Results 1 to 4 of 4

Thread: Removal of W32/

  1. #1
    Join Date
    Feb 2009

    Removal of W32/

    Hello, Freinds
    My Pc Is infected with this Virus W32/ Well you must be wondering how did i know that , my antivirus told me that but the problem is that it cannot completely remove after scanning it tell me that there is virus it cannot remove it and thus i cannot continue doing anywork as it make my pc really slow so i would like to know how to remove it completely thank in advance for your suggestion

  2. #2
    Join Date
    May 2008

    Re: Removal of W32/

    W32/ is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.

    Indication of Infection
    • Presence of the file(s) mentioned.
    • Presence of the registry key(s) mentioned.
    • Unexpected network traffic to one or more of the domain(s) mentioned.

    Methods of Infection
    W32/ searches local drives, removable and network shares for Windows PE executable files to infect. It replaces the original entry point of the files it infects with its viral code and appends itself to the last section of the PE image.

    PE_SALITY.JER (Trend Micro), Virus.Win32.Sality.aa (Kaspersky), Virus.Win32.Sality.y (Ikarus), Virus:Win32/Sality.AM (Microsoft), W32.Sality.AE (Symantec), W32/Sality-AM (Sophos), W32/Sality.AE (Norman), W32/Sality.AH (Panda), W32/Sality.AK (F-Prot), Win32.KUKU.a (Rising), Win32.Sality.OG (BitDefender), Win32/Sality.AA (VET)

    Removal Instructions
    A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

  3. #3
    Join Date
    Feb 2008

    Re: Removal of W32/

    W32/ is a damaging virus that hijacks system through securtiy holes and downloads malware to show corrupt popup advertisements. Normally W32/ spreads through unwanted email, schat rooms, news groups and corrupt freeware downloads. After virus has sneaked inside the system it will install corrupt ckvo.exe, itsduel.exe files and download further viruses. The W32/ is a severe virus that can steal private data, harm system files and intensely slow down system performance!

    Related definitions:
    Virus.Win32.Sality.aa, PE_SALITY.DAM, W32.Sality.AE, PE_SALITY.JER, W32/Sality-AM, Virus:Win32/Sality.AM

    Common W32/ warning signs:
    • Desktop background picture screen and screen saver hijacked by messages
    • Complicated to erase W32/ files maunally, re-activates at system starup
    • Slow Internet browsing performance, long Pc boot and shutdown time
    • Loss of registry keys, dll's and system files data causing regular "Blue Screen" error
    • Disabled pop up blocker, flooded desktop with annoying pop-ups even offline
    • Browser home page, error page and search page replaced with abnormal website
    • Unknown task processes running in Windows task list, unusual error beeps from Computer tower

    W32/ actions:
    • Tracks and transmits keystrokes, passwords, user names and other confidential info to remote hackers by avoiding antivirus and firewall tools
    • Alter system logs, generates popup advertisements matching surfing habits and collects system activity
    • downloads third-party programs into Windows system and infects Computer with malware through browser security holes

    Download Easy W32/ Remover Utility

  4. #4
    Join Date
    May 2008

    Re: Removal of W32/

    Hey Before doing Anything dont forget to do anything Windows XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

    1. Disabling the System Restore Utility (Windows XP Users)
    2. Right click the My Computer icon on the Desktop and click on Properties.
    3. Click on the System Restore tab.
    4. Put a check mark next to 'Turn off System Restore on All Drives'.
    5. Click the 'OK' button.
    6. You will be prompted to restart the computer. Click Yes.
    7. Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

    Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

Similar Threads

  1. W32/Sality.gen.e Virus Infection To Windows XP
    By Laurense in forum Networking & Security
    Replies: 5
    Last Post: 20-03-2010, 09:08 PM
  2. Cannot remove Win32/Sality.gen!enc
    By Vineeta in forum Networking & Security
    Replies: 4
    Last Post: 04-03-2010, 07:20 PM
  3. Want to remove Win32.Sality.PB?
    By Carley in forum Networking & Security
    Replies: 5
    Last Post: 24-01-2010, 04:20 AM
  4. removing Win32.sality.aa
    By JUSTICE in forum Networking & Security
    Replies: 3
    Last Post: 19-01-2009, 09:12 PM
  5. Removal of W32/Sality!mem trojan
    By Mannat in forum Networking & Security
    Replies: 4
    Last Post: 18-12-2008, 02:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts