This solution comes into my mind because its the fastest way to remove the win32 sality worm rather than removing entries in Windows Registry.
So what is Win32 Sality?
A Win32 Sality worn is a family of polymorphic file inf
ectors that target Windows executable files with
extensions .SCR or .EXE. They may execute a damaging payload tha
t deletes files with for executable files and will attach its code previously processed.
It will also infects computer connected to the network rapidly. It also infect the system such as telnet.exe, write.exe, regedt32.exe, cmd.exe, notepad.exe files and run in memory processes making it complicated to remove.
Causes
- Installed via links in undesirable e-mail attachments
- Infected Removable device inserted into good computer
- Network computer is infected
The Symptoms
- Blue screen when trying to enter in Safe Mode
- When opening executable files infected NSIS error appear
- Removable disk drives contains Autorun.inf which have random strings and shell commands lines pointing to a file in same folder
- For example the executable files of the installer is 20 Mb, It will be reduce or modified to around 160 Kbytes
Removal Instruction
- Always Update the Virus Definitions
- Run Win32 Sality Removal Tools
Removal instruction (with extra caution)
Registry Editing:
- Go to Start Menu
- Click Run (Windows XP) Search (Windows Vista and Windows 7)
- Type Regedit
- Press Enter
- Then locate and delete these registry entries.
Delete the following registry key
- amsint32 located at
HKEY_LOCAL_MACHINESYSTEMControlSet001Services
- amsint32 located at
HKEY_LOCAL_MACHINESYSTEMControlSet002Services
- amsint32 located at
HKEY_LOCAL_MACHINESYSTEMControlSet003Services
- Qurdk located at
HKEY_CURRENT_USERSoftware
Note: Before removing the registry entries, you must have first update your antivirus or run a complete scan using the removal tools
Clik here to download removal tools
