Important: Test this solution first in a selected group of computers BEFORE rolling it out to all of the infected computers.
Please do the following:
|
1.
|
Download the PE_Sality fixtool.
|
| |
|
|
2.
|
Download the latest Controlled Pattern Release (CPR).
|
| |
|
|
3.
|
Download the latest Spyware Detection and Cleanup (Trend Micro Anti-Spyware) - Ssapiptn.Da5.
|
| |
|
|
4.
|
Extract the PE_Sality fixtool to a temporary directory (i.e. c:\test).
|
| |
|
|
5.
|
Extract the CPR (lpt$vpn.xxx) to c:\test\system\sysclean.
|
| |
|
|
6.
|
Extract the spyware pattern (ssapiptn.DA5) to c:\test\system\sysclean.
|
| |
|
|
7.
|
Using GPO or any 3rd party deployment tools (i.e. SMS, BigFix, Altiris), copy the extracted files (mentioned in item # 4-6) into the c:\temp folder of the infected computer(s).
|
| |
|
|
8.
|
Using GPO or any 3rd party deployment tools (i.e. SMS, BigFix, Altiris), run c:\temp\fix.bat.
|
| |
|
|
|
Note: This script file will execute tsc.com and sysclean.com to remove PE_SALITY infection.
|
| |
|
| 9. |
Restart the computer. System reboot is required to completely restore and remove the malware entries and modifications.
|
| |
|
|
|
Note: This new and improved fixtool does NOT require a boot in safe mode to clean PE_Sality.
|
| |
|
| 10. |
Make sure that your Trend Micro product is up and running. If needed, please reinstall OfficeScan.
|
| |
|
|
|
|
Connect with us on
| | | |