Removal of W32/Sality.ao

[Anek]

Hello, Freinds
My Pc Is infected with this Virus W32/Sality.ao. Well you must be wondering how did i know that , my antivirus told me that but the problem is that it cannot completely remove after scanning it tell me that there is virus it cannot remove it and thus i cannot continue doing anywork as it make my pc really slow so i would like to know how to remove it completely thank in advance for your suggestion

[Marco-D]

W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.


Indication of Infection

• Presence of the file(s) mentioned.
• Presence of the registry key(s) mentioned.
• Unexpected network traffic to one or more of the domain(s) mentioned.

Methods of Infection
W32/Sality.ao searches local drives, removable and network shares for Windows PE executable files to infect. It replaces the original entry point of the files it infects with its viral code and appends itself to the last section of the PE image.

Aliases
PE_SALITY.JER (Trend Micro), Virus.Win32.Sality.aa (Kaspersky), Virus.Win32.Sality.y (Ikarus), Virus:Win32/Sality.AM (Microsoft), W32.Sality.AE (Symantec), W32/Sality-AM (Sophos), W32/Sality.AE (Norman), W32/Sality.AH (Panda), W32/Sality.AK (F-Prot), Win32.KUKU.a (Rising), Win32.Sality.OG (BitDefender), Win32/Sality.AA (VET)

Removal Instructions
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

[Steve123]

W32/Sality.ao is a damaging virus that hijacks system through securtiy holes and downloads malware to show corrupt popup advertisements. Normally W32/Sality.ao spreads through unwanted email, schat rooms, news groups and corrupt freeware downloads. After Sality.ao virus has sneaked inside the system it will install corrupt ckvo.exe, itsduel.exe files and download further viruses. The W32/Sality.ao is a severe virus that can steal private data, harm system files and intensely slow down system performance!


Related definitions:
Virus.Win32.Sality.aa, PE_SALITY.DAM, W32.Sality.AE, PE_SALITY.JER, W32/Sality-AM, Virus:Win32/Sality.AM

Common W32/Sality.ao warning signs:

• Desktop background picture screen and screen saver hijacked by messages
• Complicated to erase W32/Sality.ao files maunally, re-activates at system starup
• Slow Internet browsing performance, long Pc boot and shutdown time
• Loss of registry keys, dll's and system files data causing regular "Blue Screen" error
• Disabled pop up blocker, flooded desktop with annoying pop-ups even offline
• Browser home page, error page and search page replaced with abnormal website
• Unknown Sality.ao task processes running in Windows task list, unusual error beeps from Computer tower

W32/Sality.ao actions:

• Tracks and transmits keystrokes, passwords, user names and other confidential info to remote hackers by avoiding antivirus and firewall tools
• Alter system logs, generates popup advertisements matching surfing habits and collects system activity
• Sality.ao downloads third-party programs into Windows system and infects Computer with malware through browser security holes

Download Easy W32/Sality.ao Remover Utility

[Shen]

Hey Before doing Anything dont forget to do anything Windows XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

WindowsXP

1. Disabling the System Restore Utility (Windows XP Users)
2. Right click the My Computer icon on the Desktop and click on Properties.
3. Click on the System Restore tab.
4. Put a check mark next to 'Turn off System Restore on All Drives'.
5. Click the 'OK' button.
6. You will be prompted to restart the computer. Click Yes.
7. Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.