidshare.com/files/233586434/FxSltyAE.rar.html
Mirror Download 3: http://www.filesonic.com/file/1731771/FixSalityAE.rar (If you click the link and you can’t download it, then just copy the URL and paste it on your browser address bar).
Mirror Download 4 : http://depositfiles.com/files/f43m8s6kj
N. How to remove Sality Virus
How to remove sality virus :
- Turn off “System Restore”.
Pic2 :
System restore - Run Norman
Safiano what’s up broMalware Cleaner to scan the virus.
Pic3 :
Norman Malware Cleaner - If “do you want to restart…” dialog appears after scanning by Norman
SafianoMalware Cleaner, you may restart or not restart.
- If you want to restart, make sure the “System restore” is still turn off before restarting. After restarting, you should do step 1 to 2 again.
- Run Symantec Win32.Sality.AE Removal Tool
Pic4 :
Symantec Win32.Sality.AE Removal Tool - If “do you want to restart…” dialog appears after scanning by Symantec Win32.Sality.AE Removal Tool, you should restart. Make sure the “System restore” is still turn off before restarting.
- After restarting, the virus most probably has been removed. Task manager and Registry Editor are re-enabled now.
- To make sure the virus has been removed, run Symantec Win32.Sality.AE Removal Tool once again.
O. Important Note
- Sality virus most probably has been removed but maybe some files (exe, dll, etc) are still infected by Sality Virus. To clean it, you should scan it with your anti virus (NOD32, Kaspersky, Norman, Symantec, etc).
- If anti virus can’t clean it, you should delete the infected files (exe, dll, etc) BUT you should do it carefully and you should be more careful if the infected files exist on Windows Folder (example : explorer.exe etc). Before deleting, make sure the system will be fine if you delete it. If you’re not sure, don’t do it, or consult it to expert.
- To repair safe mode, you can download the registry file to fix it :
http://www.eset.hk/support/tools/repairboot.zip
or
http://support.kaspersky.com/downloads/utils/sality_regkeys.zip
Extract, and run one file for your match system (safebootWinXP for windows XP, etc).
- Re-installing Windows is not the best option, especially if your Windows license is not FPP/OLP. (Remember, if you re-install Windows, you must re-install driver & some softwares, etc and don’t forget you should re-activate your Windows again). Re-formatting all of your hard disk partitions then re-installing Windows is the last option IF you want to do it.
- I haven’t re-formatted all of my hard disk partitions and re-installed Windows, because Sality virus has been removed and the infected files have been deleted carefully.
Yusuf KS (The S’ abbreviation is not Sality!!)
p.s. If a problem’s still occurred, you can ask it on comment, I’ll help as best as I can.
Weblog : https://myks.wordpress.com
Permalink : https://myks.wordpress.com/2009/05/16/how-to-remove-sality-virus/
PDF Version : http://www.kakikaku.com/yks/articles/how_to_remove_sality.pdf
https://myks.files.wordpress.com/2012/11/how_to_remove_sality.pdf
COLORS OF JOHOHOHO...!!! 
Posted by Jose on May 30, 2009 at 10:57 pm
Ultra Thanks Master, your information help me more.Thanks…
Posted by advantzkomputer on November 10, 2009 at 6:01 pm
ehem i just have been attack by sality virus…
huh it make my head in pain
Posted by mr. tree on June 3, 2009 at 6:58 am
you just saved my ass, I think. thanks.
Posted by Ankit on June 10, 2009 at 1:25 am
Just removed this virus from another laptop and I can’t browse the web anymore. Yahoo Messenger connects fine though. Any idea why?
Posted by Yusuf KS on June 10, 2009 at 6:37 am
@ Jose and mr.tree :
You’re welcome.
@Ankit :
I’m not sure why, maybe some files of your browser were being deleted while you’re removing the virus. Please try these two steps :
1. Reinstall your browser. Example : if your browser is Mozilla, you should reinstall Mozilla on your computer.
2. If your browser still can’t connects to Internet, you should install another browser, example Opera, GoogleChrome, etc.
Please try step 1-2 for now, if it still can’t connects to Internet, maybe another problem happens (Internet setting, firewall, etc).
Posted by Ru on June 21, 2009 at 4:30 am
Thanks! This seems to have worked. Quick question, why is it important to disable system restore? I could think of a few reasons, but is there something this virus does with it? Thanks again for the help.
Posted by Yusuf KS on June 22, 2009 at 3:07 pm
@Ru
You’re welcome.
Some viruses can backed up their selves in system restore folder, that’s why we should turn off system restore before virus scanning/removing.
Some variants of sality virus can turn on system restore if system restore setting is turn off, that’s why we should make sure system restore is still turn off when we scan/remove this virus.
Posted by Ulan on July 2, 2009 at 11:01 pm
[quote]Yusuf KS (The S’ abbreviation is not Sality!!)[/quote]
If the abbreviation of S’ is not for Sality then perhaps it’s erm..
Clue: Remove some letters and change it into the other letters.
..
Sa[s]lity[/s] becomes Sa[b]mi[/b].. =D
Yehey!
Eh.. Kalo Sami sih yang nyanyiin lagu Supplication yah!
Yaah.. Keliru lagi deh..
Maaf, maaf ada kesalahan teknis euy.. @#$%!$%^
Posted by Yusuf KS on July 3, 2009 at 8:04 am
@ Ulan :
Wrong! Not Sami, nor Sama. I don’t know Supplication but I know Sami Tamaki, eh Nami ^^.
Posted by too cool on July 5, 2009 at 11:09 am
trima kasih atas info nya, tp windows saya msh error nh mas..
contoh: gak bisa drag, paste file (copy bisa,tp begitu di paste gak bisa), klo klik kanan trus send to juga gak bisa (loading lama bnget)..
kira2 bagaimana yaa memfix nya??? please bantuan nya..
mksh..
Posted by kb on July 7, 2009 at 12:39 am
Thanks for your info! it really helps!
I’m enable to go into my task manager again,
so should I enable back my system restore?
and by the way, which free antivirus would you can recommend for this task as you mentioned? will AVG do the job?
“# Sality virus most probably has been removed but maybe some files (exe, dll, etc) are still infected by Sality Virus. To clean it, you should scan it with your anti virus (NOD32, Kaspersky, Norman, Symantec, etc).”
Posted by Yusuf KS on July 7, 2009 at 7:04 am
@to cool :
Coba scan lagi pakai Norman Malware Cleaner, lalu lihat apakah masih ada file yang terinfeksi sality. (Scan juga pake antivirus lain yang up to date).
Kemungkinan masih ada file yang terinfeksi sality, jadi harus dibersihkan atau dihapus.
Untuk sementara ini supaya bisa copy paste dengan lancar cobalah pakai file manager selain Windows explorer. Bisa juga pakai image browser seperti ACDSEE (shareware), XnView (Freeware).
Semoga dapat membantu.
Posted by Yusuf KS on July 7, 2009 at 7:07 am
@kb :
You’re welcome.
Yes if you want to enable back it.
I recommend ESET NOD32. I think, if your anti virus –whichever anti virus you have– is up to dated, it should do the job 😉 .
Posted by kb on July 7, 2009 at 10:32 pm
oh my god… how come even I scan through everything.. this time it gets more serious…
now I notice it is still not clean.. and I cannot go into safe mode… further more, my antivirus (avast) is often shut down by it, when I open, it will automatically close even before it can run the program…
any ideas?
Posted by kb on July 7, 2009 at 10:58 pm
Symantec Win32.Sality.AE Removal Tool says there are no sality 32 in my computer…
then what should be the problem?
because all the indications of my computer are like as mentioned above.
I can’t go into safe mode, all my exe files are not working anymore, even going into rar file sometimes also need some special works on it.. which is very troublesome.. everything seems not under my control…
Posted by Yusuf KS on July 8, 2009 at 8:00 am
Answer :
That’s why some exe files are still not working.
1. Please repeat part M (1-2) to part N (1-8)
2. a. Reinstall your newest antivirus from your disc or
b. Download newest antivirus (freeware or shareware), then install it
3. Do part O 1-3, and do not run any .exe application exclude antivirus before doing part O (1-3).
Remember, antivirus may be able to clean the infected files or may be not.
So, if anti virus can’t clean it, you should delete the infected files (exe, dll, etc) BUT you should do it carefully. Don’t worry, you can reinstall them after that ;).
Posted by B.Babiyan on July 8, 2009 at 6:38 pm
Excellent Explanation about Sality. You have Done a Great Job to IT Professionals. THANKS a LOT for ur Work.
Posted by 3k3n3 on July 16, 2009 at 12:48 pm
I have been battling this virus for 8days now,till i found this suggestions which am going to try today…if it works or not i will let y’all know.
Posted by jack on July 26, 2009 at 6:30 pm
thanks… my computer are back to normal…
Posted by Andrew on August 16, 2009 at 4:17 am
Thanks, it worked
Posted by gigs on August 18, 2009 at 12:15 am
before running norman.exe a useful tip would be to rename this as a norman.bat to be executed to the infected PC as sality will infect the exe as soon as it is copied to the hard disk.
another useful utility is a NSS from symantec.
Posted by Alex on September 1, 2009 at 12:19 pm
A friend of mine just emailed me about kaspersky license from your articles from a while back .I read that one a few more. Really enjoy your blog.
Thanks
Posted by Angel on September 3, 2009 at 7:45 am
Dont work for me aaaaa
Posted by cahgombong on September 11, 2009 at 10:34 am
error by slity.nar thanks 4 info…. i hope it work
Posted by Aldrin on September 12, 2009 at 6:39 pm
Help why when i start scanning norman malware cleaner it stops at C:\Documents and Settings\HP_Owner\Local Settings\Temp\cgrmww.exe (infected with W32/Horst.gen33)
Posted by Aldrin on September 12, 2009 at 6:53 pm
Help when i start scanning normal malware cleaner it stops at C:\Documents and Settings\HP_Owner\Local Settings\Temp\cgrmww.exe
Posted by Yusuf KS on September 20, 2009 at 5:53 am
@gigs :
Thanks for your additional information.
@Angel and cahgombong :
I wish I can help you more. Thanks for trying those steps.
@Aldrin :
It seems your computer’s infected by Trojan.PWS.Gamania.v2 AKA W32/Horst.gen33, Mal/Heuri-E, Trojan-PWS.Win32.Agent.im, etc. I recommend you to clean/remove this trojan first. Scan your computer with your antivirus, make sure that your antivirus is up-to-dated. Also, you can download another newest version antivirus (freeware or trial) to scan and clean/remove this trojan e.g. ESET NOD 32, Symantec, Norman, AntiVir (Freeware), F-Secure, Ikarus, Panda, Sophos, Sunbelt, or else.
After the Trojan has been cleaned/removed, you can try again those “how to remove sality virus” steps to remove sality virus.
Posted by Howard on October 13, 2009 at 3:33 am
Thank You! Thank You! Thank You! I got hit with this virus while I was traveling in Italy away from any bootable CD, my restore CD, my Norton restore CD. I downloaded the programs you recommended, followed your instructions, and was able to recover / remove this awful virus from my laptop.
In short, you and your site was a life saver for my laptop and the rest of my trip. Again, Thank You!
Posted by raghu on November 3, 2009 at 12:20 pm
Hi All,
My PC has been infected with Sality virus. while i am searching for the solution luckily i found this forum.
I tried removing implementing these steps, but i need so stop at the first step itself because my “system restore” tab has been disabled. even i tried opening through registry but even i am unable to open regedit from run tab.
Can you please help me on this.
Thanks,
Raghu
Posted by raghu on November 3, 2009 at 12:22 pm
small correction in my above posting, “system restore” tab is missing….
Posted by Yusuf KS on November 7, 2009 at 1:30 pm
@ Howard :
You’re welcome.
@raghu :
1. Insert your Windows XP CD.
2. Start –> Run –> Type or copy paste “rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf” –> OK.
Posted by ed on November 10, 2009 at 8:33 pm
bosss,
sehabis restart langsung blue screen tuh bos, solusinya gimana ya???
thx
Posted by Yusuf KS on November 13, 2009 at 5:00 pm
@ed :
Kalau masalah blue screen bisa bermacam-macam kemungkinan, bisa ada masalah pada software (termasuk Windows), bisa juga ada masalah pada hardware. Saran saya, coba bongkar dan pasang kembali beberapa komponen yang terpasang di motherboard seperti memory, card (vga card, tv tuner card jika ada). Bersihkan pula jika kotor.
Posted by Josh on November 14, 2009 at 4:57 pm
Why is it that my avast antivirus(up to date)hasnt been destroyed by the virus?????becoz my pc has beed infected by it too.the virus came from a USB after i click the USB it itsecutes itself then avast detected it then too many exe file has been infected so avast suggest to have a boot scan then POFF!! the virus has now gone safe mode has been restored by that .reg file of kaspersky..
then only one question to ask:
Is my PC clean now after avast deleted the files then i followed with MBAM scan then Dr.Web Cure It and theres no virus has been detected so does my pc now is clean??
Posted by Yusuf KS on November 16, 2009 at 9:27 am
@ Josh :
Yes, I think. If you don’t get sality indications on your computer, your computer is clean.
Posted by weirdguy on December 4, 2009 at 1:29 pm
Do I have to run the second one if I know that I have the AM version of it?
Posted by Yusuf KS on December 7, 2009 at 4:22 pm
Second one? If you mean Symantec Win32.Sality.AE Removal Tool, then you should run it.
Posted by Kevzzaido916 on December 9, 2009 at 6:00 pm
sality has new version..
win32/sality.NEU virus
My nod32 detected it
Posted by Aisa on February 12, 2010 at 3:29 pm
Selam,
my laptop has infected with this virüs, i was using PANDA ’10 trial version but not working. I’d downloaded ‘ur links and do the steps, but after the rebooting, my ctrl+alt+delete hasnt came back! My all projects, important photos and so many memories in here my only laptop. What have to do now, please help???????
Posted by Yusuf KS on February 13, 2010 at 9:50 am
@Aisa :
Alaikumus salam,
Your operating system Ctrl+Alt+Del function most probably has been disabled. To enable it, you should fix your operating system registry. Check your email for the detail. Thx.
Posted by Sunil on February 17, 2010 at 4:52 pm
Hi,
The download link is not working,mine system has been infected with the virus and it has disable task manager,registry etc etc,exe file has been infected….iam using avira antivrus but when i scan it shows 368 files infected,2 suspicious,1 warning….exe file the most is infected…
Please help me
Posted by Yusuf KS on February 18, 2010 at 9:16 am
Please download these files :
Norman Malware Cleaner :
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
Symantec Win32.Sality.AE Removal Tool (new link) :
http://sharingmatrix.com/file/1731771/FixSalityAE.rar
registry repair :
http://support.kaspersky.com/downloads/utils/sality_regkeys.zip
Then follow steps how to remove Sality Virus at “N. How to remove Sality Virus”
Posted by Asia on February 27, 2010 at 5:52 am
SelamAlaikum Sinc.Yusuf KS,
Thanks to Allah after to you with pray. Your links is cleaning the virus, ok. But when i connect my cellphone(sony-erc.) to laptop, the Sality came back more dangerous, this time my norman and salityremover files have infected that i’d downloaded from your links; i hadn’t clean them up, they were on my desktop if one day it come back! now my Mfix log writes:
C:\RECYCLER\S-1-5-21-1514361131-1087202503-291779063-1006\Dc272.exe (Infected with W32/Horst.gen33)
and at the same time when this Horst found, the Norman is freezing on screen.
At other side, i think my external HD and phone has Sality too, so what will i do, i have not enough money to buy news’ and how can i remove it from my flashes without infecting my laptop again? In which situation i can connect and clean them up???? i don’t understand any more like safe mode etc…. and i can’t take them up to a proffessional in this country (so expnsv.)
Stay with lots of pray insaAllah my brother…
Posted by dare on March 7, 2010 at 8:01 pm
bos..
link k3 yg agan ksh kok gk bs kebuka ya…ada yg lainnya??
Posted by Yusuf KS on March 9, 2010 at 6:30 pm
@ Asia :
Check your email. I sent the answer via email last week. I hope you have already read it.
@ dare :
link ke3? link mana yang u maksud?
Posted by dare on March 9, 2010 at 10:13 pm
eh iya…maap..
yg di post tnggal 18feb ntu…yg registry repair…
g bs kbuka n kedwnload..hmm..
Posted by Yusuf KS on March 10, 2010 at 10:45 am
@ dare :
dibuka pakai program pembuka zip, di-extract, lalu double click file yang sesuai dengan OS yang dipakai. (Misal : SafebootWinXP.reg). Setelah dibuka memang sepertinya tidak terjadi apa-apa, tapi coba restart dan masuk ke safe mode windows, jika prosesnya benar maka safe mode windows dapat berjalan kembali dengan normal.
Posted by gan on March 10, 2010 at 10:50 am
hi,
how i to remove win32/sality.V , sality.NAV, tsay.exe.., viruses and repair system Win XP. it’s making samename.exe application like file folders, and antivirus programm deleting all doc’s, but disc is full, i was done show hidden files but it’s not showing.
please, help me, how i to remove viruses, nad repair system win XP and my documents.
Posted by gan on March 11, 2010 at 3:53 pm
I have no viruses, no problems, KAV is best.
Guess do it
http://www.virusexperts.org/removal-tips-tools-and-videos/how-to-remove-viruswin32salityaa-win32salityam-w32salityah/
Posted by gan on March 11, 2010 at 3:58 pm
…and to repair system download RRT.rar
Posted by Massoud on March 10, 2010 at 2:25 pm
Hi
Because virus is activated on my PC , I can not run any cleaner ,ie. when I run FxSltyAE.exe on my pc, it immediately closed.
Plz Help me
Posted by Asia on March 15, 2010 at 5:56 am
Salam Aleykum Sinc. Yusuf KS, Allah hear about your prays insaAllah….
yes, i have read your mail, i’m sorry to late thanking or mukabala, but i didn’t know what to do for a long time. my question was about portable drives like usb, phone etc. you had given me some programme names but there is a part i have afraid of “4. USB Firewall window appears, click “clean all partition”
however, i cant connect them to pc but these drives have some files like work, videos, voice records. if i do your insr. in mail, do all parts and things on drivers destroyed?? i will download the usbfirewall, is it means ” when i connect my usb to pc, any autorun.inf or sality does not infect pc, so i can clean them all up”?
if i clean all partition, would my all docs gone, or should i have a bluetooth to avoid the connection? i think it is a big sin to go internet cafe with my pretty Salitys and try to solve the problem on their pc’s:))))) Thanks to Allah at first for creation of the chance to meet you, be all pray with you, esSalam….
Posted by Yusuf KS on March 15, 2010 at 2:50 pm
@ Masood :
Check your e-mail, I’ve sent the answer via email.
@ gan :
Thank you for your information.
@ Asia :
Alaikumussalam Yesil Mavi.
The answer to your question is no. USB Firewall just delete autorun.inf file on every harddisk partition on your computer, it won’t delete another files (doc, audio, video, etc). I hope you don’t have any worry to follow the instructions of removing virus on portable drive now.
if the owner allowed you to try to solve the virus problem, why not to try?
Alhamdulillah, it’s destiny of Allah so that we have chance to meet each other. Thank you, alaikumussalam.
Posted by Dan on March 16, 2010 at 2:54 am
I wrote another approach for the more ‘simple’ user. Let me know what you think. http://bit.ly/bpMk0w
Posted by Ganif on March 28, 2010 at 2:55 pm
use salitykiller for cleaning file infected by sality
http://www.ziddu.com/download/7070827/salitykiller.zip.html
Posted by Tim on April 3, 2010 at 11:05 pm
I am having the same issue as Massoud. All of these .exe programs that are being suggested to use to remove this virus, well they cannot run due to the Sality virus. I also am not able to access ‘System’ in order to access the system restore feature. The only think I can think to do is TRY to reboot with safe mode on and see if regain some measure of control to re-try the above steps, but its looking pretty hopeless. Also, a new “Antivirus Suite demo” (which of course wants my money to solve all my problems” has started showing up on my screen telling me the virus name is “Sality.AN”, which is a version I have not seen any one else report.
Any suggestions?
Posted by Asia on April 12, 2010 at 3:57 am
SalamAleyk…
How are you Sinc. Yusuf KS? Thank to Allah at first, after to you:)))))))) for saving my infected PC and all portable drivers… they thank all too:)
Before i’ve cleaned SALITYs (kill’em all!!) and after my outoruns on portables with your valuable inst.s… You wrote me without getting bored (i think also:) and say whatever i can do being a brother. Thanks and see you later again, please do write me ever you want. Is there anything yourself want from my country, i’ll do whatever i can. Thanks a lot… Esselamu Aleykum ve Rahmetullah ve Berekatuh my brother…
Posted by Revenand on May 19, 2010 at 9:38 am
dear brother,
I’ve done every step you mention above, and yes some of sality are deleted.
But still I didnt see my regedit and task manager enabled.
Can U help me?
Posted by kisenda on July 10, 2010 at 7:40 am
@ Admin Mas Yusuf
Thanx 4 All this, Mirror download Sality Remover..
Still moving .& . Repairing .. but it will be Ok soon.
Murid Bu Guru Hira ?? (klo ya, berarti kita temen ‘sekolah’ y
Slm kenal
Posted by hrx on August 25, 2010 at 5:42 pm
Thank you. This informations helped me a lot.
Posted by endar on September 14, 2010 at 9:29 am
Assalamualaikum,
Sblmnya sy ingin mengucapkan Selamat Hari Raya Iedul Fitri 1 Syawal 1430 H.
Terima kasih atas masukan mas Yusuf untuk membasmi virus sality ini.
Sy sdh ikuti semua instruksi yg ada, task manager jg sdh dpt berfungsi hanya saja stlh proses pembersihan ini ada bbrp hal yg tidak wajar terjadi pd laptop sy.
Antara lain:
1. bbrp aplikasi tidak berfungsi normal, spt aplikasi sierra wireless tuk koneksi internet dg usb modem. ketika ingin sy install ulang ulang, proses uninstal dan instal dr cd-nya tdk bs dilakukan.
2. windows ttp blm bs ke safe mode. Sy sdh coba download program regfix pada petunjuk O tetapi link yg ada di blog anda tdk bisa diakses.
Saat ini hanya hal2 tsb saja yg ingin sy tanyakan
Tksh
Wass.
Endar
Posted by endar on September 14, 2010 at 9:41 am
Mksd sya 1 Syawal 1431 H
Posted by Yusuf KS on September 15, 2010 at 1:03 am
@ hrx : you’re welcome
@ endar : wa `alaikumussalam warahmatullah.
Selamat Idul Fithri 1431 H juga, taqabbalallahu minna wa minkum.
Berikut ini jawaban yang dapat saya berikan dari pertanyaan Anda :
1. Aplikasi yang tidak bisa dijalankan kembali kemungkinan besar karena aplikasi tsb sudah rusak karena sebelumnya telah terinfeksi virus sality. Jika software anti virus atau aplikasi pembersih virus yang Anda pakai tidak dapat clean aplikasi tsb, maka hapus saja semua aplikasi yang tidak dapat berjalan lagi. Jika tidak bisa dihapus via uninstall/add remove , maka hapus langsung di lokasi aplikasi tsb (C:\Program Files\NamaAplikasi).
Setelah menghapus, install ulang aplikasi tsb. Jika tetap tidak dapat menghapus atau tidak mau menghapus manual, maka tidak apa-apa install ulang aplikasi tsb, karena file baru akan mengganti/menimpa file yang lama.
Jika sudah install ulang tapi aplikasi tsb tetap tidak dapat berjalan normal atau saat proses install ulang aplikasi tsb selalu gagal, maka coba install ulang aplikasi tsb versi yang lebih baru (download versi terbaru dari web resmi aplikasi tsb).
2. Pada bagian O, link pertama memang sudah ga bisa diakses lagi, tapi link kedua (http://support.kaspersky.com/downloads/utils/sality_regkeys.zip) masih bisa diakses. Silakan download file tsb via link kedua.
Setelah download, buka file tsb.
Yusuf KS.
Posted by omucu on September 24, 2010 at 6:51 am
i can not turn of system restore, it says “disabled by group policy” and i can not download Norman Malware Cleaner, it doesn’t open the site… I run the symantec sality remover, it works, but it doesn’t solve the problem.
Posted by carolina on November 10, 2010 at 9:02 pm
norman malware kan gak mau dibuka saat komp kena sality………..
system restore uda di off……..
gimana?
help me…………..
trus gimana kalo delete manual 6 dll sality di atas di system 32….??apakah nama dll sality selalu itu2……….
help email gw…please……..
Posted by Yusuf KS on November 13, 2010 at 3:33 am
@ omucu :
I sent the answer via e-mail.
@ carolina (hendra) :
ada beberapa kemungkinan kenapa norman malware tidak mau terbuka :
1. file norman malware belum selesai terunduh 100%
2. file norman malware sudah selesai terunduh 100%, tapi segera terinfeksi sality saat menjalankannya
solusi nomor 1 adalah unduh ulang sampai selesai 100%
beberapa solusi nomor 2 adalah (silakan pilih) :
a. tips dari gigs : rename file exe yang sudah diunduh menjadi file bat (misal : norman.exe menjadi norman.bat), lalu jalankan norman.bat
b. unduh semua tools dari komputer yang bersih dari virus, lalu simpan file tersebut ke dalam cd (burning/bakar cd). Jalankan semua tools pada komputer yang terinfeksi dengan menggunakan cd hasil burn tersebut.
Lalu tentang yang ini :
maaf, saya belum memahami maksud kalimat Anda tersebut? bisa diperjelas lagi maksud dari kalimat Anda tersebut?
oh ya, maaf juga saya tidak menjawab pertanyaan Anda ini via email.
Yusuf KS.
Posted by Proof on December 26, 2010 at 9:18 pm
I will now follow your steps.. I hope things work for me! I’ll keep u updated, fingers crossed!
Posted by proof on December 27, 2010 at 3:49 am
okay cool, norman caught around 200 sality viruses in both C:\ and D:\ but the symantec application didn’t find anything.
Anyways my antivirus worked again, but there were 2 problems:
1. Update is not working (an error appears).
2. I can scan any file, but I cannot start the antivirus control panel. (I use avira btw).
Do you think that re-installing will solve the problem? Or does that mean that the virus is still there?
Posted by Yusuf KS on December 27, 2010 at 5:28 am
I think it will be better if you re-install your anti virus because maybe some files of your anti virus were being deleted while you’re removing the virus. Uninstall it first, then re-install it. You can install another anti virus such as eset nod32, kaspersky, etc if you want.
Posted by Proof on December 29, 2010 at 2:03 am
Thank you! Everything is working good right now. I installed a fresh copy of avira and it is up to date, I also have MBAM, but I have one last question (I’m sorry if I’m bothering :D)
my questions is i have something running in my task manager called “dllhost.exe” but under SYSTEM, I heard it uploads things from my pc. Is that true? or I should not be worried about this?
Posted by laura on December 31, 2010 at 6:27 am
u are amazing thanks for saving my pc :)))
Posted by Yusuf KS on January 1, 2011 at 12:00 am
@ proof :
dllhost.exe is a Windows DCOM DLL Host Process system file and is used by many programs. This file can be found on C:\WINDOWS\System32\dllhost.exe, so originally it is not a virus/trojan/spyware. But if you find it anywhere else (example :”C:\WINDOWS\System32\FolderName” or “C:\WINDOWS\System” or “C:\Windows” or else) , then you should be wary because it’s very likely a virus/trojan/spyware. Scan your hard disk with your anti virus to make you sure about it, and if you already sure it is a virus then you should delete it.
@ laura :
you’re welcome 🙂 .
Yusuf KS.
Posted by soura on March 6, 2011 at 6:57 pm
klo d install ulang, apa harus semua drive? apa bisa hanya d C: setelah itu lsg d scan lagi virusnya…
Posted by Yusuf KS on March 6, 2011 at 8:06 pm
@soura :
Tidak harus format ulang semua partisi hard disk, bisa saja hanya format ulang partisi sistem operasi (C:) dengan memperhatikan beberapa hal sebagai berikut :
1. Pastikan sumber install sistem operasi adalah cd/dvd yang bebas virus (tentu kalau sudah punya yang legal sudah bisa dipastikan bebas virus).
2. Setelah format C dan install ulang Windows, jangan buka beberapa ekstensi file (seperti ekstensi exe) dari partisi HD lain (D, E, dll) sebelum partisi HD tersebut di-scan dengan anti virus versi terbaru. (Hal ini penting diberitahu karena ada sebagian orang yang setelah install ulang, dia akan segera install software lain dari partisi HD yang lain padahal partisi tsb belum di-scan dengan antivirus).
Walau saya mengatakan tidak harus format ulang semua partisi hard disk, saya tetap menyarankan untuk format semua partisi HD (karena hal ini lebih aman) jika Anda ingin format dan install ulang.
Yusuf KS.
Posted by nyanyut on March 12, 2011 at 7:51 pm
thx for sharring
its all WORK 100% nice info gan 😀
but about symantec w32 link,can be download but in Windows Vista,its not worked
Posted by nyanyut on March 12, 2011 at 7:53 pm
waduh orang indonesia toh,kirain orang luar sampe cape2 buka kamus ahahhaha salam kenal 😀
yg symantec w32 nya bisa di download,tp ga bisa di Run di vista
gmn yah gan
o iya btw,ada serial number Norman virus control 2011 ga ya?
thx loh
Posted by kenneth on March 28, 2011 at 1:52 pm
ok tnx.. i will try it carefully
Posted by kenneth on March 28, 2011 at 10:19 pm
cannot install the norman please help me..
Posted by Yusuf KS on April 23, 2011 at 10:32 pm
@nyanyut : saya belum pernah coba di Vista, tapi saya sudah coba di 7, dan itu masih bisa dijalankan di 7. Secara teori, Symantec Win32.Sality.AE Removal Tool seharusnya bisa dijalankan di Vista. Apakah ada pesan kesalahan saat menjalankannya? Atau coba download ulang lagi, lalu coba jalankan kembali 🙂
@kenneth : you don’t need install the norman, you just should download it, and then run it, no install required. If it not works, please redownload it and the run it again (coz maybe the first download file was not successfully downloaded).
p.s. Sorry for the late response, I was busy with some activities so that I didn’t have enough time to check my blog.
Posted by SalityVirus on June 16, 2011 at 3:34 pm
Hi every1,
My server is affected with Win32.Sality.ae virus. My server has Server 2003 OS. I scanned the server C:\ folder from my PC.I cannot see anything in the monitor. The virus is in \\192.168.0.1\c\Program Files\Dell\OpenManage\Array Manager\DispMsg.exe. Pleasee help me..I cannot remote log in too…What will i do
Posted by Yusuf KS on June 20, 2011 at 10:39 pm
@up / christa :
Sorry, I don’t fully get it. Can you describe your problem in more detail?
Did you follow “how to remove sality” steps on my article? If not, please do it first, and then report the result here.
Posted by Darksin on July 16, 2011 at 9:07 am
uhh, i need to ask something, i rlly want to do those steps, but i can’t download the norman antivirus, and the symantec, so any suggestion of how i do it?
Posted by cradonale on October 20, 2011 at 4:12 pm
the links are dead
Posted by Yusuf KS on October 21, 2011 at 10:07 am
@cradonale :
no, they aren’t. These links still work :
1. Norman :
Download 2 :
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
2. Symantec Win32.Sality.AE Removal Tool
Mirror Download 3:
http://www.filesonic.com/file/1731771/FixSalityAE.rar
(If you click the link and you can’t download it, then just copy the URL and paste it on your browser address bar).
repair safe mode, you can download the registry file to fix it :
http://support.kaspersky.com/downloads/utils/sality_regkeys.zip
Posted by dennis on January 30, 2012 at 4:53 am
how can i retrieve my files in my external hard drive bcoz of that sality virus all my files is not appearing whenever i plug my external hard drive but when im scanning my external hd of my anti virus ESET all my files is still there… help me please…
Posted by Yusuf KS on February 1, 2012 at 8:06 am
I already answered that via email. Check it out.
Posted by pingi on May 23, 2012 at 3:42 pm
sma gak caranya di notebook aspire one?
Posted by Anonymous Vpn on November 30, 2012 at 1:50 pm
Thank you a lot for sharing this with all of us you actually realize what you are speaking approximately!
Posted by durable power of attorney form california free on October 18, 2017 at 8:07 am
change download location samsung galaxy s3
How to remove sality virus | COLORS OF JOHOHOHO…!!!
Posted by MeiHeslisse on October 21, 2017 at 9:15 am
Wow, great forum.Much thanks again. http://513lvu51.tumblr.com/ – Crayne
Posted by pc security on November 25, 2017 at 4:23 am
Definitely believe that that you said. Your favorite reason seemed to be at the internet the simplest factor to remember of.
I say to you, I definitely get annoyed while folks think about issues that they just do
not recognise about. You managed to hit the nail upon the highest and
outlined out the entire thing with no need side-effects ,
folks could take a signal. Will likely be back to get more.
Thank you
Posted by baccarat dan sicbo Online Terpercaya on December 22, 2017 at 1:02 am
I believe everything posted was very reasonable. However, what
about this? what if you were to create a killer headline?
I mean, I don’t wish to tell you how to run your website,
however suppose you added a title that grabbed people’s attention? I mean How to remove sality virus | COLORS OF
JOHOHOHO…!!! is kinda boring. You might glance at Yahoo’s
front page and watch how they create news titles
to get people interested. You might add a video or a related pic or
two to get people excited about everything’ve written. Just my opinion,
it could make your website a little livelier.
Posted by twilapl3 on January 7, 2018 at 2:17 am
Novel programme
http://arab.sexy.girls.twiclub.in/?post-athena
miniatures bhikha fact intellectual totally