How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah

June 6, 2009 by  
Filed under Removal Tips,Tools and Videos


Views 112,957 views  
FaceBook Logo FB Comments
Comments 69 Comments

virus spyware icon How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah

We saw a lot of people visiting us to find about ( Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah ) so we now put a way for how to remove and clean the infected PC from ( Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah ) just follow these steps :


1- If you have an anti virus that detected the infected files don’t delete any of infected file because if you did the system will be broken.


2- Go to any clean PC and download Kaspersky Removal tools from ( Here )


3- When you finish the download put the exe file of Kaspersky Removal tools in a compressed file zip file recommended (we put it in compressed file to protect the exe file from getting infected ).


4- Now go back to the infected PC and reboot with the safe mode some viruses disable the safe mode you can download a registry file from ( Here ) to fix the safe mode problem.


5- If you done to get into the safe mode run Kaspersky Removal tools that you compressed then it will start and you will see the interface like this picture :


 

kvrt main 267x300 How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah

kaspersky removal tools

 

6- Now click on setting then you will see like this picture and do the same setting in it :

 

kvrt setting 255x300 How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah

Kaspersky removal tools settings

 

7- When you finish the setting click OK then click on Scan button it will start scan and disinfect the infected files and remove the virus files .


** Some times the virus could disable regedit and task manager and folder options you can download these files to repair the problems


[ Enable Registry ] [ Enable Taskmanagr ] [ Enable Folder Options ] [ Restore Hidden Files ]



For any suggestion just comment it or contact us .



FaceBook Comments



Comments

69 Responses to “How To Remove Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah”
  1. manoj says:

    good note

  2. Arturo says:

    sounds good but: Sality does not only prevent safe boot, it also prevents regedit.
    any idea what to do?

  3. admin says:

    Hi Arturo,

    First thank you for your comment and yes there is a tool called RRT Restriction removal tools I’ll put it here soon.

    Regards
    Anwar Anabtawi

  4. Arturo says:

    Hi Anwar,
    I found Malwarebytes Anti-Malware
    On the first run, this Programm eliminated 2 restrictions on my registry so I could edit my registry again and boot in safe mode.
    It all worked out as shown on this webside here, great, sality bye bye.
    On the end, I deleted all system-restore points, to make it shure.
    Free Download at
    http://www.malwarebytes.org
    Good luck, suerte,
    Arturo from Guatemala

  5. admin says:

    Hello again Arturo,

    Yes MB can repair the registry problems but I put the RRT to repair without install any software.

    Regards
    Anwar Anabtawi

  6. Infected says:

    Hello Anwar.Thanks for help but RRT archive is damaged and cant be opened:(
    Please bro update it.I need your help.
    Thanks

  7. admin says:

    Thank you Infected for your notice and I updated the RRT link

  8. Polaris says:

    Hello,

    I had this virus many times, I have scanned all my drivers, and every thing went back to normal, when I scan my pc it tells me that every thing is OKAY!

    But … I have those old .SWF files (were disinfected by Kaspersky “as said”), when I excute them “sality.aa” infects every thing again …

    Any Idea on how to solve this ?

    Thanks

  9. admin says:

    Thank you Luis, but your solution is for :

    o Virus.Win32.Sality.y
    o Virus.Win32.Sality.z
    o Virus.Win32.Sality.aa

    but not for Am and Ah and this way is for any type of sality worms.

  10. admin says:

    Polaris,

    About your old swf files is it with swf extension or exe extension and are they in your pc drive or external like in a CD or USB flash desk cuz I think swf files cannot be infected with this worm maybe the flash player program is infected.

  11. Polaris says:

    Thanks for your replay ..

    I have both .swf & .exe (Flash Files) files ..

    They are on my HDD ..

    I scanned them after disinfecting my System .. I scanned every thing .. and every thing is OKAY as Kasper Sky AV 2009 (UP-TO-Date) …

    when I run them they infects my system .. so I scan them again and executed them on Virtual System .. and they infected the system as well ..

    Thanks again

  12. Polaris says:

    Dear Luis,
    I have tried every thing .. but it didn’t work ..
    I’m telling you that my system is clean, I don’t need to fix it, I just wanna disinfect my files …

    Any way thanks for your replay

    Polaris

  13. Polaris says:

    Dear Admin,

    I have them in .exe extension, I just meant that all application and .exe files were disinfected succsefully, but those files are Flash files in .exe extension.

    anyway, as I tried KasperSky AV & IS and both told that files are clean, I didn’t tried Kaspersky removal tool ..

    I downloaded it yesterday, scanned my HDD, every thing is clean but flash files are infected as Kaspersky removal tool said, so I told the removal tool to disinfect them, and it did, I just didn’t have the courage to run the files, and so I have installed a Virtual WinXP, and ran the files on it … and they worked fine, tried them on the orginal system, every thing is okay …

    Problem SOLVED !

    Note : I have Kaspersky AV 2009, UP-TO-Date, running .. It didn’t said that files are infected .. why ?? I mean the removal tool is also Kaspersky’s isn’t it ?

    Thanks

  14. admin says:

    Dear Polaris,

    I’m so happy because your problem is solved and about your flash maybe you are using in with other infected PC’s so it will infected again so be careful.

    Regards
    Anwar

  15. Polaris says:

    Dear Anwar,

    Thankyou for your help ..

    I’m always careful, my friend is the one who got me this virus, anyway …
    I’m just woundring why didn’t kaspersky AV reported the files as infected ??

    I wanna ask some questions about something other than viruses, can you help me ?
    where can I ask you or maybe we can use MSN for the best …
    here’s my MSN adelhakim[at]hotmail[dot]com

    thx again ..

  16. anuj says:

    I tried above all, but i am unable to get rid out of enabling regedit, and boot in safe mode, moreover the virus doesn’t allow to install any anti virus programs

  17. Polaris says:

    Dear anuj,

    If you want your system to get back working normal, backup your files, and then format/recover your system, once your system is installed just download Kaspersky removal tool, and scan your entire HDD and any potable storage you have ..

    after this is all done, download any AV program you like, update it and rescan your system, HDD & any potable storage you have, for better …

    the most important thing of all is not to run any .exe files you already have on your HDD, or else your system will be infected again …

    I hope this was helpfull …

  18. admin says:

    Don’t know what to say to you Polaris, Thank you so much ;) for your response.

  19. lucky says:

    Hi all
    I have a virus in my 2000 server, when i login to my server it shows blue screeen so i map the drives with a pc and scan it with kaspersky its shows me some disinfected virses like win32.sality.aa so can anyone help me how to remove this virus and how to login to the server becuse its showing just a blue screeen nothng else.

  20. Polaris says:

    Can you login using safemode ?

    If not, reinstall the same version of windows, without formatting your system drive, so all system files will be replaced, then download Kaspersky removal tool and scan your PC ..

    gd luck

  21. mj says:

    hello

    please anwar

    i cant find RRT link

    can u send it to me .
    thanks

    mj

  22. irene says:

    where can i download the RRT bcuz i can’t go on safe mode. thanks…

  23. irene says:

    where can i find the RRT…. ?

  24. potter says:

    where is the link of RRT??

  25. ubuntu says:

    Hey Guys !
    i guess kaspersky is the good antivirus that can stop those kinds that infect ur pc but at the end the virus can win since he infect all ur exe files and it will be hard to disanfect even with malwarebytes hard to delet and if u install antivirus will delet ur exe file coz are infected already so ……
    i can only format my pc and start over again :s

    Regards .

  26. dragonmago says:

    Thanks for this tutorial, after long hours of trying to find a way to neutralize this scourge, it seems like the kaspersky tool is the real deal.

    For what is worth, the machine I cured had been using a very outdated Symantec trial version and it seems the infection spread from a flash memory. It seems like using a laptop without good antivirus protection is just no longer affordable.

  27. amany says:

    thank u i had this virus in my pc & after using your advise it has gone so
    thanks

  28. admin says:

    you are so welcome amany.

  29. ariel says:

    please help me to terminate the sality.nar viru…..
    give advice please…
    thanks……
    thanks

  30. Dear Anwar,
    About the registry files; after unzipped, where should we put them? Will you please inform me? Thank you very much.
    Regards.

  31. admin says:

    Hi Abang,

    When you unzip the reg files just run and import it to your registry to restore the damaged keys and values.

  32. Conrad says:

    Hi

    I have a Sality porblem with a small hickup.

    I set my windows in msconfig to boot in safe mode before I knew I had a Sanity Problem. I’m know sitting with a PC that keeps on restarting and can’t boot back into windows as the safe mode are disabled. Any idea’s how I can fix this??

  33. admin says:

    You can use any boot CD like hirens and start windows xp live from the CD, next try to scan and clean your PC then restart to the normal windows.

  34. Rahulmg says:

    Are you able to login to Windows normally? You can fix your PC by using Kaspersky Rescue Disk 10.0.21.5. Boot from the Kaspersky Rescue Disk to scan and remove threats from an infected computer without the risk of infecting other files or computers. Burn this ISO image to a CD, insert it into the infected system’s CD-ROM drive, enter the PC’s BIOS, set it to boot from the CD and reboot the computer.

    Try It.
    Regards,
    Rahul mg

  35. bhonelattyone says:

    thanks ur answering …
    i’m now ok…
    but…
    virus bite some of application software…
    so i reinstall or repair my app: software…
    how to get back without reinstall or repair app: sofware …
    plz…

  36. Sigheart says:

    Hi.
    I’m currently running this program in my infected PC. (I am using an uninfected laptop.)
    My question is, after disinfecting the files, is it safe to open them? (.exe, etc.)

  37. Nishad says:

    Very good info………. may be i get early info i can save lots of data any way better late then never ….really help me a lot

  38. @ Sigheart says:

    it is ok to open .exe file if u r able to successfully recover them… but there is always problem with this type without anti virus highly recommend do not open this type of file once you sure u r totally disinfected because this type of vieus remain hidden in system so my advice is open when u have antivirus + u r sure that u remove maximum virus hope that will help you

    regards,
    [email protected]

  39. Taj says:

    Hello Everybody!
    Is there anyone to help me to delete or disinfect virus.win32.sality.bh which has been detected after scanning through KIS 2011 in c: partition of my home PC?
    Another Q. is, I have facing problem in formatting D: or E: partition of my Off. PC after win XP Pro Updates. It shows an error mssg, the disk is using by another program.
    Regards
    TAJ

  40. Taj says:

    What does that mean? Is it also a virus?

    29-Apr-11 10:02:21 PM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.RootShell C:\USERS\APPDATA\LOCAL\TEMP\I4J7347821116616431121.BAT High

    Please help me what can I do for it?
    With best regards
    TAJ

  41. almonds4 says:

    thanks so much man! u made me smile bye salities.. lol

    anyway is it possible to clean also my external disk? i guess all my exe files were infected. how can i remove the viruses
    i have also encounter the W32/Almanahe.c and the likes.. how to get rid of this shit?

    thanks in advance

  42. amit says:

    hi admin..
    after i scan my pc…kaspesky showing the virus but cant delete the virus….i want to delete all those virus from my pc…plz help

  43. null says:

    Can I subscribe here for free?

  44. Jarm says:

    Gimmie the appropriate antivirus FOR Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah
    INBOX ME PLS

  45. Arash.Amiri says:

    Hi EveryBody
    I have a PC with Wiindows XP Media Center running on it. It has been infected with Sality.ag and Virut.ce as Kaspesky 2012 running from other PC said. I scanned it by Kaspersky from another PC and cleaned all of the viruses but when I want to go to safe mode when it reaches loading of Gagp30kx.sys driver it crashes and resets PC. Also I can not go to normal mode because after logging to windows (before beeing infected logging of windows was not enabled)and after displayying a window showing “Loading your personal settings” it only displays wallpaper and no otherthing!
    When I press Ctrl+ALt+Del it says “The Taskmanager has been locked by Administrator”!
    So I can go to neither Normal mode nor Safe mode.
    Even I repaired Windows XP by its CD (repair install not recovery) and I could log to windows XP one time but after restart the story was repeated.Now When I want to repair it again after first restart of the setup that want to go to installation boot nothing happend and I go to previous infected Windows XP without installing any thing!
    Luckily I have a Windows Vista on this system that it works and apparently has not been infected.
    How can I repair my Windows XP?

  46. Nash says:

    Hi,

    is this also applicabel for Sality.AU?
    my task manager is disabled, and also I can’t log in to Safe Mode.
    and another issue, somehow it can’t read any CD/DVD. I just replaced a new DVD-RW drive, but still can’t read any disk.

    I’ll try to do your way, but please let me know should there any update for my issue. thanks!

Trackbacks

Check out what others are saying about this post...


Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!