Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
malwarebytes not finding malware, issues with running scan and bluescreen
Message
<blockquote data-quote="Gbaby614" data-source="post: 101062" data-attributes="member: 5255"><p>I have a problem, I have dl'ed and unzipped the salitykiller but its not opening anything that i can use.. but as i read further, the 1st one is for connected to network and there is one further down for no network, i will paste what i see, can u paste back the section u need me to follow so i can begin, if no response i will try the bottom directions on my own, i just dont want to make an error..</p><p>How to disinfect my computer from Virus.Win32.Sality?</p><p> Back to "Viruses and solutions" section ID: 1874Complexity2012 Dec 13 </p><p> </p><p> </p><p> </p><p> The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab product cannot be installed by regular means. Kaspersky Lab experts also recommend using Rescue Disk to disinfect an infected computer. </p><p></p><p> The SalityKiller.exe utility given in this article allows detecting and disinfecting only the following Sality modification Virus.Win32.Sality.aa, Virus.Win32.Sality.ae, Virus.Win32.Sality.ag, Virus.Win32.Sality.bh.</p><p></p><p></p><p>In order to disinfect a computer from Virus.Win32.Sality, do the following: </p><p></p><p> </p><p></p><p>If infected computers are in the local network under domain control: </p><p></p><p>Step 1. Preparation to disinfection: </p><p></p><p>•Download the file SalityKiller.zip</p><p>•Unpack the file SalityKiller.zip</p><p>•Run the file SalityKiller.exe on each computer in turn (for example, through Kaspersky Administration Kit, or the server group policy). </p><p>◦on all computers on which the domain administrator can register and work </p><p> While disinfecting this group of the computers do not log on under domain administrator on any other computers to prevent further spread of the infection in the network. </p><p></p><p>◦on all other computers </p><p> Do not stop or terminate work of the utility until all computers in the network have been disinfected. </p><p></p><p> </p><p></p><p>Step 2. Algorithm of computer disinfection. </p><p></p><p>Computers on which you log on under a domain administrator rights should be disinfected first. Once these computers are disinfected, start disinfecting other computers in the network. </p><p></p><p>•Run the utility SalityKiller.exe on the infected computers once again (no additional commands to run the utility are needed). </p><p>•A reboot might require after disinfection.</p><p>•Make sure that the anti-virus icon in system tray has turned red thus indicating the anti-virus software is fully functional. If otherwise, reinstall the anti-virus via Kaspersky Administration Kit. </p><p>•Update the anti-virus databases (signature threats) for the Kaspersky Lab’s product installed on your PC. If you cannot download the updates from the Internet, update from the zip-archives. </p><p>◦how to update Kaspersky Lab’s products version 5.0 from the zip archives. </p><p>◦how to update Kaspersky Lab’s products version 6.0 from the zip archives </p><p>◦how to update Kaspersky Lab’s products version 7.0 from the zip archives </p><p>•set the full scan options to their maximum scan level </p><p>•run full computer scan </p><p>Step 3. Signs of a disinfected/ clean computer </p><p></p><p>•Kaspersky Anti-Virus is running and works in normal mode </p><p>•full computer scan does not detect infected objects on the computer </p><p>Step 4. Cleaning the registry of infected computers in the domain network: </p><p></p><p>•download the file Sality_RegKeys.zip</p><p>•unpack the file Sality_RegKeys.zip </p><p>•run the file Disable_autorun.reg from the archive Sality_RegKeys.zip </p><p></p><p></p><p>You can also disable autorun from all devices by running the SalityKiller utility with parameter -a.</p><p></p><p>•Click Yes to confirm adding the information to the registry </p><p> </p><p></p><p>•once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: </p><p>◦under Windows 2000 run the registry file SafeBootWin200.reg </p><p>◦under Windows XP run the registry file SafeBootWinXP.reg </p><p>◦under Windows 2003 run the registry file SafeBootWinServer2003.reg </p><p>◦under Windows Vista / 2008 run the registry file SafebootVista.reg </p><p>◦under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg</p><p> </p><p></p><p>If infected computer are not in the network </p><p></p><p>•Disable the technologies iSwift and iChecker, if one of the following products is installed and running on your PC:</p><p>◦Kaspersky Anti-Virus 7.0 </p><p>◦Kaspersky Internet Security 7.0 </p><p>◦Kaspersky Anti-Virus 6.0 </p><p>◦Kaspersky Internet Security 6.0 </p><p>◦Kaspersky Anti-Virus 2009;</p><p>◦Kaspersky Internet Security 2009;</p><p>◦Kaspersky Anti-Virus 2010;</p><p>◦Kaspersky Internet Security 2010;</p><p>◦Kaspersky Anti-Virus 2011;</p><p>◦Kaspersky Internet Security 2011;</p><p>◦Kaspersky PURE;</p><p>◦Kaspersky Anti-Virus 6.0 for Windows Workstations </p><p>◦Kaspersky Anti-Virus 6.0 SOS </p><p>◦Kaspersky Anti-Virus 6.0 for Windows Servers </p><p>•Download and unpack the file SalityKiller.zip</p><p>•Run the file SalityKiller.exe </p><p>•A reboot might require after disinfection.</p><p> With an installed Kaspersky Lab product you might be prompted to allow any activity to the process Sality_killer.exe </p><p></p><p>◦Go to Start > All programs > right-click Startup > select Open </p><p> </p><p></p><p> </p><p></p><p>◦Right-click any place in the Startup folder </p><p>◦In the menu select New > Shortcut </p><p>◦In the Create Shortcut window click Browse </p><p>◦Browse the folder into which the file SalityKiller.exe was unpacked </p><p>◦Highlight the file SalityKiller.exe </p><p>◦Click the OK button </p><p>◦Click Next </p><p>◦Click OK</p><p></p><p></p><p>•Download the file Sality_RegKeys.zip </p><p>•Unpack the file Sality_RegKeys.zip </p><p>•Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip </p><p></p><p></p><p>You can also disable autorun from all devices by running the SalityKiller utility with parameter -a.</p><p></p><p>•Click Yes to confirm adding the information to the registry </p><p> </p><p></p><p> </p><p></p><p>•Update the anti-virus databases (threat signatures) for the installed Kaspersky Lab’s product. If you cannot download the necessary databases (threat signatures) form the Internet, update the databases from the zip archives: </p><p>◦how to update Kaspersky Lab’s products version 5.0 from the zip archives </p><p>◦how to update Kaspersky Lab’s products version 6.0 from the zip archives </p><p>◦how to update Kaspersky Lab’s products version 7.0 from the zip archives </p><p>•set the full scan options to their maximum scan level </p><p>•run full computer scan </p><p>•once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: </p><p>◦under Windows 2000 run the registry file SafeBootWin200.reg </p><p>◦under Windows XP run the registry file SafeBootWinXP.reg </p><p>◦under Windows 2003 run the registry file SafeBootWinServer2003.reg </p><p>◦under Windows Vista / 2008 run the registry file SafebootVista.reg </p><p>◦under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg</p><p> </p><p></p><p>You can restore the registry branch SafeBoot which is needed for a PC to be able to boot in safe mode, by running SalityKiller.exe with parameter -j.</p><p></p><p>Additional parameters to run SalityKiller.exe from command line:</p><p></p><p>-p <path> - scan a specific folder;</p><p>-n - scan network disks;</p><p>-r - scan flash drives, scan removable hard disks connected via USB and Fire Wire;</p><p>-y - close the window when the utility finishes;</p><p>-s - scan in "silent" mode (without opening console box);</p><p>-l <file_name> - write log to the file;</p><p>-v - detailed logging (must be used in combination with -l);</p><p>-x - restore possibility to view hidden and system files;</p><p>-a - disable autorun from any devices;</p><p>-j - restore the registry branch SafeBoot (if it is deleted, the PC will not be able to start up in Safe mode);</p><p>-m - monitoring mode to protect the system from getting infected;</p><p>-q - scan the system and then go to monitoring mode;</p><p>-k – the utility will scan all disks, detect files autorun.inf created by the virus Virus.Win32.Sality and eliminate them. It will also delete the executable file linked by autorun.inf, even if such file has been already disinfected.</p></blockquote><p></p>
[QUOTE="Gbaby614, post: 101062, member: 5255"] I have a problem, I have dl'ed and unzipped the salitykiller but its not opening anything that i can use.. but as i read further, the 1st one is for connected to network and there is one further down for no network, i will paste what i see, can u paste back the section u need me to follow so i can begin, if no response i will try the bottom directions on my own, i just dont want to make an error.. How to disinfect my computer from Virus.Win32.Sality? Back to "Viruses and solutions" section ID: 1874Complexity2012 Dec 13 The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab product cannot be installed by regular means. Kaspersky Lab experts also recommend using Rescue Disk to disinfect an infected computer. The SalityKiller.exe utility given in this article allows detecting and disinfecting only the following Sality modification Virus.Win32.Sality.aa, Virus.Win32.Sality.ae, Virus.Win32.Sality.ag, Virus.Win32.Sality.bh. In order to disinfect a computer from Virus.Win32.Sality, do the following: If infected computers are in the local network under domain control: Step 1. Preparation to disinfection: •Download the file SalityKiller.zip •Unpack the file SalityKiller.zip •Run the file SalityKiller.exe on each computer in turn (for example, through Kaspersky Administration Kit, or the server group policy). ◦on all computers on which the domain administrator can register and work While disinfecting this group of the computers do not log on under domain administrator on any other computers to prevent further spread of the infection in the network. ◦on all other computers Do not stop or terminate work of the utility until all computers in the network have been disinfected. Step 2. Algorithm of computer disinfection. Computers on which you log on under a domain administrator rights should be disinfected first. Once these computers are disinfected, start disinfecting other computers in the network. •Run the utility SalityKiller.exe on the infected computers once again (no additional commands to run the utility are needed). •A reboot might require after disinfection. •Make sure that the anti-virus icon in system tray has turned red thus indicating the anti-virus software is fully functional. If otherwise, reinstall the anti-virus via Kaspersky Administration Kit. •Update the anti-virus databases (signature threats) for the Kaspersky Lab’s product installed on your PC. If you cannot download the updates from the Internet, update from the zip-archives. ◦how to update Kaspersky Lab’s products version 5.0 from the zip archives. ◦how to update Kaspersky Lab’s products version 6.0 from the zip archives ◦how to update Kaspersky Lab’s products version 7.0 from the zip archives •set the full scan options to their maximum scan level •run full computer scan Step 3. Signs of a disinfected/ clean computer •Kaspersky Anti-Virus is running and works in normal mode •full computer scan does not detect infected objects on the computer Step 4. Cleaning the registry of infected computers in the domain network: •download the file Sality_RegKeys.zip •unpack the file Sality_RegKeys.zip •run the file Disable_autorun.reg from the archive Sality_RegKeys.zip You can also disable autorun from all devices by running the SalityKiller utility with parameter -a. •Click Yes to confirm adding the information to the registry •once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: ◦under Windows 2000 run the registry file SafeBootWin200.reg ◦under Windows XP run the registry file SafeBootWinXP.reg ◦under Windows 2003 run the registry file SafeBootWinServer2003.reg ◦under Windows Vista / 2008 run the registry file SafebootVista.reg ◦under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg If infected computer are not in the network •Disable the technologies iSwift and iChecker, if one of the following products is installed and running on your PC: ◦Kaspersky Anti-Virus 7.0 ◦Kaspersky Internet Security 7.0 ◦Kaspersky Anti-Virus 6.0 ◦Kaspersky Internet Security 6.0 ◦Kaspersky Anti-Virus 2009; ◦Kaspersky Internet Security 2009; ◦Kaspersky Anti-Virus 2010; ◦Kaspersky Internet Security 2010; ◦Kaspersky Anti-Virus 2011; ◦Kaspersky Internet Security 2011; ◦Kaspersky PURE; ◦Kaspersky Anti-Virus 6.0 for Windows Workstations ◦Kaspersky Anti-Virus 6.0 SOS ◦Kaspersky Anti-Virus 6.0 for Windows Servers •Download and unpack the file SalityKiller.zip •Run the file SalityKiller.exe •A reboot might require after disinfection. With an installed Kaspersky Lab product you might be prompted to allow any activity to the process Sality_killer.exe ◦Go to Start > All programs > right-click Startup > select Open ◦Right-click any place in the Startup folder ◦In the menu select New > Shortcut ◦In the Create Shortcut window click Browse ◦Browse the folder into which the file SalityKiller.exe was unpacked ◦Highlight the file SalityKiller.exe ◦Click the OK button ◦Click Next ◦Click OK •Download the file Sality_RegKeys.zip •Unpack the file Sality_RegKeys.zip •Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip You can also disable autorun from all devices by running the SalityKiller utility with parameter -a. •Click Yes to confirm adding the information to the registry •Update the anti-virus databases (threat signatures) for the installed Kaspersky Lab’s product. If you cannot download the necessary databases (threat signatures) form the Internet, update the databases from the zip archives: ◦how to update Kaspersky Lab’s products version 5.0 from the zip archives ◦how to update Kaspersky Lab’s products version 6.0 from the zip archives ◦how to update Kaspersky Lab’s products version 7.0 from the zip archives •set the full scan options to their maximum scan level •run full computer scan •once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: ◦under Windows 2000 run the registry file SafeBootWin200.reg ◦under Windows XP run the registry file SafeBootWinXP.reg ◦under Windows 2003 run the registry file SafeBootWinServer2003.reg ◦under Windows Vista / 2008 run the registry file SafebootVista.reg ◦under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg You can restore the registry branch SafeBoot which is needed for a PC to be able to boot in safe mode, by running SalityKiller.exe with parameter -j. Additional parameters to run SalityKiller.exe from command line: -p <path> - scan a specific folder; -n - scan network disks; -r - scan flash drives, scan removable hard disks connected via USB and Fire Wire; -y - close the window when the utility finishes; -s - scan in "silent" mode (without opening console box); -l <file_name> - write log to the file; -v - detailed logging (must be used in combination with -l); -x - restore possibility to view hidden and system files; -a - disable autorun from any devices; -j - restore the registry branch SafeBoot (if it is deleted, the PC will not be able to start up in Safe mode); -m - monitoring mode to protect the system from getting infected; -q - scan the system and then go to monitoring mode; -k – the utility will scan all disks, detect files autorun.inf created by the virus Virus.Win32.Sality and eliminate them. It will also delete the executable file linked by autorun.inf, even if such file has been already disinfected. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
