win32:sality virus
I was playing with a few softwares when my "avast antivirus" warned me of this "win32:sality virus".As usual i neglected it.This was a big mistake i made.Two hours later my antivirus declared VLC as virus, 4 hours later notepad was declared as virus and 24 hours later almost all exes were declared as virus. Many programs terminated abnormally.
I started searching net for information on this virus.When i got the following info about it:-
Characteristics
Type : Virus
Category : Win32
Also known as: W32.HLLP.Sality (Symantec)
Description
Win32/Sality is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components. Win32/Sality has been known to be downloaded by variants of the Win32/Bagle family.
Method of Infection
When an infected file is executed the virus decrypts itself and drops a DLL file into the %System% directory. The DLL file is injected into other running processes. The virus then executes the host program code.
Some examples of the names used by the Sality DLL file as reported to CA from the wild include the following:
%System%\syslib32.dll
%System%\oledsp32.dll
%System%\olemdb32.dll
%System%\wcimgr32.dll
%System%\wmimgr32.dll
Note: '%System%' is a variable location. The malware determines the location of the current System folder by querying the operating system.
Method of Distribution
Via File Infection
Sality searches local drives C:\ to Y:\ for Windows PE executable files to infect. Some variants do....
Posted on 8/16/2009 01:02:00 AM by ket@n and filed under
information,
viruses
| 0 Comments »
I started searching net for information on this virus.When i got the following info about it:-
Characteristics
Type : Virus
Category : Win32
Also known as: W32.HLLP.Sality (Symantec)
Description
Win32/Sality is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components. Win32/Sality has been known to be downloaded by variants of the Win32/Bagle family.
Method of Infection
When an infected file is executed the virus decrypts itself and drops a DLL file into the %System% directory. The DLL file is injected into other running processes. The virus then executes the host program code.
Some examples of the names used by the Sality DLL file as reported to CA from the wild include the following:
%System%\syslib32.dll
%System%\oledsp32.dll
%System%\olemdb32.dll
%System%\wcimgr32.dll
%System%\wmimgr32.dll
Note: '%System%' is a variable location. The malware determines the location of the current System folder by querying the operating system.
Method of Distribution
Via File Infection
Sality searches local drives C:\ to Y:\ for Windows PE executable files to infect. Some variants do....
