Virus.Win32.Sality.ag

Virus.Win32.Sality.ag is a virus with a wide variety of functions, most of which are related to disabling your PC security. As a virus, Virus.Win32.Sality.ag can infect an indefinite amount of .exe files with its own code, and Virus.Win32.Sality.ag is also known for being distributed by worms. The extreme security threat of a Virus.Win32.Sality.ag infection, combined with the strong possibility of proliferation and the presence of other harmful programs, makes Virus.Win32.Sality.ag a top-level priority for detection and removal. Use the best anti-virus software at your disposal to delete Virus.Win32.Sality.ag and do so as fast as you can to avoid serious damage to your computer.

The Difficulty in Watching Out for a Virus.Win32.Sality.ag Infection

Virus.Win32.Sality.ag typically is installed by the worm and Trojan known by the name of Worm:Win32/Sality.AU (also detected by alternate names like PE_SALITY.LNK-O, Trojan-Dropper.Win32.Sality.b, Win32/Sality.NBA and Mal/Sality-D). You may also find Virus.Win32.Sality.ag on your PC by other aliases: W32/Sality.BD, Virus:Win32/Sality.AU, W32/Sality.AA and W32.Sality.AE are just few examples.

The aforementioned worm installs Virus.Win32.Sality.ag by spreading .lnk files into network-shared locations, which then infect any computer that accesses those resources. It's important to realize that since Virus.Win32.Sality.ag and related worm components exploit Autorun.inf vulnerabilities, it's not required for you to launch a Virus.Win32.Sality.ag file to get infected –Virus.Win32.Sality.ag is quite happy to infect any PC that so much as glances in the direction of a network-shared folder.

Unlike a worm, Virus.Win32.Sality.ag isn't able to create copies of itself, but it may infect other files on your computer, with a preference for .exe and .scr files. Virus.Win32.Sality.ag also injects itself into already-running memory processes and may not show itself as a separate file or memory process, despite being active. Unusually,Virus.Win32.Sality.ag will try to avoid infecting files that are related to security or anti-virus programs based on their names, presumably to avoid alerting you to its presence.

The Significant Toll of Virus.Win32.Sality.ag's Damage

The payload that Virus.Win32.Sality.ag uses is multi-part and a direct attack on your computer's security in several ways:

• Virus.Win32.Sality.ag creates a fake system driver.
• Safe Mode can be disabled by Virus.Win32.Sality.ag, typically by Virus.Win32.Sality.ag's deletion of all relevant Registry values. Restoring these values will allow Safe Mode to work once more although Virus.Win32.Sality.ag may try to prevent this.
• Virus.Win32.Sality.ag can connect to remote servers for the purpose of sending private information or receiving malicious instructions and files.
• By detecting services via their process names, Virus.Win32.Sality.ag will also try to stop an incredibly wide range of security programs, including many popular brands of anti-virus products.
• Your Registry Editor may be disabled by Virus.Win32.Sality.ag.
• Virus.Win32.Sality.ag can use advanced methods (related to system calls to the system service descriptor table or SSDT) to prevent anti-virus and security software from launching.
• Virus.Win32.Sality.ag will attempt to delete anti-virus files that use .avc or .vdb extensions (common extensions that security programs use for to define and detect malicious programs).
• Virus.Win32.Sality.ag ignores the Windows Firewall.
• Virus.Win32.Sality.ag may stop you from being able to view files with the System or Hidden attributes, which effectively lets Virus.Win32.Sality.ag create and hide files at will.
• Virus.Win32.Sality.ag can modify other system settings to create an even lower state of security on your PC.
• Last of all, after making many admirable attacks in the form of a backdoor Trojan, Virus.Win32.Sality.ag will use dropper Trojan techniques to download and install other harmful applications onto your PC.