Win32.Sality.X Removal: Remove Win32.Sality.X Forever

Threat indicator: HIGH

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

Win32.Sality.X

*

Spyware/trojan

Win32 (Windows XP, Vista, Seven, 8)


The making and allocation of these programs is on the rise-they are now 37% of all of the thousands of malware Symantec processes on a weekly basis. A person who wants to watch your online activities may also by yourself install Win32.Sality.X. Win32.Sality.X is known to convert PC preferences resulting in sluggish connexion speeds, varied home pages and miss of Internet or functionality of other applications creating a requirement to remove Win32.Sality.X with a seemly Win32.Sality.X removal tool. It can rise that Win32.Sality.X is secretly installed on users' machines. Win32.Sality.X sources have not a idea about ethics that's why it's urgently required to install a seemly Win32.Sality.X removal tool. With the help of our Win32.Sality.X removal tool you can predict Win32.Sality.X from being installed on your machine or remove Win32.Sality.X that is already in the computer.


Win32.Sality.X intrusion method

Win32.Sality.X copies its file(s) to your hard disk. Its typical file name is *. Then it creates new startup key with name Win32.Sality.X and value *. You can also find it in your processes list with name * or Win32.Sality.X.

If you have further questions about Win32.Sality.X, please fill in the form below and we'll contact you shortly.

Recommended Solution - Download SpyHunter by Enigma Software Group LLC

Download this advanced tool and solve problems with Win32.Sality.X and * (download of fix will start immediately):

Download Spyhunter to remove Win32.Sality.X and * now!

* SpyHunter was developed by US-based company EnigmaSoftware and is able to remove Win32.Sality.X-related issues in automatic mode. Program was tested on Windows XP, Windows Vista, Windows 7 and Windows 8.

Share if this helped!

Features

* Removes all files created by Win32.Sality.X.

* Removes all registry entries created by Win32.Sality.X.

* You can activate System and Network Guards and forget about malware.

* Can fix browser problems and protect browser settings.

* Removal is guaranteed - if SpyHunter fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.

Alternative Solution - Download Win32.Sality.X Removal Tool by Security Stronghold LLC

Download this simplified Removal Tool designed specifically to solve problems with Win32.Sality.X and * (download of fix will start immediately):

Download removal tool for Win32.Sality.X and * now!

Features

* Removes all files created by Win32.Sality.X.

* Removes all registry entries created by Win32.Sality.X.

* Fixes browser redirection and hijack if needed.

* Can immunize your drives from specific problem.

* Removal is guaranteed - if Removal Tool fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with Win32.Sality.X and repair Win32.Sality.X right now!

Leave the detailed description of your Win32.Sality.X problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix Win32.Sality.X problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete Win32.Sality.X problem removal solution.

Click to ask professional of Win32.Sality.X solution

Describe your problem here and we'll contact you in several minutes:

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed description:
Attach suspicious file:
Here you can attach file you suspect to be virus or source of problem. If you want to attach several files, put them into one archive and attach it instead.

We'll contact you back in 10 minutes or less after you click on this button.

Individual solution guaranteed!

 

It is important:

  1. We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you Win32.Sality.X removal solution.
  2. All fields of this form are obligatory.

Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

* What is Win32.Sality.X? Technical details of Win32.Sality.X problem and Win32.Sality.X removal tool.

* Methods for manual Win32.Sality.X removal.

* Instant download of a program that will solve your problem automatically.


How to remove Win32.Sality.X manually?

This problem can be solved manually by deleting all registry keys and files connected with Win32.Sality.X, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Win32.Sality.X.

To get rid of Win32.Sality.X, you should:

1. Kill the following processes and delete the appropriate files:

• ax.exe
• wmdrtc32.dl_
• wmdrtc32.dll
• hsgfrn.sys
• win46721.dll
• win27388.dll
• win37763.dll
• loader174.exe
• win40346.dll
• win35482.dll
• win63279.dll
• antzom.exe
• win31324.dll
• win29788.dll
• win40320.dll
• impnn.sys
• mAO3q2B7r6.exe
• ywsnkhb.dll
• drlbqse.dll
• bomryuc.dll
• fmgonn.sys
• win28610.dll
• win13652.dll
• win21309.dll
• idlrrh.sys
• windjnvr.exe
• win44025.dll
• winxotbiy.exe
• winrlwmt.exe
• win33848.dll
• winkxggjh.exe
• winnmswkj.exe
• winibqs.exe
• winjepm.exe
• winkrqpx.exe
• win48684.dll
• hehmu.sys
• win7320.dll
• win3096.dll
• omdftn.sys
• win36587.dll
• ogmkmn.sys
• win25709.dll
• jnjpvn.sys
• egjjen.sys
• x3000[1].exe
• x2011[1].exe
• vwservice.exe
• mm2emt.exe
• x1001[1].exe
• vwsrv[1].exe
• vwsrv.exe
• x2000[1].exe
• x2011.exe
• x2007.exe

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use Win32.Sality.X Removal Tool for safe problem solution.

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aouei
  • Key: CLSID\{1CE21416-0B8D-8CF6-1FCB-099B30C628BB}\InprocServer32
    Value: ThreadingModel
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE
    Value: NextInstance
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Class
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000\Control
    Value: ActiveService
  • Key: System\CurrentControlSet\Services\vwservice
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\vwservice\Enum
    Value: Count
  • Key: System\CurrentControlSet\Services\vwservice\Security
    Value: Security
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: Type
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: Start
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\NdisFileServices32\Security
    Value: Security
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_NDISFILESERVICES32\0000\Control
    Value: ActiveService
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: d
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    Value: {06DB7430-7430-6DB1-306D-430DB4306DB1}
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: DeleteFlag
  • Key: System\CurrentControlSet\Services\NdisFileServices32
    Value: ImagePath
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: ClassGUID
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: DeviceDesc
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Service
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: ConfigFlag
  • Key: System\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000
    Value: Legacy
  • Key: System\CurrentControlSet\Services\vwservice
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\vwservice
    Value: ObjectName
  • Key: System\CurrentControlSet\Services\vwservice
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\vwservice
    Value: Start
  • Key: System\CurrentControlSet\Services\vwservice
    Value: Type
  • Key: System\CurrentControlSet\Services\vwservice
    Value: FailureActions
  • Key: System\CurrentControlSet\Services\vwservice\Enum
    Value: NextInstance
  • Key: System\CurrentControlSet\Services\vwservice\Enum
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: s
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: f
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: d
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: f
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: d
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion
    Value: s
  • Key: Software\Microsoft\Internet Explorer\Main
    Value: Start Page
    Data: www.skymasters.biz?3195

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use Win32.Sality.X Removal Tool for safe problem solution.


4. Manually fix browser problems

Win32.Sality.X can affect your browsers which results in browser redirection or search hijack. We recommend you to use free option "Reset Browsers" under "Tools" in Win32.Sality.X Removal Tool to reset all the browsers at once. Mention that you need to remove all files and kill all processes belonging to Win32.Sality.X before doing this. To reset your browsers manually and restore your homepage perform the following steps:

Internet Explorer

  • If you use Windows XP, click Start, and then click Run. Type the following in the Open box without quotes, and press Enter: "inetcpl.cpl"

  • If you use Windows 7 or Windows Vista, click Start. Type the following in the Search box without quotes, and press Enter: "inetcpl.cpl"

  • Click the Advanced tab

  • In Reset Internet Explorer settings, click Reset. Click Reset in opened window again.

  • Select Delete personal settings checkbox to remove browsing history, search providers, homepage

  • After Internet Explorer finishes resetting, click Close in the Reset Internet Explorer Settings dialog box

Warning: In case this option will not work use free option Reset Browsers under Tools in Win32.Sality.X Removal Tool.

Google Chrome

  • Go to the installation folder of Google Chrome: C:\Users\"your username"\AppData\Local\Google\Chrome\Application\User Data.

  • In the User Data folder, look for a file named as Default and rename it to DefaultBackup.

  • Launch Google Chrome and a new clean Default file will be created.

Warning: This option might not work if in Google Chrome you use online synchronization between PCs. In this case use free option Reset Browsers under Tools in Win32.Sality.X Removal Tool.

Mozilla Firefox

  • Open Firefox

  • Go to Help > Troubleshooting Information in menu.

  • Click the Reset Firefox button.

  • After Firefox is done, it will show a window and crreate folder on the desktop. Click Finish.

Warning: This option will also clean all your account passwords for all websites. If you don't want it use free option Reset Browsers under Tools in Win32.Sality.X Removal Tool.

Information provided by: Alexey Abalmasov

Here are the descriptions of problems connected with Win32.Sality.X and * we received earlier:

Problem Summary: Virus Win32.sality.gen detected by Kaspersky Anitvirus

Kaspersky detected virus named win32.sality.gen from my SD card.
I disinfected it by help of antivirus. But All folders from SD card are shown as shortkut folder of about 2KB.(As per attached jpg) They are not opening also.
My data of about 3.5GB is stil there in the card but its not visible..
Thing is that all data is visible on my android mobile but it can't be viewed on PC

Following are Some detected names by kaspersky:

Worm.Win32.Autorun.hfp
Trojan.WinLnk.runner.bl


Few unknown Files also have been created with an extension of *lnk (EG: Video.lnk, Images.lnk)

What do I now so that I can make all my folders viewable on PC.

I hope you sort out my problem.
Waiting for your reply.

Thanks

Problem was successfully solved. Ticket was closed.

Problem Summary: can't install antivirus in my win32 sality virus affected pc

my pc is affected by win32 sality virus.i have used many win32 sality virus removal tool but they don't work..also i am unable to install antivirus because when i try to install it the anti virus set up itself got deleted.

Problem was successfully solved. Ticket was closed.

Problem Summary: i want anti virus able to repair infected file net to dlet it

i want anti virus able to repair infected file net to dlet it

Problem was successfully solved. Ticket was closed.

Problem Summary: System affected by win32.sality virus. Antivirus moved files to chest, but cannot delete it.

My system has been affected by win32.sality virus. My avast antivirus has detected it and has moved the infected files to chest. However it cannot be repaired. I want to remove this virus. Is there any way I could do it without affecting my system?? Can I delete the files?? Please help.

Problem was successfully solved. Ticket was closed.

Problem Summary: pc e hd externo infectado pelo win32 / sality

peguei este virus no meu hd e no meu note o que to mais preicupado éque esta praga excluiu varios arquivos importantes e não to conseguindo recuperar tenho muita coisa no meu hd externo teria uma maneira de recuperar os dados do meu note que foram apagados pelo virus e limpar o virus do hd sem ser necessario formata-lo?

Problem was successfully solved. Ticket was closed.

Problem Summary: Write protected pen drive

I have a moser bare pen 4GB drive, while I'm trying to format that pen drive the message displays "The disk is write protected". There is a suspicious hidden file in my pen drive "Win32.dll". Please suggest how can I format my pen drive.
Thanks

Problem was successfully solved. Ticket was closed.

Problem Summary: all antivirus was disable

antivirus disabled automatically, most of the computer in the network are affected with the virus.
all the .exe file also affectted and unable to run it.

Problem was successfully solved. Ticket was closed.

Problem Summary: how to remove write protection fromN W32/Sality.AK & BAT/Autorun.JUM affected 8GB Transcend 500 capless series pendrive

Good Morning madam / sir

1) My Pen Drive is infective with a torjan virus.
(a) PANDA Antivirus Pro 2012 reported
1) BAT/Autorun.JUM (g:autorun.inf )
2) W32/Sality.AK (g:odms.pif )

PANDA only notified did not remove & mine was trial version for now

(b) Microsoft Security Essentials found
1) W32/Sality.AK as a torjon virus
2) & that odms.pif is a tool that multiplies this Sality Virus

Microsoft Antivirus DETECTED & TRIED REMOVING it but FAILED : reason :->

A) My pendrive is write protected so it cannot delete the virus it .


(a) I tried format - it said i have to remove write protection

(b) I went to regedit.exe & in storagedeviceproperties made WriteProtect to 0 ; still it did not work

(c) In diskmgmt.msc ; i cannot format my pendrive as it shows it is mounted read only

(d) My pendrive does not have any button on it anywhere to lock it for me to unlock .

(e) The transcend format tool does'nt work either .

(f) My pendrive is 8GB Transcend capless series pendrive ( 500 series ( capless ) )

(g) There is NO OPTION OF WRITE PROTECTION in the PROPERTIES OF PENDRIVE either , for me to remove the write protection .


Can you PLEASE give me a solution to remove the write protection from my pendrive so that i can delete the virus after the write protection has been removed

Its so much cost & i want it to get right soon !

Thankyou
Pragathi
[INDIA]

Problem was successfully solved. Ticket was closed.

Problem Summary: how to remove write protection fromN W32/Sality.AK & BAT/Autorun.JUM affected 8GB Transcend 500 capless series pendrive

Good Morning madam / sir

1) My Pen Drive is infective with a torjan virus.
(a) PANDA Antivirus Pro 2012 reported
1) BAT/Autorun.JUM (g:autorun.inf )
2) W32/Sality.AK (g:odms.pif )

PANDA only notified did not remove & mine was trial version for now

(b) Microsoft Security Essentials found
1) W32/Sality.AK as a torjon virus
2) & that odms.pif is a tool that multiplies this Sality Virus

Microsoft Antivirus DETECTED & TRIED REMOVING it but FAILED : reason :->

A) My pendrive is write protected so it cannot delete the virus it .


(a) I tried format - it said i have to remove write protection

(b) I went to regedit.exe & in storagedeviceproperties made WriteProtect to 0 ; still it did not work

(c) In diskmgmt.msc ; i cannot format my pendrive as it shows it is mounted read only

(d) My pendrive does not have any button on it anywhere to lock it for me to unlock .

(e) The transcend format tool does'nt work either .

(f) My pendrive is 8GB Transcend capless series pendrive ( 500 series ( capless ) )

(g) There is NO OPTION OF WRITE PROTECTION in the PROPERTIES OF PENDRIVE either , for me to remove the write protection .


Can you PLEASE give me a solution to remove the write protection from my pendrive so that i can delete the virus after the write protection has been removed

Its so much cost & i want it to get right soon !

Thankyou
Pragathi
[INDIA]

Problem was successfully solved. Ticket was closed.

Problem Summary: how to remove write protection fromN W32/Sality.AK & BAT/Autorun.JUM affected 8GB Transcend 500 capless series pendrive

Good Morning madam / sir

1) My Pen Drive is infective with a torjan virus.
(a) PANDA Antivirus Pro 2012 reported
1) BAT/Autorun.JUM (g:autorun.inf )
2) W32/Sality.AK (g:odms.pif )

PANDA only notified did not remove & mine was trial version for now

(b) Microsoft Security Essentials found
1) W32/Sality.AK as a torjon virus
2) & that odms.pif is a tool that multiplies this Sality Virus

Microsoft Antivirus DETECTED & TRIED REMOVING it but FAILED : reason :->

A) My pendrive is write protected so it cannot delete the virus it .


(a) I tried format - it said i have to remove write protection

(b) I went to regedit.exe & in storagedeviceproperties made WriteProtect to 0 ; still it did not work

(c) In diskmgmt.msc ; i cannot format my pendrive as it shows it is mounted read only

(d) My pendrive does not have any button on it anywhere to lock it for me to unlock .

(e) The transcend format tool does'nt work either .

(f) My pendrive is 8GB Transcend capless series pendrive ( 500 series ( capless ) )

(g) There is NO OPTION OF WRITE PROTECTION in the PROPERTIES OF PENDRIVE either , for me to remove the write protection .


Can you PLEASE give me a solution to remove the write protection from my pendrive so that i can delete the virus after the write protection has been removed

Its so much cost & i want it to get right soon !

Thankyou
Pragathi
[INDIA]

Problem was successfully solved. Ticket was closed.

Show more

Related threat: smitfraud c

Learn more about Win32.Sality.X and * »

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2014 Security Stronghold. All Rights Reserved.