Question about Computers & Internet

7 Answers

Remove W32.Sality.AE Virus from my win2k server

Dera Sir,
Actually its affecting all exe files and deleting them.Also it is not in windows drive.it is in D drive of the system.Whenever I delete the affected folder and copy it from my old backup,again it is coming back.Its not affeted in registry.
Please give me some solution.
Thanks
Pradeep

Posted by on

  • 6 more comments 
  • ladla Jun 03, 2008

    I tried all these things before only.Full registry i replaced with orginal one.But still its not going.Any one suggest some removal tool for this please?



    Thanks

  • suganthi_p Sep 25, 2008

    yes i too have the same problem could some one tell me the way to clean this

  • SirusVirus Nov 11, 2008

    I have the same problem. There is a PE-Virus that clues with .EXE files, and when you try to run infected program, the virus is starting too....

    P.S. Sorry for bad English, I know, but little...

  • Ahmed Eid Dec 02, 2008

    i have asymantec virus protection and it can't remove this trojan



    i'm just wanna any tool to remove this from my pc



    thanx for ur help

  • Anonymous Jan 21, 2009

    I have the same problem.i have formatted my PC 5-6 times. ESET antivirus can detect the virus but cannot remove the virus.Avast cannt detect the virus.pls tell me solution

  • ravisharma12 Feb 03, 2009

    it is slowing my computer....

  • sun18 Mar 11, 2009

    hi,
    i want to clear all the virus from my pc...especially w32.sality.ae

  • marshallms13 May 20, 2009

    i have sality viruses in my pc.

×

7 Answers

  • Level 1:

    An expert who has achieved level 1.

    Corporal:

    An expert that has over 10 points.

    Mayor:

    An expert whose answer got voted for 2 times.

  • Contributor
  • 1 Answer

Remove W32.Sality.AE Virus

Posted on Sep 11, 2008

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Expert
  • 118 Answers

I found a software can remove sality here the download link.
for common viruses problem sality like virus you can find the way here

Posted on Mar 26, 2009

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    Hot-Shot:

    An expert who has answered 20 questions.

    Corporal:

    An expert that has over 10 points.

    Mayor:

    An expert whose answer got voted for 2 times.

  • Expert
  • 55 Answers

W32/Sality.ae is a parasitic virus that infects Win32 PE executable files.
Upon execution, it drops the following files into the Windows system directory:

  • %Windir%\System32\Hdaudprop.dll
  • %Windir%\System32\Hdaudpropres.dll
  • %Windir%\System32\Hdaudpropshortcut.exe
  • %Windir%\System32\drivers\Hdaudbus.sys
  • %Windir%\System32\drivers\Hdaudio.sys
  • %Windir%\System32\drivers\portcls.sys
Creates the following registry keys:
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WMI_MFC_TPSHOCKER_80
  • HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\IPFILTERDRIVER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
Downloads further malware from the following domains:
  • bpowqbvcfds677.info
  • aapowqbvcfds677.info
  • abpowqbvcfds677.info
  • d98dc9.bpowqbvcfds677.info
  • bmakemegood24.com
  • d99395.bmakemegood24.com
  • bbeakemegood24.com
  • bperfectchoice1.com
  • d998b6.bperfectchoice1.com
  • cbparfectchoice1.com
  • cbpbrfectchoice1.com
  • bcash-ddt.net
  • d9aab7.bcash-ddt.net
  • pzrk.ru
  • dbcabh-ddt.net
  • bddr-cash.net
  • ebddrbcash.net
It modifies the following registry entries:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Setting\"GlobalUserOffline" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"

The virus also deletes entries in the following registry subkeys:
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

So my dear friend the easiest way to tackle this virus is to Remove above mention Virus Entry Doors from registry and Delete those .DLL files from system.

Posted on Jun 03, 2008

  • Sarvesh Sonawane Jun 03, 2008

    Hi Please note Registry is not only place where that virus resides.

    I mean there might be virus running in the background.



    Anyways try to install the NOD 32 antivirus from www.nod32.com

    It is one of the best antivirus product i have ever seen in past 5 years.

    From here you will get 30 days free trial

×

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

How to remove the sality virus in my pc

Posted on Jul 23, 2009

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

We have same problem our w2k server. we downloaded http://download.bitdefender.com/rescue_cd/ bit defender cd and scaned our server it has founded 170 viruses and cleaned. reopened server and installed nod32 and updated it. Nod32 founded 140 viruses after those we downloaded registry workshop and cleaned some registry data that included DisableRegistryTools and DisableTaskMgr and I suggest to check that surun told

Posted on Dec 14, 2008

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 2 Answers

Try to download xoftspySE. then start cleaning..... i try that... it working

Posted on Jan 28, 2009

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

Sality virus is very hard to remove it will infect your all runnning exe.. even you run a bunch of anti virus it will remove sum of virus sooner or later it will re infect you again..best solution is re format your pc.... but before you reformat your pc you have to turn off your system restore..cause formatting pc cannot format system restore file.. hope this help

Posted on Jan 09, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Remove w32/sality


Infected files can be healed by using of Win32/Sality removal tool. Download the following three files ( rmsality.exe, rmsality.nt, rmsality.dos) and run the rmsality.exe file. 1)rmsality.exe 2)rmsality.nt 3)rmsality.dos
Note:
Successful running of the remover requires administrator rights. After the healing process please run the antivirus to make sure your computer is virus-free.
good luck!

Jun 23, 2010 | Microsoft Windows XP Professional SP2

1 Answer

How to remove w32.sality.ae from vista os system


Find and remove this file from here.[%SYSTEM%]\wmimgr32.dll
Even easier download this removal tool. http://www.securitystronghold.com/gates/link/40/2/?url=http%3A%2F%2Fwww.securitystronghold.com%2Fgates%2Fdownload%2FWin-32.Sality-Removal-Tool.exe

Jan 28, 2010 | Microsoft Windows? Vista Home Basic...

1 Answer

Removing csrcs.exe virus


What you are referring to is probably the W32.Harakit virus. You can find removal instructions here:
http://www.symantec.com/security_response/writeup.jsp?docid=2008-102011-5014-99&tabid=3

Apr 06, 2009 | Microsoft Windows XP Professional

1 Answer

W32 Virus


Kaspersky AntiVirus is Best ....

Download Kaspersky Antivirus and your problem will be solved...

Dec 20, 2008 | Microsoft Windows XP Professional

2 Answers

W32 sality


check these manual steps
http://www.spywareremove.com/removeW32SalityAB.html

Jul 05, 2008 | Computers & Internet

1 Answer

Rundll32.exe


check immediately for any virus (especially w32).your rundll32.exe files in the /windows/system32 is missing or affected.try replacing the same from some other computer.or repair the windows using the CD

May 23, 2008 | Computers & Internet

2 Answers

Funny UST Scandal


hi my friend got that last week to... ehat you need to do is download kaspersky. after running kaspersky. that will be gone. you can download kaspersky @ majorgeeks.com Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives. Funny UST Scandal.avi.exe Autorun.vbs win32.autorun.k copy.exe imgkulot taga lipa are autorun.vbs recycler FS6519.dll.vbs strawberry from baguio W32/Perlovga (copy.exe | host.exe) VBS_RESULOWS.A Bha.dll.vbs w32automa worm (Autorun.vbs) Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe) W32/RJump.worm (RavMonE) Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe) W32.Fujacks.BH (****.vbs) WORM_AGENT.PGV (soundmix.exe) W32/Hakaglan.worm (RVHost.exe) Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe) Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs) if you want to manually delete it... Solution is here: 1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document 2. Copy the following text. (note: Everything in between the square brackets should be in one line) REGEDIT4 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf] @="@SYS:DoesNotExist" 3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part) 4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear. hope this helps

Jan 24, 2008 | Computers & Internet

4 Answers

I have Funny UST Scandal.avi on my computer how i escape of him


W32/Sdbot-DIQ is a worm for the Windows platform.

When first run W32/Sdbot-DIQ copies itself to:

<Root>\Funny UST Scandal.avi.exe
<Windows>\Funny UST Scandal.exe
<Windows>\xmss.exe
<Root>\xmss.exe

The worm creates the following files:

<Root>\autorun.inf
<Windows>\autorun.inf

Make sure you Shift-Delete these files!

Dec 09, 2007 | Red Hat Enterprise Linux ES 3 Standard...

Not finding what you are looking for?
Computers & Internet Logo

Related Topics:

11,011 people viewed this question

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

kakima

Level 3 Expert

98816 Answers

David Payne
David Payne

Level 3 Expert

14071 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...