Virus/ Worm Characteristics
After execution, W32/Sality starts a service to listen on a random UDP port and creates a copy of itself in the following path:- %Windir%System32Drivers{ RANDOM }.sys
- W32/Sality infect *.exe and *scr files on the local, network, and removable drives, with the exception of files containing the following string(s) in the filename:
- WINDOWS
- SYSTEM
- SYSTEM32
- 1. yimg.com
- Us.i1.yimg.com
- http:.//ad.yieldmanager.com
- mattfoll.eu.interia.pl
- bjerm.mass.hc.ru
- W32/Sality also drop an Autorun.inf file to auto-execute itself
- W32/Sality attempts to hook to one of the random processes and connects to certain sites to download malware
- W32/Sality uses Notepad.exe and Winmine.exe to inject itself into other Windows executables
- Process Explorer may, for example, show Notepad.exe as a running process when you have not opened it. If you kill this process, W32/Sality will hook on to another process.
When a W32/Sality infection occurs, it disables Regedit and the Windows Task Manager, and also creates the following registry entries:
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciessystemDisableTaskMgr: 0x00000001
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciessystemDisableRegistryTools
- HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBoot*
- HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBoot*
Other names
- Avast : Win32:Kukacka
- AVG (GriSoft): Win32/Tanatos.J
- Avira : W32/Sality Windows
- Kaspersky: Virus.Win32.Sality.GeN
- BitDefender: Win32.Sality.2.OE
- Clamav: W32.Sality-27
- F-Prot: W32/Sality.AJ
- Microsoft: virus:win32/sality.am
- Symantec : W32.Sality.AE
- Eset: Win32/Sality.NAO virus
- Sophos: W32/Sality-AM
- Trend Micro: PE_SALITY.EK
you read the article in category Download /
Removal /
Sality /
Win32
With the title Download Win32 Sality Removal Download. You can bookmark this page with URL http://manualreset.blogspot.com/2014/11/download-win32-sality-removal-download.html.
Writen By:
Unknown - Saturday, November 8, 2014
There no comment for "Download Win32 Sality Removal Download"
Post a Comment