Win32.Sality

Description :Win32.Sality

Win32/Sality is a virus or file infector that infects files with format .SCR or .com or .EXE.
virus may execute a damaging payload that deletes files with certain extensions. Win32/Sality is a polymorphic virus that infects Win32 executable files. It has been known to have been derived from the win32/Bagle family.The infected application will become a little bigger in size around 60kb-90kb.

Sality uses default share folder to spread through local area network also sality uses autorun.inf for spreading.

Type:virus


Category : Win32

Alternate names :

# W32/Sality.n (McAfee)
# W32.HLLP.Sality.O (Symantec)
# PE_SALITY.AE (Trend Micro)
# W32.HLLP.Sality (Symantec)
# Win32/PE_ROSEC.A (Trend)
# Win32/Sality.A
# Win32/Sality.A (Eset)
# W32/Sality.A (F-Secure)
# Win32/Sality.A (InoculateIT)
# W32/Sality.a (McAfee)
# Win32/Sality.A!DLL (InoculateIT)
# W32/Sality.dll (McAfee)
# W32/Sality-A (Sophos)
# W32/Virus.Win32.Sality.a (Kaspersky),
# Virus.Win32.Sality.l (Kaspersky) P2P-Worm.Win32.VB.dz (Kaspersky)
# W32/Sality-AI (Sophos)
# Worm.P2P.VB.Bacteria.B (BitDefender)

Win32.Sality Frequently asked questions

---

Am i infected with Sality?

If you notice sudden harddisk activity and hard disk usage, Sality eating up all the harddisk space, Random named files in folder of sizes around 60 kb-90kb. Antivirus programs showing pop up messages of many infected files with sality but cannot do anything about it or If the computer fails to bootin the safe mode, then there are fair chances that your computer could be infected with W32/Sality.


How to go to safe mode in w32/sailty infected computer?

Booting in Safe mode can be reached on a w32/sailty infected computer using a tool called SafeMODEREPAIR. The same Safemoderepair tool can be used when infected with other viruses also to boot in Safe mode.

SafeMODEREPAIR can be downloaded from links XXXXX

Using SafeMODEREPAIR.

Execute either of the three Restore2000 or Restore2003 or RestoreXP for their respective operating systems. And then click yes when you get a Alert message from registry editor.

SafeMODEREPAIR picture

 

---

How to remove W32/Sality? or Methods to W32/remove Sality?

Method 1 [TO be used under extreme conditions]

# Create an avast BART CD, which is a bootable Cd version of avast which directly loads from Cd before loading the Operating system. Link http://www.avast.com/bart-cd

#Downlaod latest virus definitions from avast website directly to the Cd or to a Flash/pen drive.

# Boot from bootable Avast cd, Point the antiviurs software to the Updates file and Start FULL SYSTEM Scan.

# This should remove all the W32/sality and also any other possible viruses that lying dormant in your computer.


Method2

# Disconnect the computer from the network.

# Turn off “System Restore”.

# Turn off “Autorun” and “Default Share” download this file and right click on it then choose install.

# Kill any suspecting active process in computer backround and checking your startup file you can use hijackthis.

# Scan with Norman Malware Cleaner please note because this virus will infected files with extesion .exe com and .scr you have to rename Norman_Malware_Cleaner.exe with new extension example Norman_Malware_Cleaner.cmd