is a dangerous polymorphic file infector
which infects .exe, .scr files
, creates a peer-to-peer (P2P) botnet that compromises your computer
, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS
Symantec's Assessment of Win/32Sality
As an entry-point obscuring (EPO) polymorphic file infector, the virus gains control of the host body by overwriting the file with complex and encrypted code instructions. The goal of the complex code is to make analysis more difficult for researchers to see the real purpose and functionality implemented in the code...Infected files will have their original, initial instructions overwritten by complex code instructions with the encrypted viral code body located in the last section of the file.
About Sality VirusSality
As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.
is commonly spread
via a flash drive
(usb, pen, thumb, jump) where it can infect executable files on local, removable and remote shared drives. The infection is often contracted by visiting remote
sites. These type of sites are infested with a smörgåsbord of malware
and a major source of system infection.
Since Win32.Sality is not effectively disinfectable
, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed
. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted
and anti-malware scanners cannot disinfect them properly.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat
and reinstall the OS. Please read:
Backdoors and What They Mean to You
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system
This is what Jesper M. Johansson
, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?
The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).