CA has developed an offline scanning/cure method that enables users to manually clean a machine affected by a Win32/Sality variant. Using a provided ISO image and our cleaning utility, the solution is available via two different boot mediums, PXE and CD.
The PXE-based process is applicable for locations with a large number of affected workstations, on which the disinfection is to be applied in ‘unattended’ mode. It uses a PXE (Preboot Execution Environment) setup, requiring the affected system to reboot from network.
The CD-based process is suitable for cases that involve application to a server, and/or to workstations that cannot participate in a LAN (e.g. laptops currently away). The process involves booting from a CD or DVD.
In both cases, the user follows this process below:
1. Shutdown the machine to be cured.
2. Change the ‘boot order preference’, and reboot with a live Linux OS image that, at boot time:
• Mounts every partition on all hard disks on the machine;
• Performs a scan of all files on the mounted partitions; and
• Applies the cure for the files found infected.
3. Halt the Linux OS once the machine scan has completed, then reboot the machine to restore the original primary boot method and access the (now cured) OS installed on the said machine.
For a more detailed overview, please see the"readme.txt" document contained in the ZIP file below.
Note: The ISO image via boot or PXE is available to all affected customers upon request. Please contact your local support staff or contact us through our support website, http://support.ca.com.
Cleaning Utility Download:
Please note this utility is provided 'as-is' and without warranty. Please ensure that you carefully review "readme.txt", as well as thoroughly test the utility within your environment before use.
- Registry Cleaner Utility for post trusted OS cleaning of Win32/Sality.Z
-RegCleanerUtility.exe contained in the ZIP file below.