Your One Stop guide to be an I.T professional..

Sunday, September 4, 2011

How to remove Win32.Sality.NBA manually?

Win32.Sality.NBA is one of the Windows illegal malicious programs which may occupy system resources and slow down computers. Some of such malicious programs may frequently pop up advertising messages to interrupt computer users, while more severely they may destroy the data in computers. The followings are instructions on how to manually remove malicious spyware programs.

1. Boot your computer into safe mode to close all running processes.

2. Remember to back up your system before making any changes for future restore job when necessary.

3. Remove these Win32.Sality.NBA files:

%Temp%otjesjty.mof
%Documents and Settings%\[UserName]\Start Menu\ Activate.lnk

4. Open Registry Editor to delete the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 'Shell' = '%UserProfile%\Application Data\antispy.exe'
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \RunServicesOnce
HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 'SaveZoneInformation' = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download 'RunInvalidSignatures' ='1'

5. It is possibly for Win32.Sality.NBA to load by hiding within the system WIN.INI file and the strings "run=" and "load=". So you must check carefully in order to thoroughly remove it from your computer.

6 It is necessary for you t clean the IE temporary files where the original carrier may store.

No comments: