How to remove Sality virus
By blablablu
@blablablu (221)
Indonesia
December 11, 2009 11:44am CST
Okay, now I will go into specific topic of the discussion.
Right now, all computer in my office connected via LAN are infected with Sality virus. I know that it is not severe virus, but still it is a virus, and the bad thing is it injected itself into every executable file. Everything seems to work normally except the memory resources that always went high.
I have try several virus removal treatment from Google Search like using rmsality.nt and removing it manually. rmsality.nt certainly didn't work as the computer is still infected right now. Maybe because other computers in network are still infected, I think. Remove it manually? It will be a stupid job if I remove virus manually for around 60 PC.
The best way for me right now is reinstall them, all of them. But this will need a day off and certainly I can't do it in one day only (my boss wouldn't agree with this *sigh*)
Any suggestion how to remove it easily?
Oh, and please don't suggest to install antivirus because installing antivirus to infected computer is useless as the antivirus executable program also infected immediately as it installed.
Thanks in advance.
2 responses
@owlwings (43915)
• Cambridge, England
11 Dec 09
This page should help: http://www.exterminate-it.com/malpedia/remove-sality
@blablablu (221)
• Indonesia
11 Dec 09
Yeah, doing this on 60 computer will kill me eventually. LoL. Thanks for the advice though.
Cheers!
@owlwings (43915)
• Cambridge, England
11 Dec 09
If you have to deal with each PC individually, make a batch file (or a macro) which can be run either from the server or a shared drive or from a thumb drive. If your network is server-based the job is simple: the routine could run as soon as a user logs in by including it in their login script; if your network is peer-to-peer then you will either need to get each user to run the script or to go round and run it yourself ... maybe 3 hours work.
@owlwings (43915)
• Cambridge, England
11 Dec 09
Having done a little more searching, it seems that the link I gave above may over-simplify the case. Although the site I quoted seems to suggest that just removing one file will solve the problem, it's likely that every infected file just includes a call to that .dll. Microsoft don't recommend manual removal but I'm sure you can find a good AV tool that you could run from a CD or thumb drive on each machine. After all, you are going to need to install good AV software anyway, aren't you!
Microsoft: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fSality.AM .
also: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fSality .
You have probably seen both those pages, though.
@aerous (13434)
• Philippines
12 Dec 09
I think the best thin you can do is that to unplug first all the computer in network. Since you said that virus can be remove manually. If you unplug it before remove the virus you clean all of them with any infection again after resume the operation.
Yes, you cannot remove it because all the computer is in a network. You clean one but when you transfer to other virus transfer also from the computer you clean...So, if you unplug the computer from the network the virus cannot be transfer and transfer
