Overall Risk Level: 
W32.Sality.AE is a trojan that will modify Windows registry and add an entry so that it can bypass installed firewall. Another payload is to download and execute additional threats from a remote server. W32.Sality.AE can spread on computers by infecting executable files on local and remote drives.
Other Alias:
- TROJ_AGENT.XOO
- W32/Sality.ae
- Sality.AG
- Win32/Sality.Z
- Win32/Sality.AA
Threat Level: Low
Systems Affected: Windows - All
Source:Symantec
Manual Removal of W32.Sality.AE
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List\”[INFECTED FILE]” = “[INFECTED FILE]:*:Enabled:ipsec”
Navigate to and delete the following registry subkeys:
HKEY_CURRENT_USER\Software\[USER NAME]914
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER
Navigate to and restore the following registry entries to their previous values, if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Setting\”GlobalUserOffline” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”EnableLUA” = “0″
Navigate to and restore registry entries under the following registry subkeys to their previous values, if required:
HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Ext\Stats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Ext\Stats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects
6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
How to Remove W32.Sality.AE:
On this page is our suggested (by precisesecurity) removal procedure and Visitor's own suggestion. We cannot control and evaluate each suggested procedure so please use it at your own risks. If no suggestion is present to remove virus, spyware, adware and malware, you may try the following:- Remove W32.Sality.AE with Standard Virus Scan
- Scan W32.Sality.AE with MalwareByte's Anti-Malware
15 Responses for "W32.Sality.AE"
i have having lot of problems becoz of this virus does anyone have a solutions for this. please let me know.
You can used Norman Malware Cleaner to remove this virus
plesea send me removal tools about
W32.Sality.AE
W32.Virut.R
W32.Almanahe.B!inf
Adware.ZangoSearch
Trojan.Packed.NsAnti
Buen dia!!
Por favor necesito que alguien me ayude diciendome como eliminar este virus, supuetamente no lo tengo en mi pc, pero el software symantetc, me avisa un alerta
Threat: W32.Sality.AE
Gracias de antemano.
Saludos
Please download norman malware removal from norman.com it helps
Tools to remove W32.Sality.AE virus
hi..
pls send me w32.sality.ae and w32.sality.DFC virus removal tools.
warm regards
Gangadhar
plesea send me removal tools about
W32.Sality.AE
W32.Virut.R
W32.Almanahe.B!inf
Adware.ZangoSearch
Trojan.Packed.NsAnti
w32 SAlity.t
abd other sality tools
w32.douwndup
thanX
Junagadh
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.
Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
dear
i m very happy to get this antivirus becaz it has removed virus in my pc.
saurabh
dear friend i my computer is very big problem in my computer is w32.sailty virus and evry day i missing a my winmp,kundli and more then program so please give me a solution for this problem
Dear Friends,
I was asking is it that powerful than Symantec Endpoints?
i have changed my windows about 5 times because of this virus. i think it has saved a copy in my system files so everytime i changed the windows the virus remains and after 2, 3 months the speed of operating gets very low and can’t even listen music with it.
is anyone knows how to remove it from system files?
i do disable the restore system before changing the windows. but it won’t get of my laptop.
sos plz !!!
Required removal tool
Required removal tool
w32.sality.ae
Any Response?