I have some simple steps to disinfect this. Just read down below 
Seems like this virus has attacked so many people around me right now. I’ve took an attack too last few days, and I got hit rather hard by it. This virus attacked .exe files by adding some more size and making stupid antiviruses think that it is a virus. So if your antivirus is bad, it might just delete the files and ka-boom! your windows will be crashed… And if you’ve got attacked by that virus and you want to install an antivirus to prevent that, the .exe files of the antivirus will be infected too. That way, these stupid antiviruses will close it’s own program. So basically you can’t install antiviruses. I searched the internet, but there isn’t any simple moves to get rid of that in there.
So last night me and my friend tried something simple and it worked! The virus couldn’t be taken out entirely but it became harmless. And future antiviruses could remove it completely.
Here’s the steps:
1. Take your infected hard drive out of your PC.
2. Go to someone who have the latest updated Kaspersky antivirus (AVG won’t work, and i haven’t try the others…)
3. Put your hard drive to his/her PC
4. Run his/her windows.
5. Scan your hard drive using his/her Kaspersky antivirus. You’ll find out that most of your .exe files have been infected.
6. Disinfect all of them
7. You will find that some files in your system32 couldn’t be disinfected. this is the core of the virus. get rid of them.
8. You will find that a file couldn’t be deleted. this is the main problem. i haven’t find out how to delete this. Just leave it alone
9. Copy the installer of the kaspersky from his/her computer.
10. Run your windows, install the kaspersky and update it to the latest version
11. VOILA!! your PC is safe now.
After this, the main virus will try to infect files again but it will be blocked by kaspersky. Ignore it now. I myself couldn’t do anything about the main virus. But it is harmless as kaspersky will block it’s movement. As far as i know, no antiviruses could kill the main virus. But if you know something, please tell me. Sorry if the information is outdated or worthless. I couldn’t find something this simple in the net. I just thought that some people would want to know this…
That’s all……
Hm, an alternative to Kaspersky would be to use AVG’s Sality virus removal tool. It’s available at http://free.grisoft.com/doc/29223/us/frt/0/ndi/67769.
I’m telling this because I know using Kaspersky can be a pain in the neck, with those blacklisted licenses and all.
As of the undeletable file, have you tried using ‘Safe Mode’ or ‘Safe Mode with Command Prompt’?
i’m a Computer Programmer ..i have simple ways to disinfect any kind of viruses …without damaging/deleting your important files ..just txt me in my # 09284595371 if you need my help…
Hm, an alternative to Kaspersky would be to use AVG’s Sality virus removal tool. It’s available at http://free.grisoft.com/doc/29223/us/frt/0/ndi/67769.
I’m telling this because I know using Kaspersky can be a pain in the neck, with those blacklisted licenses and all.
As for the undeletable file, have you tried using ‘Safe Mode’ or ‘Safe Mode with Command Prompt’?
hallo dear i ma ashwin from india i have a problum how to remove win32 sality from my pc manually & my all softwear & all exe are infected so what can i do i run any exe so he infected plz help me………..
my email is
omcomputer.jodhpur@gmail.com
i wait yr mail
i’m a Computer Programmer ..i have simple ways to disinfect any kind of viruses …without damaging/deleting your important files ..just txt me in my # 09284595371 if you need my help…
Hm, an alternative to Kaspersky would be to use AVG’s Sality virus removal tool. It’s available at http://free.grisoft.com/doc/29223/us/frt/0/ndi/67769.
I’m telling this because I know using Kaspersky can be a pain in the neck, with those blacklisted licenses and all.
As for the undeletable file, have you tried logging on to Windows using ‘Safe Mode’ or ‘Safe Mode with Command Prompt,’ and deleting the files from there? I thought this might work..
Yeah, I tried this AVG Sality removal tool but to no avail, nevr detectd da virus!
Still looking for somthing that works
great
more info. thanks eru
btw you don’t really need to post 3 posts, mate
Hm, I wanted to delete the first two but there isn’t such an option.. You can delete them if you like.
Eru – AVG’s Sality removal tool doesn’t work. Once you reboot, the infected files are back.
McAfee was effective for me.
Hmmm. I used kaspersky and it is great. with the latest updates, everything’s back to normal now.
the main virus is gone too.
I used AVIRA..
Slaved My System to another Having AVIRA of which I lost a lot of exe even System exe files then reloaded my Hard drive Which came on with a very few of My executable files present, I had To reinstall ‘em all.. But good thing is dat It didnt attack “My Documents”…
C
Cheers y’all
I’ve got the win32.sality detected by Avast! but this software couldn’t repair the infected files, and only gave delete and move to chest options.
AVG’s Sality virus removal tool that Eru said above even pass detected the infected files.
Until i tried to use the BitDefender 2009, all infected files with win32.sality can be detected, disinfected, or removed without caused any damaged to the files.
that’s for PC, how about for server n using 8 HDD Raid..
hmmm,,, that’s a good question. i haven’t tried that. maybe someone could help?
This virus (actually it’s a Sality.C) infected my server that has to run 24/7. Your first step is ‘take the hard drive out’. I can’t do that.
Do you have other alternatives?
This Sality.C disabled my Regedit, but now I am able to enable it again. But i didn’t see any entry in \CurrentVersion\Run … Strange.
How did you enable regedit?can you help me?I also have same problem as yours..my antivirus is not working because of this w32/sality and I purchased an original one with lisence but when i try to open my kaspersky anti virus it is not running…
hmmm,,, why can’t you take your hard-drive out?
well if you have a magnificent internet connection, just scan it online from bitdefender, kaspersky, or something else,,
it’s so long time ago since this virus broke out. i think every antivirus corporation had found the cure…
or you might want to try reinstalling windows, although some people in the net said that it’s a futile attempt,,,
ok. thanks bro.
i used avira personal edition the free version i deleted the files but my pc seems to be working fine
i will see i’ll scan again my system wont crash rite coz i deleted alll the files it prompted
terong-belanda, I have the same problem with being locked out of the registry. Can you please tell me how you were able to run regedit again. My task manager is also grayed out.
Thanks in advance, I’m pulling my hair out.
Hi, nice article. Well I guess you may use Windows PE (Pre-Installed Environment) or widely known as Windows Live CD/DVD. You can make it by urself in case no one accept your infected HDD using Bart PE. The other option is using Linux Live CD such as Knoppix or other Live CD Linux with antivirus. Hope this will help. Visit my blog : http://fandigunawan.wordpress.com
Unfortunetely, i read ur blog now. I’ve scanned my PC with PCMAV 19.1.
It detected and cured the infecteded file .exe but KABOOOM (Tm), almost all program stop run. So,conclusion is PCMAV ain’t that good one.
told you all,, best solution is bit defender or kaspersky
A couple of solutions i believ might work for u all.. For the undeleted main virus file, jus note the location of virus when detected n locate it, rename it n shift-delete.. N To get task manager n registry re enabled install soft like winxp manager.. Betr option would be formatting a partition, reinstalling yr os n first install updated avast n schedule boot time scan n delete all infected files rightaway.. DO NOT INSTALL OR EXECUTE ANY EXE IN YOUR COMP BEFORE THIS SCAN!
Please tell me , can the infrected files be retrieved??? My system has got infected with sality virus .. all folders has become 68kb size… i had AVG which dint dectect….ill try wit bit defender..
yes it can be retrieved. with kaspersky, you’ll get a “disinfect” option. just click it and kaspersky won’t kill the infected files, it will only clean the files
I still dont trust antivirus. Even Kaspersky or any others. Read this link (in Indonesian) : http://fandigunawan.wordpress.com/2007/12/09/5-alasan-untuk-tidak-sepenuh-hati-percaya-antivirus/
last night my system was affected – by win32/sality y, and a number of other creatures like autoit (some thng like that). i tried a lot to rescue it. desktop will appear. but nothing further. i had avira personal, avg free, and avast , and all were up to date. when i tried to repair windows, another installation occured in g: drive. i boot to that installation and from programme files of my first installation run avira. it was success. it detected a huge number of viruses from system volume information folders of every drive. then i shut down and boot to my first installation. wow it was ok. i ru system scan using all of my anti vir friends, ya one by one. then reg tweeked using abexo and eusing reg cleaners (both are freeware). now it system is ok but just downloaded avg sality remover and running. let us see what will be the result
Well my pc also have been infected by Sality. My procedure :
1. If you dont know the virus name (since I dont use antivirus on my PC), copy one sample, zip it and send the sample to online antivirus scanner
2. Get the virus name and find for cure
3. If cure is not exist then download antivirus which can be made postable e.g. clam win, avira. Cure is tool used to repair infected files (not to delete them)
4. Put all of your weapons on Flash disk
5. Boot your pc using other clean OS (other PC’s or in my case I used my windows live CD)
6. Plug your flashdisk (cantaining cure/antivirus) and run the weapon
7. Clean the virus/repair infected files
8. Reboot and you get your PC clean
9. In case your windows critical files infected -> reinstall your pc
For further informations : how to prevent virus infection without using antivirus :
For your PC (general rules)
http://fandigunawan.wordpress.com/2009/02/15/mencegah-infeksi-virus-tanpa-antivirus-jilid-2/
http://fandigunawan.wordpress.com/2007/11/29/artikel-mencegah-virus-tanpa-anti-virus-untuk-win-xp-win2k-win2k3-update-1/
what do i do for win32 sality i m a win98 user latest kaspersky doesnt work and older versions keys are not available i m using avg
i had the same virus use NORTON INTERNET SECURITY 2009 & change its all settings to high. worked perfectly for me
1- for server with RAID run server in safe mode
2- the kill Sality infected process using Kaspersky tool named Sality_off from here
http://support.kaspersky.com/downloads/utils/sality_off.rar
(don’t reboot after finishing)
3- Download Sophos tool SAV32CLI from the link
http://www.sophos.com/tools/sav32sfx.exe
(don’t reboot after finishing)
4- Disinfect most of the EXE files by running in the safe mode & from DOS command run SAV32CLI -DI -p=c:\disinefct.txt
(don’t reboot after finishing)
5- Delete the remaining EXE that can’t be disinfected by running from DOS command run SAV32CLI -remove -p=c:\remove.txt
6- check deleted EXE from the c:\remove.txt to be replaced
7- download the file Sality_RegKeys.zip from the link http://support.kaspersky.com/downloads/utils/sality_regkeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg
for Windows 2003 run the registry file SafeBootWinServer2003.reg
Click Yes to confirm adding the information to the registry
if you get error message try importing these keys using regedit
8- restart the server in normal mode
9- repeat steps 1 to 4 making sure that final report showing 0 infection
9- install any antivirus for server best for Sality is Kaspersky because it is capable of disinfecting EXEs
10- you can use other tools like Malwarebytes Anti-Malware
11- search & download tool like Kaspersky AVZ4, it is not easy to use but it can find & fix some more problems.
Excellent !!!!!!!!!
hi friend hony here. i had a laptop which not working properly its function like task manger,regedit disable by virus. i formated c drive and installed symentec.task manger, regedit working properly. after that i opened d drive where back up data. few minutes after task ,regedit disable. then i backed up all data on other pc and formated all drive (c,d) anti virus installed.on other pc i scanned all data (back up).i transferd my data on my laptop.worked only 4 hours .again same problem occured. what should i do ?.other pc (where i taken back up)working properly.
i am very nervous and confuse. data very important for me . please guide me
delhihony@gmail.com
I got my laptop from my bro infected with the Win32 Sality virus which has trojan characteristics. The avast installed on it could not clean out the virus; this is what I did:
I removed completely the avast as it was already infected actually after boot up it was completely disabled together with Regedit and task manager.
I downloaded the latest Avast Home edition from http://www.avast.com/eng/avast_4_home.html and then from the same website get the latest updates.
I installed the anti virus and scheduled a boot up scan, when the virus is detected just press 1 to delete the files.
When the system boots up update the anti virus and you are free to perform a complete virus scan. Delete any .EXE or .COM apps that you think may be infected.
To have your Regedit and Task managers working back as normal you’ll need to restrict anything tweaking it, so go to:
Start->Run and type Gpedit.msc Navigate to User Configuration -> Administrative Templates -> System -> Ctrl+Alt+Del Options on your right ensure that Remove Task Manager option is set to “Disable”
Repeat for Regedit and ensure that Prevent Access to Registry Editing Tools is set to “Disable” under Systems close the window after making the changes restart your PC and you are free again. Just watch out for the virus though.
regards
James Muriithi
Hey guys i need help. M stuck like anything from past 1 month. One day i had got my friends pen drive which was infected with some kinda virus. I never use antivirus programs. I inserted the pen drive & as soon as it opened i saw a virus folder named “New Folder.” I got scared & i removed the pen drive & rebooted my system. After that it would never start. After the welcome screen it use to get restart. I took backup of my data from Safe Mode in d: & e: drives. I reinstalled windows. Initially it looked fine but after 1st reboot the welcome screen changed & it became to the classic screen automatically & was askin for password which was never set. I just pressed enter & it got logged in. When i went to My computer & double clicked d:, my pc got rebooted automatically. And since then everyday i get new probs. Some time my explorer.exe doesnt works. I need to start manually from tak manager, all my softwares gets corrupt. They give errors like “not a valid win32 app.” My net works finr for some time & then it goes down. I need to restart pc bec it afftects network connections as well. I tried removing my HDD & took it to a friends place & even his pc is giving the same probs now. Guys pls help as i have very imp. data in it. And need that data. Pls help how do i save my data. Thanks.
i just formatted. n am a happy guy
this works! give it a shot.
http://www.softpedia.com/progDownload/Win32-Sality-Remover-Download-105925.html
and if u need 2 boot into a non windows environment to clean yur sysrem, try
http://www.freedrweb.com/livecd/
both r free and quite effective,solved my sality woes
cheerz!
hi ,
My friend got her pc over as her pc was infected by the following files khatra.exe and xplorer.exe. This virus tends to replicate itself all over your computer and creates executables in the form of folders similar to the ones on your drive only difference is that the folder is an application file or an executable file . It’s a smart virus, starts by disabling your Regedit, msconfig and in some cases control panel as well as your folder options. After searching through several blogs and forums from which i couldn’t get much information as how to re-enable msconfig and regedit even after using an application called RRt.exe. Keep in mind the following things and it should clean your system out. The file always gets loaded into your startup because you don’t have access to msconfig to disable it in the start up.
Don’t's
1. Do not connect any thumb drive as you will just spread it on other storage media of yours.
2. When you burn a CD or DVD the file automatically copies its self on the disc and the virus just spreads
3. Tries to hack your outlook and attach itself to your mails.
Clean-up Process
1.After several hit and trials of trying to install Avast (which i googled and apparently does the job), the virus just wouldn’t allow me to install it and kept killing the setup process. The avast professional has a 60 trial, i suggest you use that.
2. I tried to get into safe mode and the virus managed to find its way in there as well and would kill the setup before i could install.
3. finally i burnt a cd from my friends computer(which wasn’t infected of course) of the setup of avast.
4. when you computer boots press F8 and instead of selecting “Safe Mode”, select “Safe Mode with command prompt”. I was surprised to find that the virus didn’t load into the startup.
5. You will have your command prompt. You can type regedit or msconfig in the command line to get them on. Or even press Alt+ ctrl+ del and start a new task to get them going
6.anyway you don’t need to get into regedit or msconfig, just insert the CD with the setup of avast. Incase you not familiar with dos commands to access the cd drive and run the setup.exe of avast you can press alt+ctrl+delete from file select new task and browse to you CD drive and select the Avast setup from there.
7. After installing it will ask you if you want to schedule a boot up on start up. Select yes. Restart your computer
8. it will detect the virus and start removing it on boot. Select yes to all when it prompts you as the virus scan is happening.
* it found 2388 infected files on my friends pc.
Let me know if this helps
guys at present kaspersky is the best antivirus ! so when u infected by a virus, get it ! it will work fine as trial , after the trial is over, uninstall it via Cleanse uninstaller to delete all registry, then use another trial or keep searchin for new keys !!!
Here is yet another step by step solution,for non server
environments.(i.e you cann’t reset you system):
http://setrst.blogspot.com/2009/09/win32sality-cleaningremovingdisinfectin.html
rename that file you can not delete by adding .old to it. you can delete it then. been there done that_yuk
Hi, just want to let you know that it is being detected as virus because it is a virus, amazingly this virus somehow can make other executable files do something like disabling taskmanager and disabling the showing of hidden files, and it does it without making the executable corrupted
My solution using mini xp (live cd) and usb flash disk :
http://setrst.blogspot.com/2009/09/win32sality-cleaningremovingdisinfectin.html#more
P.S. Thanks to RZayan for links.
use avast bart cd
its superb bootable cd it’ll delete all viruses or infected files 4 sure
same prob i had solv few week back on my frds pc
so teling u use avast bart cd
like wise many bootable antivirus cds available
its called rescue cd
how i can scan the hard if i replaced it
stubidddddddddddddddd
Thank you! I have been searching for this info all day now. My pc is not running like used to and I need to figure out how to fix it quickly. I have bookmarked your post so others can find it too on delicious.
I got badly infected with win32:sality on my two partitions having windows 98 and windows XP. It was an old PC. I took backup, installed a fresh copy of XP and installed Avast Home Edition. It gave me an option of “boot scan” which detected 169 infection of mainly win32:sality on my backup data. Chose to delete all the exes it had infected. I got it from a thumbdrive so I am going to disable autorun for USB now. I think I am pretty okay now will give an update if still infected.
yeah stubido
Use a Ubuntu live cd to delete the files that the antivirus could not delete
Hi guys. Once I had the same virus infection. Its the worst virus I’ve ever seen. But I found a cure for it. If you want to remove this virus permanently then use Kaspersky Rescue Disc. It is a rescue cd provided by Kaspersky and it free and 100% removes all viruses. All you have to do is -
1. Download and burn the disc.
2. Boot from disc an update the virus database.
3. Run scan w/ High settings and set virus action to DELETE.
4. After you have completed the scan you are free again from Winsality 32 or any other virus(es).
Things to remember :-
–> As this virus scan is run in memory via cd, there is no chance that your virus scanner will get infected.
–> Also, as this scan is run from disc, the virus scanner WILL DELETE ALL YOUR .EXE FILES AS WELL AS YOUR WINDOWS FILES. So you will have to format your windows partion again after the scan.
–> This is the most effective cure I’ve found till today. If you have any other please mail me @ ajinkyakarnik_21@yahoo.in
Thanks for all the info. Have not seen it yet but hoping I won’t either.
San Antonio Computer Repair
JUZT FORMAT YOUR HARDDRIVE AND INSTALL THE WINDOWS AGAIN………….. RESULT GOOD AS NEW…. HAHAHAHAHA
[...] method I came across through Sastrowijoyo’s blog article. I am just posting it here for easy reference. 1. Take your infected hard drive out of [...]
hi there
my computer is got infected, and thankfully i got kaspersky in my computer as well as microsoft security essestials (mse).
the problem is when i run full scan for both, kaspersky did not detect anything but mse detects it each time. is it something of a false alarm or the main virus not removed from my computer?
your assistance is highly appreciated. thank you in advance.
Hi rohafizan, you’re infected by the sality virus?
Maybe you need to update your kaspersky. Is it already using the latest database?
hi
i already updated with the latest definition and scan them… when kaspersky scan the system, it was deemed as clean.
but when microsoft security essential scan the system instead, keep triggering the alarm when scanning. i have downlowad many sality cleaner and all deemed my computer clean. only microsoft security essential did not.
wand it makes me wonder whether it is just a false alarm.
Iobit Security 360 is a nice antivirus helping tool…
It has HiJack scan and an option to delete a file.
Go in the tools tab of the program and find Unlock & Delete
It’ll prompt you to insert the file path[you know what that is]
Warning: If it prompts you to close explorer.exe, you are risking alot, because i had a theme installed and background and it deleted them. I don’t know what else got deleted
Hope it helps
mail me if it helps
I’ll just format for the 3rd time….
Argh, how I hate my life…………..
Avast is best to remove win32.sality, just install new windows xp on a free forrmated partition then install avast from dvd and don’t run any .exe files in computer bcuz it infect every single exe on your pc after scan delete all infected files then use scan boot before in avast and reboot during scan delete all infected files then in windows run avast gain to make sure your pc is safe from viruses. its done.
Win32.Sality is very bad virus infect all .exe files on pc and download files from internet and save it on your pc, install keylogger and disable windows security through registery enteries , disable all firewalls. its just f**k your PC. A genius made this virus
I also heard gfi vipre is best anti virus of 2011, also try it.
Thanks
i have a solution on this problem… just run this sality killer to cure all the files that are infected…. no need to format your hard disk… hope this will help…
http://www.mediafire.com/?s1z42c2bosdjkcf
i will try this one. hope it can remove all this virus… i can’t afford to loose all my files
actually many sality variant widespread in the world
but most recent popular antiviruses have ability to clean it anyway
yesterday one of my files in FlashDisk strucked by it but avira 2012 cleaned it
hehehhe
are you still use Windows OS? because i have ever heard windows OS is not popular anymore in many modern countries, Mac OS instead
but what can i say, the Mac OS creator died ,
so i think the Mac OS progress wouldn’t be much great when the creator alive hehe
actually many sality variant widespread in the world
but most recent popular antiviruses have ability to clean it anyway
yesterday one of my files in FlashDisk strucked by it but avira 2012 cleaned it
hehehhe
are you still use Windows OS? because i have ever heard windows OS is not popular anymore in many modern countries, Mac OS instead
but what can i say, the Mac OS creator died ,
so i think the Mac OS progress wouldn’t be much great when the creator alive hehe
Henry,
Mac OS still has along way before it can replace Windows especially now that Windows 8 can be used both on a tablet and traditional PCs, you can test the OS out by downloading it from Microsoft.
The is no need to fear the Watcher in the woods the woods are more scary.
how about the .exe files?
I’m using avast n the infected files (.exe files) were moved to chest. can it be cured?
or must be deleted?
This is so outstanding. I felt inspired by reading it!
I think this place will become my latest bookmarked site!
Yes! Finally something about free google redirect virus removal 2011.
We’re a group of volunteers and opening a new scheme in our community. Your site provided us with valuable info to work on. You’ve done
a formidable job and our entire community will be thankful to
you.
I use the latest Avast free edition, it has the option “Repair”, but still unable to clean the infected exe files
I’ll right away take hold of your rss feed as I can not find your e-mail subscription hyperlink or e-newsletter service. Do you have any? Please allow me understand so that I may just subscribe. Thanks.
What i don’t realize is if truth be told how you are not actually a lot more neatly-preferred than you may be now. You’re so intelligent.
You already know thus significantly in terms of this topic, produced me in my opinion imagine it from a lot of
numerous angles. Its like men and women don’t seem to be interested unless it’s one thing
to do with Woman gaga! Your personal stuffs great. Always handle it up!
i delete the original setup of game from where it all started
its not working
Hi. I accidentally downloaded Personal Antivirus and now it keeps popping up. But it doesn’t on other users accounts. If I delete my user account will it be gone? Is there a way to remove it without downloading anything? If there is please leave step by step directions.
Thank you all help is greatly appreciated.