The Sality Trojan is an exceptionally complex threat that uses advanced coding techniques to propagate, avoid detection and avoid deletion simultaneously. Sality’s primary purpose is to download other malware onto the infected computer, but Sality is also a confirmed keylogger and backdoor Trojan that disables security and steals private data like account passwords. This virus is years old, but has had new versions come out on a regular basis and is sufficiently dangerous that deleting Sality should be accomplished by updated and powerful anti-malware programs.
Blocking Off Sality Infection Routes
Sality can attack Windows operating systems as recent as XP or as old as Windows 98. The first appearances of the Sality virus were in 2003, but recent versions have popped up even in 2010, making Sality an ongoing and evolving threat.
The probable origin of Sality is Russia, but given Sality’s infection rates there’s a fair chance of you encountering Sality ‘in the wild’ from file sources in other regions as well. Sality may also be detected under W32/Kookoo-A by some anti-malware programs, if you’re ‘lucky’ enough to find it in a scan.
Infections of Sality are extremely difficult to spot, since the code is polymorphic and will take steps to obscure itself from casual detection. Sality will infect executable files on all drives, including network-shared files and files on removable drive devices. This allows Sality to spread easily, provided there are other appropriate files for Sality to infect. Sality will even search through the Windows Registry specifically to look for executables that start when Windows does, and infect them as well!
Defeating Sality and Its Attacks
Although Sality propagates like a virus, Sality has functions characteristic of other kinds of malware threats:
- Sality will act like a Trojan and download malware onto your machine. This is the primary purpose of the Sality virus; the other malware may be used for an assortment of purposes, such as spying on passwords or other delicate info, hijacking your web browser or allowing easier attacks by remote criminal entities.
- Sality will also open up a security backdoor that’s exploitable by remote criminals. Attacks used by remote criminals can be as broad as the possible malware Sality installs.
- Your security settings will be harmed by Sality’s presence, and it will also attempt to shut down various security-related applications such as anti-virus scanners and Windows-central tools.
- Lastly, Sality is also a keylogger and can record and send out any keyboard input for the benefit of remote attackers. Passwords and other private information should be considered at risk even if you don’t necessarily type them completely (for example, if they’re saved in website-specific settings).
Removing Sality is even more difficult than removing a typical virus. Sality will inject itself into all running processes except for those belonging to local services, networks or the system, thus allowing Sality to run without being seen. A second dirty trick up Sality’s sleeve is its ability to continue running even in Safe Mode.
Due to the sophisticated, multi-layered and incredibly threatening nature of this virus, deleting Sality should be handled by a qualified expert or by a program designed to handle critically urgent threats. You should never try to continue using a Sality-infected PC as though everything is normal; the scope of the damage Sality is capable of inflicting is difficult to exaggerate!
Trojan.Win32.Downloader.81920.O [ViRobot]TROJ_SALITY.AM [TrendMicro]W32.Sality.AB [Symantec]W32/Sality-AM [Sophos]Trojan.PCK.CryptPack.A [SecureWeb-Gateway]Cloaked Malware [Prevx1]Win32.Sality.AJ [PCTools]W32/Sality.AC.worm [Panda]Trojan/W32.KillAV.81920.C [nProtect]W32/Agent.DTQN [Norman]
More aliases (29)
Sality Automatic Detection Tool (Recommended)
Is your PC infected with Sality? To safely & quickly detect Sality we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Sality What happens if Sality does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 ekhw.pif 265 2 C:\ RECYCLER\ X-1-5-21-1960408961-725345543-839522115-1003\ WinSysApp.exe 265 3 qp673812.dll 256 4 dojxqg.exe 175 5 %HOMEDRIVE%\ file.exe 159 6 bd3q0qix.exe 159 7 winjmxy.exe 156 8 load.exe 134 9 ParisHilton.exe 131 10 winafoe.exe 125
- Email-Borne Polymorphic Malware Attacks Has Tripled
- INF/Autorun, Conficker, Sirefef are the Most Common Malware in July 2012
Posted: March 28, 2006 | By SpywareRemove
Rate this article: