Virus.Win32.Sality

General Explanation

Type: Virus

Degree of destruction: high

Prevalence: high

What is a Virus?

Computer viruses such as Sality are a type of malware that is not capable of reproduction. Viruses can infect all execution files in the system and access files are infected and usually infecting .com, .exe, and .dll extensions. Viruses search for not infected (host) files, and when executed, for their reproduction, they need the host to place their codes among the host codes. Then with each execution of the program, the malicious code will be executed simultaneously.

What is Sality malware?

Sality malware is the virus type. This virus is polymorphic and changing the Entry Point file, will lead the execution procedure to its code which is placed at the end of the file. Sality virus will only infect the executions files and distributed them through them. This virus proceeds to download a file from the list of specified URLs and it will interfere with the security procedure of the software. Also, it is distributed, by infecting files with exe extension and Autorun. inf file which is in portable drives (Flash Drives, External Hard, etc.).

Technical Explanation

Signs of infection

  1. Disabling Task Manager
  2. Prevent booting the system in Safe Mode
  3. Infecting the portable drives with eobau file (with the extension of shortcut to ms-dos program) and secretly building autorun.inf file.
  4. Changing the nature of system execution files.

Performed malicious actions by Sality virus:

  1.  Downloading a file from a list of specified URLs inside the file
  2. Allowing remote access and forming a P2P Network
  3. Disabling anti-virus software and system firewall
  4. Disabling security services
  5. Creating a driver with a random name to end the system security services at the kernel level
  6. Infecting all existing execution files on Hard Disk, portable drives, and network.
  7. Injecting installed processes into the system
  8. Reducing the system security with changes in the registry

How to deal with it and disinfect the system

Padvish Antivirus will detect and disinfect this malware and prevent infecting your system with this malware. Padvish by having a UMP feature which is a part of behavioral protection will prevent your system from infecting by portable drives. Therefore by preventing infection to all types of malware on a portable drive such as Sality malware, it is recommended to install Padvish and disinfect them.

If your system is infected by Sality malware do as follows:

  1. Install Padvish on your system
  2. Connect the infected portable drive to the system
  3. Scan the portable drive by Padvish to disinfect both your system and the portable drive.

Note: Choose disinfection in the next boot to completely disinfect the system, if the disinfection is not successful.

Also, you can download the Sality remover from the Padvish website as a temporary solution and disinfect your system.

 

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>