Sality Description

The Sality Trojan is an exceptionally complex threat that uses advanced coding techniques to propagate, avoid detection and avoid deletion simultaneously. Sality’s primary purpose is to download other malware onto the infected computer, but Sality is also a confirmed keylogger and backdoor Trojan that disables security and steals private data like account passwords. This virus is years old, but has had new versions come out on a regular basis and is sufficiently dangerous that deleting Sality should be accomplished by updated and powerful anti-malware programs.

Blocking Off Sality Infection Routes

Sality can attack Windows operating systems as recent as XP or as old as Windows 98. The first appearances of the Sality virus were in 2003, but recent versions have popped up even in 2010, making Sality an ongoing and evolving threat.

The probable origin of Sality is Russia, but given Sality’s infection rates there’s a fair chance of you encountering Sality ‘in the wild’ from file sources in other regions as well. Sality may also be detected under W32/Kookoo-A by some anti-malware programs, if you’re ‘lucky’ enough to find it in a scan.

Infections of Sality are extremely difficult to spot, since the code is polymorphic and will take steps to obscure itself from casual detection. Sality will infect executable files on all drives, including network-shared files and files on removable drive devices. This allows Sality to spread easily, provided there are other appropriate files for Sality to infect. Sality will even search through the Windows Registry specifically to look for executables that start when Windows does, and infect them as well!

Defeating Sality and Its Attacks

Although Sality propagates like a virus, Sality has functions characteristic of other kinds of malware threats:
  • Sality will act like a Trojan and download malware onto your machine. This is the primary purpose of the Sality virus; the other malware may be used for an assortment of purposes, such as spying on passwords or other delicate info, hijacking your web browser or allowing easier attacks by remote criminal entities.
  • Sality will also open up a security backdoor that’s exploitable by remote criminals. Attacks used by remote criminals can be as broad as the possible malware Sality installs.

    » Learn more about SpyHunter's Spyware Detection Tool
    and steps to uninstall SpyHunter.

    The most widely-publicized, but not necessarily most damaging remotely-controlled PC attack is recruitment into a botnet that enables widespread Denial-of-service attacks.
  • Your security settings will be harmed by Sality’s presence, and it will also attempt to shut down various security-related applications such as anti-virus scanners and Windows-central tools.
  • Lastly, Sality is also a keylogger and can record and send out any keyboard input for the benefit of remote attackers. Passwords and other private information should be considered at risk even if you don’t necessarily type them completely (for example, if they’re saved in website-specific settings).

Removing Sality is even more difficult than removing a typical virus. Sality will inject itself into all running processes except for those belonging to local services, networks or the system, thus allowing Sality to run without being seen. A second dirty trick up Sality’s sleeve is its ability to continue running even in Safe Mode.

Due to the sophisticated, multi-layered and incredibly threatening nature of this virus, deleting Sality should be handled by a qualified expert or by a program designed to handle critically urgent threats. You should never try to continue using a Sality-infected PC as though everything is normal; the scope of the damage Sality is capable of inflicting is difficult to exaggerate!


Trojan.Win32.Downloader.81920.O [ViRobot]TROJ_SALITY.AM [TrendMicro]W32.Sality.AB [Symantec]W32/Sality-AM [Sophos]Trojan.PCK.CryptPack.A [SecureWeb-Gateway]Cloaked Malware [Prevx1]Win32.Sality.AJ [PCTools]W32/Sality.AC.worm [Panda]Trojan/W32.KillAV.81920.C [nProtect]W32/Agent.DTQN [Norman]

More aliases (29)

Sality Automatic Detection Tool (Recommended)

Is your PC infected with Sality? To safely & quickly detect Sality we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Related Posts

Posted: March 28, 2006 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.67 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 7/10
Detection Count: 75


Leave a Reply

What is 13 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)