The Sality Virus Removal Procedure

As a hybrid of various harmful infections, The Sality virus is poses several threats to your system; it is a family of file-infecting viruses that spread by infecting exe and scr files. Furthermore, the virus includes an ‘autorun worm’ component which allows it to spread to any discoverable or removable drive. In addition, it also carries a downloader Trojan component that can install additional malware on your PC via the web.  Just like many other malware, the Sality virus disables your system’s antivirus software and prevents access to certain security and antivirus websites. It can also prevent you from booting into safe mode and even delete security related files found on an infected system.

In simple words, what it basically does is infect other executable files in order to spread itself when it is run. It also exhibits the properties of a key logger since it sends personal information to hackers (as it logs every single key-press). Its programming enables it to resist most security software’s attempts to remove it, thereby disabling those security applications. The removal of the Sality virus is therefore essential in order to safeguard person data and prevent the creation of a backdoor in your system that allows hackers to gain control of your computer.

Manual Removal of Sality Virus

Although it is possible to remove the Sality virus manually, it can be quite a complex and challenging process for inexperienced users. The use of anti-spyware software such as Spyhunter is therefore recommended by experts to remove such infectious viruses.

Step 1: Find Sality

1. Click on the Start Menu, in the search box type Sality and press Enter
2. Note down the path of each file that shows up in the results by right-clicking them and selecting Properties

Step 2: Unregister Dynamic Link Library (DLL) files

1. Click on the Start Menu, in the search box type cmd and press Enter
2. In the Windows Command Prompt window, type cd followed by the whole path of the DLL file, with a space in-between (e.g. cd C:\Windows\Sality.dll)
3. To unregister the malicious DLL file, type the whole path of the DLL followed by regsvr32 /u (DLL File Name), and press Enter.
   The following files should be unregistered
   1. syslib32.dll
   1. sysdll.dll
   1. oledsp32.dll

Step 3: End Processes

1. The termination of any infected processes is compulsory before you are able to delete any files.
2. Open Task Manager by pressing the CTRL+SHIFT+ESC keys simultaneously.
3. In the Processes tab, look for any of the following processes and terminate them when found.
   1. syslib32.dll
   1. sysdll.dll
   1. oledsp32.dll

Step 3: Delete Sality Files

1. Once the DLLs have been unregistered, all Sality-related files should be deleted.  This can be done using Command Prompt.
2. Start Command Prompt by clicking on the Start Menu and typing cmd in the search bar
3. To display all files of the infected folder, type dir / (name of the folder without brackets). This will list any hidden files too.
4. Following commands can be used to change directory, to delete a file and to delete the whole folder:
   1. cd folder_name – change directory
   1. del file_name – delete file
   1. rmdir folder_name – delete whole folder

The Sality virus does a rather great job of integrating itself with the system to avoid detection and removal. Since the manual process of removing the Sality virus can be rather cumbersome and sometimes frustrating even for advanced users, numerous system and network administrators advocate the use of anti-malware software to save time and avoid potential obstacles in the removal process.