My registry is messed-up by win32.og sality folks!

Hello folks :slight_smile:

Ok well my registry has been messed-up by win32 sality.og and though I run anti-malware or spyware checks or use comodo for a scan this friggin virus keeps on disabling registry and the task manager.

Now I know that win32sality are nasty-real nasty but was wondering if whether I will have to re-install windows or is there another way?

FYI: I have tried the following as was suggested to me-from a forum that deals with such above issues:
Super Anti Spyware.
Combofix-though cannot get into this program, I click it and it appears for about 2 seconds and disappears.
AVG’s rmsality.exe.
Ccleaner-same as combofix in that I click on it and it appears for about 2 seconds and then disappears.

I was told to try out a certain kaspersky application but for some insane reason I cannot even go onto the kaspersky website and neither can I download anything kaspersky related.

I also get these signs very often:

  1. Microsoft Visual C ++ Runtime Library> Runtime error!> ProgramC:> R6002> floating point support not loaded.
    I actually get the above when I try clicking on comodo-especially when I go to anti virus events and selecting a file click on the more button. This is why I cannot send any files to comodo for analysis. On the other hand here are some of the files that I will copy here-so that folks have an idea of the kinds of files I am on about:
C:\Documents and Settings\user\Local Settings\Temp\wingwyplc.exe -Malware name: Trohware.Win32.Trojan.Agent~EZH@1
There are actually 9 of the one listed above-but I decided to delete all the files in the TEMP folder-of course except today's one.
  1. Registry editing has been disabled by your administrator. When I get this I always get about 12 windows telling me about the disabling and have to get rid of them all!

Is there any hope for me at all here?

Just to give you an example, every time I run malwarebytes I get these infections:

Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

I do click to have them removed but at the next scan the same files re-appear!

Hi Staara,

By spontaneously running so many security and following random suggestions you are most likely destroying your system
You are doing more harm than the alleged infection.
Actually there is no information whatsoever. What security flagged what ??? … no locations of the items no system info – nothing
Yes “sality could be nasty indeed, but it has variants… and then it can be an FP by that unknown security … who knows without any details?

In addition some Tools you mentioned must not be run without a supervision of an expert, say ComboFix – you can damage your system beyond repair by running just that one (read its precaution the note)

Then, as you said here here

Nothing wrong with that, but there are proper ways to get an experience.

I am not sure whether it’s possible to recover now and probably reinstallation would be the best option, but since your system is still breathing after that horrible attack by multiple security Utilities, please choose one of the professional Malware Removal sites ((I’m stressing – only one!) & follow the instructions by the Certified malware fighter.

Sure, that is your choice which site, but I would recommend this one, for example
and follow this instruction

note: if you cannot run some of the suggested Tools there - just briefly describe the difficulties & you will be advised about the alternatives

My regards

I’d advise running an AV Rescue Disk like I advise here.

Let us know if you have any more questions.

Hello SiberLynx,

Sorry I didn’t make myself clear in the post.
I only ran the programs that I mention as it was recommended for me to do so (by an experienced member of the forum who knows all about various problems and issues) when I reported a problem with my computer on an internet security website.

Thing is that my registry was messed-up even before I ran all the recommended programs.

I will follow what you and Chiron have recommended :slight_smile:

Thank you very much both of you for the replies and I will get back to you:)


if you really have salinity the first thing to do is run a bootable AV, if has infected some drivers and cannot be repaired from the windows environment. Please go to a non infected computer with a cd burner. Download the Kaspersky Rescue Disk V10, and burn the ISO to an empty CD. Then go back to your computer, make sure you are connected to your network through a wires connection, boot up the computer and get into bios. change the boot order so that it will boot from the cd drive first. Then insert the cd into the drive. Then save the bios setting and reboot.

once rebooted follow the instruction to get into the main kaspersky UI, from there click the update button. Once the update is done, do a full scan. When things pop up, if you get the option to repair select that, if not select remove.

Let us know how it works then.