Worm virus

Win32 Sality Worm Virus Complete Removal Instruction

When the Worm Win32 Sality strike into my computer, it causes me headache. All uncompressed  executable file I have save to my computer were all infected and can’t used anymore. But the real problem wasn’t stop there, all the computer connected in the network were also infected.
At that time of infection, there are limited updates and removal tool available in the web and most of the tools were only  good for prevention (not those computer already infected).
The thing I did at that time was isolate the infected computer in the network ad backup all important files (win32 sality was not include at backup). Then I  Format and reprogram the computer; install and update antivirus definitions.

This solution comes into my mind  because its the fastest way to remove the win32 sality worm rather than removing entries in Windows Registry.

So what is Win32 Sality?

A Win32 Sality worn  is a family of polymorphic file inf
ectors that target Windows executable files with
extensions .SCR or .EXE. They may execute a damaging payload thawin32/salityt deletes files with for executable files and will attach its code previously processed.

It will also infects computer connected to the network rapidly. It also infect the system such as telnet.exe, write.exe, regedt32.exe, cmd.exe, notepad.exe files and run in memory processes making it complicated to remove.


    • Installed via links in undesirable e-mail attachments
    • Infected Removable device inserted into good computer
  • Network computer is infected

The Symptoms

    • Blue screen when trying to enter in Safe Mode
    • When opening  executable files infected NSIS error appear
    • Removable disk drives contains Autorun.inf which have random strings and shell commands lines pointing to a file in same folder
  • For example the executable files of the installer is 20 Mb, It will be reduce or modified to around 160 Kbytes

Removal Instruction

    • Always Update the Virus Definitions
  • Run Win32 Sality Removal Tools
Removal instruction (with  extra caution)

Registry Editing:

    • Go to Start Menu
    • Click Run (Windows XP) Search (Windows Vista and Windows 7)
    • Type Regedit
    • Press Enter
  • Then locate and delete these registry entries.

Delete the  following registry key

    • amsint32 located at
    • amsint32 located at
    • amsint32 located at
  • Qurdk located at

Note: Before removing the registry entries, you must have first update your antivirus or run a complete scan using the removal tools
Clik here to download removal tools