The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab’s product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab’s product cannot be installed by regular means. Kaspersky Lab’s experts also recommend using Rescue Disk to disinfect an infected computer. The Sality_Off.exe utility given in this article allows detecting and disinfecting only the following Sality modifications:
- Virus.Win32.Sality.y
- Virus.Win32.Sality.z
- Virus.Win32.Sality.aa
In order to disinfect a computer from Virus.Win32.Sality (y/z/aa), do the following:
If infected computers are in the local network under domain control:
Step 1. Preparation to disinfection:
- Download the file Sality_off.rar
- Unpack the file Sality_off.rar
- Run the file Sality_off.exe with the key -m on each computer in turn (for example, through Kaspersky Administration Kit, or the server group policy).
- on all computers on which the domain administrator can register and work
While disinfecting this group of the computers do not log on under domain administrator on any other computers to prevent further spread of the infection in the network.
- on all other computers
Do not stop or terminate work of the utility until all computers in the network have been disinfected.
Step 2. Algorithm of computer disinfection.
Computers on which you log on under a domain administrator rights should be disinfected first. Once these computers are disinfected, start disinfecting other computers in the network.
- Run the utility sality_off.exe on the infected computers once again (no additional commands to run the utility are needed).
- Make sure the anti-virus icon in the tray has turned red thus indicating the anti-virus software is fully functional. If otherwise, reinstall the anti-virus via Kaspersky Administration Kit.
- Update the anti-virus databases (signature threats) for the Kaspersky Lab’s product installed on your PC. If you cannot download the updates from the Internet, update from the zip-archives.
- how to update Kaspersky Lab’s products version 5.0 from the zip archives.
- how to update Kaspersky Lab’s products version 6.0 from the zip archives
- how to update Kaspersky Lab’s products version 7.0 from the zip archives
- set the full scan options to their maximum scan level
- run full computer scan
Step 3. Signs of a disinfected/ clean computer
- when restarted, the utility sality_off.exe –m does not detect any signs of infection (the line "infected thread terminated" is missing)
- Kaspersky Anti-Virus is running and works in normal mode
- full computer scan does not detect infected objects on the computer
Step 4. Cleaning the registry of infected computers in the domain network:
- download the file Sality_RegKeys.zip
- unpack the file Sality_RegKeys.zip
- run the file Disable_autorun.reg from the archive Sality_RegKeys.zip
- Click Yes to confirm adding the information to the registry
- once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:
- under Windows 2000 run the registry file SafeBootWin200.reg
- under Windows XP run the registry file SafeBootWinXP.reg
- under Windows 2003 run the registry file SafeBootWinServer2003.reg
- under Windows Vista run the registry file SafebootVista.reg
If infected computer are not in the network
- Disable the technologies iSwift and iChecker, if one of the following products is installed and running on your PC:
- Kaspersky Anti-Virus 7.0
- Kaspersky Internet Security 7.0
- Kaspersky Anti-Virus 6.0
- Kaspersky Internet Security 6.0
- Kaspersky Anti-Virus 6.0 for Windows Workstations
- Kaspersky Anti-Virus 6.0 SOS
- Kaspersky Anti-Virus 6.0 for Windows Servers
- Download and unpack the file Sality_off.rar
- Run the file Sality_off.exe
- Go to Start > All programs > right-click Startup > select Open
- Right-click any place in the Startup folder
- In the menu select New > Shortcut
- In the Create Shortcut window click Browse
- Browse the folder into which the file Sality_off.exe was unpacked
- Highlight the file Sality_off.exe
- Click the OK button
- In the Type a name for this shortcut field add the –m symbols. As a result the name will be following C:\Sality_off.exe -m
- Click Next
- Click OK
- Download the file Sality_RegKeys.zip
- Unpack the file Sality_RegKeys.zip
- Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip
- Click Yes to confirm adding the information to the registry
- Update the anti-virus databases (threat signatures) for the installed Kaspersky Lab’s product. If you cannot download the necessary databases (threat signatures) form the Internet, update the databases from the zip archives:
- how to update Kaspersky Lab’s products version 5.0 from the zip archives
- how to update Kaspersky Lab’s products version 6.0 from the zip archives
- how to update Kaspersky Lab’s products version 7.0 from the zip archives
- set the full scan options to their maximum scan level
- run full computer scan
- once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:
- under Windows 2000 run the registry file SafeBootWin200.reg
- under Windows XP run the registry file SafeBootWinXP.reg
- under Windows 2003 run the registry file SafeBootWinServer2003.reg
- under Windows Vista run the registry file SafebootVista.reg
{ 7 comments... read them below or add one }
lawatilah blog saya juga ye.. kat sini banyak software yang berguna..
Hello! Someone in my Myspace group shared this website with us so I came to take a look.
I'm definitely loving the information. I'm bookmarking and will be tweeting this to my followers!
Wonderful blog and brilliant design.
My web page :: Roland Garros
Fastidious replies in return of this matter with firm arguments and telling all about that.
Here is my web-site maquillage
I don't even know how I ended up here, but I thought this post was great. I don't knoω who you are but defіnitely
you are going to a fаmοuѕ blοggeг
if you are nοt alreаdy ;) Сheers!
Alѕo visit mу blog: disque dur SSD
Have уοu evеr thought abοut аdding a lіttle
bit moгe than ϳust уοur articles?
ӏ mеan, ωhat уοu sаy iѕ valuаble and
eveгything. Hоωеver thіnk оf іf you aԁԁed some great visuals or vіdeο сliρs to give yоuг
posts more, "pop"! Υour content is eхсellent but with pісs anԁ clipѕ, thiѕ
blog coulԁ undenіably be оne of the vеrу bеst in its niche.
Wonderful blοg!
my hоmeρage ... meuble de salle de bain
Hi there, its good article regarding media print,
we all be familiar with media is a impressive source of data.
My website; voyance Gratuite
Having read this I thought it was extremely informative.
I appreciate you finding the time and effort to put this short article together.
I once again find myself spending a lot of time both reading and leaving comments.
But so what, it was still worth it!
Feel free to surf to my web site: voyance
Post a Comment