Is there a way to completely remove Win32/Sality.nba? Malwarebytes has quarantined it, but after I restart my computer and do a full scan it always comes back again. How do I delete it once and for all?
Win32/Sality.nba Description
Win32/Sality.nba is a very tricky Trojan virus that cannot be removed by antivirus programs. Win32/Sality.nba is usually distributed via spam email, pornographic sites and free software. Once infected, your computer and privacy will be at high risk. The virus deletes system files without your permission, modifies Windows registry, and opens up system backdoors for remote attackers. Your confidential data, such as online banking details, browsing habits and email contact will be easily stolen. Besides, Win32/Sality.nba is capable of downloading additional Trojans, worms, police viruses onto the compromised computer. If your internet connection is cut off or the viruses block your downloads. It will be more difficult to save your computer. Therefore, it is recommended to remove Win32/Sality.nba as soon as possible. To permanently delete the stubborn Win32/Sality.nba, manual approach is needed. That is the most effective way to deal with such nasty Trojan. Follow the step-by-step manual removal guide below to delete Win32/Sality.nba, it will not come back again.
Need Help with Removing Win32/Sality.nba?
Harmful Characteristics of Win32/Sality.nba
1. Win32/Sality.nba can give hackers the access to your PC
2. It steals confidential data such as credit card accounts passwords, websites visited, email contact etc.
3. Win32/Sality.nba can drop other keyloggers trojans, worms to your computer
4. It may delete important system files and slow down system performance.
5. Win32/Sality.nba updates its components automatically to prevent from being eliminated
6. Sometimes, it can even disable installed antivirus and turn off Windows firewall without your approval
How to Remove Win32/Sality.nba?
To completely clean up Win32/Sality.nba, you need to delete all its files, folders and registry keys. Please back up your important data before taking actions.
Step1: Restart your computer in safe mode with networking.
Turn on the power of your computer, before windows starts up,
keep pressing ‘F8’ button on your keyboard, you will see Windows Advanced Option menu. Select the Safe Mode with Networking option from the list and hit‘Enter’.
Step 2 – launch the Task Manager by pressing keys CTRL + Shift + ESC. then stop the malignant processes:
Random.exe
Step3: Delete Win32/Sality.nba files from PC:
%windows%\system32\ Win32/Sality.nba
%documents and settings%\all users\ application data\ Win32/Sality.nba
%program files% Win32/Sality.nba
%AllUsersProfile%\{random}\
%AllUsersProfile%\{random}.lnk
Step 4: Click Start menu> choose “Run.”> Type “regedit”>click “OK ” to open up Registry Editor. If your operating system is win7, just type “regedit” into the “Search programs and files” box in the Start menu. Remove registry keys added by Win32/Sality.nba
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\random.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
Please Note that manual removal of Win32/Sality.nba is a procedure with high complexity. If you have no sufficient expertise in dealing with hidden files and registry entries, it may lead to mistakes damaging your system. Need help with getting rid of Win32/Sality.nba? Live Chat with MiTechMate Online Expert Now. Your Problem will be fixed Immediately. Help at www.mitechmate.com
No comments:
Post a Comment