W32.HLLP.Sality.O
W32.HLLP.Sality.O is a detection that detects files that are corrupt by a variation of the W32.Sality family virus. W32.HLLP.Sality.O is a very harmful item that is created to enable remote access to your computer to largely take over precious system resource, trace your Internet habits to record/steal your confidential data. W32.HLLP.Sality.O also downloads additional components before the criminals gain the remote access to the targeted PC. W32.HLLP.Sality.O is able to modify various system services, such as Computer Browser, Windows Audio, Network Connections, Cyptographic Services, etc.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\WRblt8464P 2 %UserProfile%\Application Data mp.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'WarnOnPostRedirect' = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY_LOCAL_MACHINE\SOFTWARE\Malware DefenseHKEY_LOCAL_MACHINE\SOFTWARE\Paladin AntivirusHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtSettings 'WarnonBadCertRecving' = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.