Virus.Win32.Sality.bh

Virus.Win32.Sality.bh is a backdoor Trojan and virus that creates high-level security holes in the host computer by disabling the user's firewall and various security applications and functions. Registry keys to enable starting in Safe Mode are deleted and Virus.Win32.Sality.bh will also infect executable files across the system and attempt to spread through networks and removable drives. This Trojan can drop and run randomly-named malware on your machine, and any occurrence of this threat should be responded to by using powerful and verified security tools to delete Virus.Win32.Sality.bh and clean all infected files.

Virus.Win32.Sality.bh is a Laundry List of Threatening Behavior

As a backdoor Trojan and a virus, Virus.Win32.Sality.bh has a sophisticated set of functions that simultaneously allow Virus.Win32.Sality.bh to propagate and disable your PC.

• Virus.Win32.Sality.bh will automatically attempt to delete files with the extensions of .avc,
  .drw or .vdb. These extensions may be used by various programs, including video players and (most relevantly) anti-virus applications.
• Your temp folder will become populated by randomly-named .exe files that consist of other malware Virus.Win32.Sality.bh launches without permission. Although the functions such malware can have are nearly limitless, it's very likely that at least some of them are remote administration tools abused to enable remote attacker-based assaults.
• Various .exe and .scr files will be infected throughout your PC as Virus.Win32.Sality.bh uses its virus functionality to add Virus.Win32.Sality.bh's code to preexisting files.
• Along with the above, Virus.Win32.Sality.bh will create copies of itself in all network-shared locations and in all drives along with Autorun files. These files can't be seen under the default settings due to having the Hidden attribute. Any other computer that accesses an infected removable drive or an infected file will in turn catch Virus.Win32.Sality.bh.
• Virus.Win32.Sality.bh will corrupt the Registry in various ways, including adding entries to let the infection run in the background. Even more alarmingly, Virus.Win32.Sality.bh will attempt to disable Safe Mode by deleting the relevant SafeBoot Registry keys and will disable notifications from the system firewall, Windows Security Center and various anti-virus programs.
• Even if your preferred anti-malware program isn't one targeted in the Registry, Virus.Win32.Sality.bh may block it regardless on launch. Virus.Win32.Sality.bh's block list includes a wide range of dozens of anti-malware security applications.
• Virus.Win32.Sality.bh also turns your firewall completely off. A lowered firewall allows any remote attacker in that attempts to access the PC.

Virus.Win32.Sality.bh is an Amazing but not Invincible PC Threat

The Trojan-virus combo Virus.Win32.Sality.bh is virtually impossible to remove manually since Virus.Win32.Sality.bh can infect a wide variety of files and disable many mundane anti-malware solutions. However, there are dedicated tools that can delete Virus.Win32.Sality.bh properly if you're willing to make use of them.

Given the prolific nature of Virus.Win32.Sality.bh, you should run multiple scans over several reboots to make sure the infection is completely removed. Equally important is restoring all your security, such as your firewall, once the interfering Virus.Win32.Sality.bh is out of the game. Don't assume that you're safe until you've verified the fact several times over, and be patient - it's worth the effort it takes to remove Virus.Win32.Sality.bh, since your PC will remain crippled and completely exposed to attack until that then.