PE_SALITY.AC
Posted: May 15, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 92 |
| First Seen: | May 15, 2012 |
|---|---|
| OS(es) Affected: | Windows |
PE_SALITY.AC is a virus that spreads to executable (AKA .exe) files on your computer and is classified as a high-level threat due to installing backdoor Trojan components that also include keylogging functions. Recent PE_SALITY.AC attacks have been found embedded in yet another backdoor Trojan, BKDR_RILER.SV, which is distributed in e-mail spam campaigns targeted at pro-Tibet activists. SpywareRemove.com malware experts recommend that you learn to identify these hoaxes on sight, since they use readily-identifiable scams regarding an 'Input Method' for using Apple-brand products. These attacks also require certain versions of Microsoft Office or Open XML File Format Converter for exploitation before PE_SALITY.AC and BKDR_RILER.SV can be installed, and computers without any of these programs (or with versions that aren't vulnerable) can be considered immune to this specific attack. Because PE_SALITY.AC and related PC threats use a relatively high level of sophistication, including code injection attacks, you should never try to find PE_SALITY.AC or delete PE_SALITY.AC without some help from trustworthy anti-malware software.
How PE_SALITY.AC Contaminates the Rest of Your Computer – and to What End
PE_SALITY.AC, like all viruses, infects other files instead of existing as a separate file on your hard drive. Although PE_SALITY.AC is limited to spreading to .exe file types, there aren't many other restrictions on PE_SALITY.AC's ability to proliferate, and PE_SALITY.AC may even infect basic system components, network-shared files or files on external devices. Also identified by aliases like Virus.Win32.Sality.k, W32/Sality.J, W32.HLLP.Sality!inf and W32/Sality.m, PE_SALITY.AC specializes in installing a second Sality-based PC threat, BKDR_SALITY.A, which attempts to compromise your computer's security and launch attacks according to instructions that it requires from a Command & Control server. SpywareRemove.com malware experts particularly warn against BKDR_SALITY.A's potential for recording keyboard input to steal passwords, credit card numbers and other types of sensitive data.
While PE_SALITY.AC can propagate through various methods, as noted above, the most recent incidents of PE_SALITY.AC attacks have ridden on the crest of a wave of spam e-mail messages. These e-mail scams attempt to offer fake instructions on how to use Apple-brand products for pro-Tibetan activists, but this offer is just an attempt to install PE_SALITY.AC and BKDR_RILER.SV. This is achieved through an exploit that's specific to some versions of Microsoft Office and Open XML File Format Converter, and SpywareRemove.com malware researchers strongly encourage you to keep these products updated to their latest versions to close all vulnerabilities that could be used to infect your PC with PE_SALITY.AC.
Shutting Down PE_SALITY.AC's Gravity Train and Saving Your Executable Files
Because the latest PE_SALITY.AC attacks are especially noted to use multiple types of PC threats and because even PE_SALITY.AC, by itself, is capable of using advanced methods to infect other files and conceal its attacks, SpywareRemove.com malware analysts discourage any attempt to delete PE_SALITY.AC without some help from either anti-malware software or a PC security expert. If you've had any significant contact with file attachments that resemble the descriptions noted earlier, you should take appropriate measures and scan your PC, particularly since prolonged exposure to PE_SALITY.AC's attacks can leave your computer in a high state of vulnerability.
Default behavior for PE_SALITY.AC and related PC threats includes piggyback-riding on other system processes to enable their attacks, and you shouldn't expect to be able to detect PE_SALITY.AC or related Trojans as separate files. However, you may be able to notice discrepancies in RAM usage and other system resource expenditures as a telltale sign of infection by PE_SALITY.AC or similar PC threats that launch themselves automatically and conduct backdoor-related attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:game.rar
File name: game.rarSize: 863.47 KB (863473 bytes)
MD5: cd12957aba93bf1869acef8d9ee57ab5
Detection count: 31
Mime Type: unknown/rar
Group: Malware file
Last Updated: June 21, 2012
file.exe
File name: file.exeSize: 1.92 MB (1923072 bytes)
MD5: 8b1c4b0867917df9020230bcb44c1d44
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 21, 2012
file.exe
File name: file.exeSize: 53.24 KB (53248 bytes)
MD5: eb3fe0e48bcabc8010c251055b409a0a
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 21, 2012
file.exe
File name: file.exeSize: 76.28 KB (76288 bytes)
MD5: 38d7bd2366d00f2bbe840e5437c51c80
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 21, 2012
file.exe
File name: file.exeSize: 465.64 KB (465643 bytes)
MD5: 4e566e653c79899213d8ca923f90ce55
Detection count: 27
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 21, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.