Sality virus

September 8, 2018

What is Sality

Sality virus is a dangerous malware family that is capable of self-replication

Sality virus is a group of malware that was first introduced in 2003. Security researchers believe that it originated in Russia and evolved significantly over the years. Since 2010, the malware employed rootkit capabilities, as well as used peer-to-peer network (botnet) to communicate with the infected computers. While different versions exhibit different symptoms and perform particular functions on the infected computer, most Sality variants are worms that are capable of replicating themselves by using autorun functionality. While the malware is old, it is still prevalent and is capable of stealing sensitive data, sending spam emails, functioning as a trojan downloader, and avoiding AV detection. The malicious threat is considered to be one of the most complex and powerful malware ever created.

Sality virus

Sality virus executes several sets of commands that infect all the EXE and SCR files located on Windows computer. The worm then quickly spreads to all the virtual and physical devices connected to the same network. The malware modifies the original host code at the entry point to reroute the execution to the polymorphic viral code. Additionally, Sality trojan performs several changes in Windows Registry to be able to start with every Windows boot.

Download Removal Toolto remove Sality

Sality virus works as malware downloader, which uses a preset list or URL’s that point to the source where additional files and be downloaded, decrypted and then executed. The cyber threat uses an RC4 encryption algorithm to encrypt and decrypt data used in the host infection process.

To be able to remove Sality virus, it is important not to ignore signs of the infection, which include:

The installed security software starts malfunctioning or is terminated; Security-related services and processes and stopped; Booting into Safe Mode becomes impossible; The malware starts sending malicious emails; The presence of a malicious file amsint32.sys located in %SystemRoot%\system32\drivers

Sality virus removal can be a complicated task because it can name its own executable by any name. Therefore, AV engines that use a preset list of malware names to detect it might fail to do so. Nevertheless, please check the last part of the article for full eradication instructions, and then you can clean all the malware traces using .

Sality virus is malware that can steal sensitive information, disable Windows processes and stop AV engines from detecting it

How does Sality works

Users typically infect their computers with malicious software due to lack of security measures. Some users are not aware of certain things that need to be done in order to protect themselves, while others simply neglect adequate security means.

One of the most important rules is to obtain reputable security software. While the Sality virus is old, security software developers implemented appropriate preventive measures to keep the malware away. However, you need to make sure that AV’s database is continuously updated. Additionally, patching all the programs installed on the computer is vital as well. Software vulnerabilities are often used to infect malware automatically (that includes the operating system as well).

Finally, you should not execute any unknown files on your computer. If you really have to open it, use competent tools to scan the file in question.

Download Removal Toolto remove Sality

How to delete Sality

Sality virus removal is a complicated task, that is why preventing it is critical. Nevertheless, if you suspect that your computer is infected with this malware, you should perform several tasks to make sure that the cyber threat is gone.

There are different types of Sality viruses around. Therefore, in some cases, scanning your machine with robust security software will do the trick. Unfortunately, as we mentioned above, the malware typically stops the operation of multiple AV providers, and booting the system in Safe Mode might be impossible as well.

Some anti-virus providers created tools that are specifically designed to remove Sality virus. AVG provides Sality fix, and you can also make use of Kaspersky’s Salitykiller. Once the malware is gone, you should make use of or to fix all the damage done and restore Registry files.

Finally, security experts do not recommend removing Sality manually, as the infection changes various parameters on the system. Thus, finding it and reverting the changes is an extremely complicated task that should only be practiced by trained IT specialists.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Sality. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Sality Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Sality or anything related to it, and once you find it, press ‘Remove’.

Uninstall Sality Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Sality or anything related to it, and once you find it, press ‘Remove’.

Delete Sality Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Sality or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Sality.safariextz appears on the list, select it and press ‘Clear’.

Remove Sality Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Sality or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Sality is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Sality program.
  7. Select Sality or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Sality

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Sality

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Sality, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find Sality in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *