Download Win32 Sality Removal Download

Virus/ Worm Characteristics

After execution, W32/Sality starts a service to listen on a random UDP port and creates a copy of itself in the following path:
  • %Windir%System32Drivers{ RANDOM }.sys
  • W32/Sality infect *.exe and *scr files on the local, network, and removable drives, with the exception of files containing the following string(s) in the filename:
    • WINDOWS
    • SYSTEM
    • SYSTEM32
W32/Sality can download further malware from the following domains (these are example domains only and are not meant to be a comprehensive list):
  • 1. yimg.com
  • Us.i1.yimg.com
  • http:.//ad.yieldmanager.com
  • mattfoll.eu.interia.pl
  • bjerm.mass.hc.ru
Other area to be infected
  • W32/Sality  also drop an Autorun.inf file to auto-execute itself
  • W32/Sality attempts to hook to one of the random processes and connects to certain sites to download malware
  • W32/Sality uses Notepad.exe and Winmine.exe to inject itself into other Windows executables
  • Process Explorer may, for example, show Notepad.exe as a running process when you have not opened it. If you kill this process, W32/Sality will hook on to another process.
Common Registry changes made by W32/Sality
When a W32/Sality infection occurs, it disables Regedit and the Windows Task Manager, and also creates the following registry entries:
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciessystemDisableTaskMgr: 0x00000001
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciessystemDisableRegistryTools
In an attempt to make recovery difficult, registry keys in the following sub-tree are deleted and must be restored to the original configuration:
  • HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBoot*
  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBoot*
    Other names
Antivirus Company and Equivalent detection
  • Avast : Win32:Kukacka
  • AVG (GriSoft): Win32/Tanatos.J
  • Avira  :  W32/Sality Windows
  • Kaspersky:    Virus.Win32.Sality.GeN
  • BitDefender:    Win32.Sality.2.OE
  • Clamav:    W32.Sality-27
  • F-Prot:    W32/Sality.AJ
  • Microsoft:    virus:win32/sality.am
  • Symantec :   W32.Sality.AE
  • Eset:    Win32/Sality.NAO virus
  • Sophos:    W32/Sality-AM
  • Trend Micro:    PE_SALITY.EK
you read the article in category Download / Removal / Sality / Win32 With the title Download Win32 Sality Removal Download. You can bookmark this page with URL http://manualreset.blogspot.com/2014/11/download-win32-sality-removal-download.html.
Writen By: Unknown - Saturday, November 8, 2014

There no comment for "Download Win32 Sality Removal Download"

Post a Comment