Sality Manual Removal Procedure

I got this post from viruscontra
Below is a list of Sality manual removal instructions and Sality components listed to help you remove Sality from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer.

Step 1 : Use Windows File Search Tool to Find Sality Path

* Go to Start > Search > All Files or Folders.
* In the "All or part of the the file name" section, type in "Sality" file name(s).
* To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
* When Windows finishes your search, hover over the "In Folder" of "Sality", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path todelete Sality in the following manual removal steps.

Step 2 : Use Windows Command Prompt to Unregister Sality DLL Files

* To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
* Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Sality DLL file is located and press the "Enter" button on your keyboard. If you don't know where Sality DLL file is located, use the "dir" command to display the directory's contents.
* To unregister "Sality" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Sality.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
* Search and unregister "Sality" DLL files: syslib32.dll, sysdll.dll, oledsp32.dll

Step 3 : Detect and Delete Other Sality Files

* To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
* Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
* To change directory, type in "cd name_of_the_folder".
* Once you have the file you're looking for type in "del name_of_the_file".
* To delete a file in folder, type in "del name_of_the_file".
* To delete the entire folder, type in "rmdir /S name_of_the_folder".
* Select the "Sality" process and click on the "End Process" button to kill it.
* Remove the "Sality" processes files: syslib32.dll, sysdll.dll, oledsp32.dll, oledsp32.dll, sysdll.dll, syslib32.dll
Please say thanks to viruscontra

No comments:

Post a Comment