Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Win32:Sality-AN virus

  • Please log in to reply
2 replies to this topic

#1 barrythegreek


  • Members
  • 26 posts
  • Local time:03:07 PM

Posted 19 April 2009 - 06:50 AM

My Avast! anti-virus found the above today during a full scan . I usually run quick scans so not sure if it's been around a while . Deleted it but after Googling I'm wondering if I need to do more ? There appear to be removal tools available , do I need to run these as well ? Running Vista if that matters . TIA

Edited by Pandy, 19 April 2009 - 09:16 AM.
Moved from AntiVirus, Firewall and Privacy Products and Protection Methods ~Pandy

BC AdBot (Login to Remove)


#2 extremeboy


  • Malware Response Team
  • 12,975 posts
  • Gender:Male
  • Local time:11:07 AM

Posted 19 April 2009 - 10:28 AM


Sality and other file infectors are not something a "specifc" tool or ANY tool can fix. It leads to a very unstable machine which ends up needed to be formatted and sometimes it can lead to problems that may allow you not to boot up any longer.

Posted ImageSality File Infector Warning

Your system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.

As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Sality can penetrate and infect .exe files inside compressed files too.

More information on Sality can be found over here and here

With Regards,
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 gamegarro


  • Banned
  • 4 posts
  • Local time:10:07 AM

Posted 20 April 2009 - 09:56 PM


Here is a step by step set of instructions designed to help you clean up the virus:

Clean Win32:Sality-AN virus - Win32:Sality-AN virus removal:


With Regards,


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users