Step-by-Step Guide: Cleaning Infections With Salitykiller GUI
The Sality malware is a highly destructive, multi-component threat. It infects executable files, disables antivirus software, and blocks security websites. To combat this aggressive virus, Kaspersky developed Salitykiller. The Graphical User Interface (GUI) version offers a user-friendly way to purge this infection from your system. This guide walks you through the entire disinfection process. Phase 1: Preparation in Safe Mode
Before running the tool, you must restrict the malware’s ability to defend itself.
Boot into Safe Mode: Restart your computer and repeatedly tap the F8 key (or use Windows Recovery settings) to select Safe Mode. This prevents the malware from launching its active monitoring processes.
Download the Tool: Use an uninfected device to download salitykiller.exe from the official Kaspersky website, then transfer it via a clean USB drive.
Rename the Executable: Sality actively blocks security tools by tracking file names. Rename salitykiller.exe to a random name like cleaner123.exe to bypass this detection. Phase 2: Launching the Salitykiller GUI
With your system isolated, you can now launch and configure the tool.
Execute as Administrator: Right-click your renamed file and select Run as administrator.
Access the GUI: By default, running the file opens the standard command-line interface. To open the GUI version, ensure you downloaded the specific standard Windows executable package that includes the graphical interface window.
Configure Scan Settings: Click on the Options or Settings tab within the window. Ensure that “Scan all drives” and “Cure infected files” are checked. Phase 3: Executing the Disinfection Scan
The scanning phase requires patience, as Sality often compromises thousands of system files. Start the Scan: Click the Start Scan button.
Monitor Progress: The GUI will display a real-time log. Look for indicators like Infected (files carrying the virus) and Cured (files successfully repaired).
Do Not Interrupt: Allow the tool to run until the progress bar reaches 100%. Salitykiller does not just delete files; it actively strips the malicious code out of your legitimate programs. Phase 4: Post-Infection Cleanup
Once Salitykiller reports that the scan is complete, you must repair the collateral damage left behind.
Fix the Registry: Sality destroys Safe Mode registry keys and disables the Task Manager. Run a trusted registry repair utility or use Kaspersky’s specialized Sality_RegKeys.reg file to restore default Windows behavior.
Install Robust Protection: Salitykiller is a removal tool, not a permanent shield. Immediately install a full-scale, updated antivirus suite to prevent reinfection.
Run a Secondary Scan: Execute a full system scan with your newly installed antivirus to catch any lingering secondary malware components.
Leave a Reply