Sality is a virus with keylogging and backdoor capabilities. It may infect executable files by prepending its code to host files.Can post fake blue screen error when attempting too boot into safe mode. When running task manager, the virus sometimes causes a RUNDLL error that pops up constantly until task manger is ended
| Attributes | Values |
|---|
| rdf:type
| |
| rdfs:label
| |
| rdfs:comment
| - Sality is a virus with keylogging and backdoor capabilities. It may infect executable files by prepending its code to host files.Can post fake blue screen error when attempting too boot into safe mode. When running task manager, the virus sometimes causes a RUNDLL error that pops up constantly until task manger is ended
- <default>Sality</default> Type Subtype Creator(s) Date Place of Origin Source Language Platform File Type Aliases Family File Size Infection Size Infection Impact Reported Costs MD5 Hash SHA1 Hash CRC32 Hash Sality is a virus with keylogging and backdoor capabilities. It may infect executable files by prepending its code to host files.
|
| sameAs
| |
| dcterms:subject
| |
| dbkwik:malware/pro...iPageUsesTemplate
| |
| dbkwik:computersec...iPageUsesTemplate
| |
| Platform
| |
| Name
| |
| Type
| |
| Aliases
| - * Win32.Sality.a
* W32/Sality.a
* W32.HLLP.Sality
* Win32.HLLP.Sector.29032
* W32/Sality-A
* PE_ROSEC.A
* W32/Sality.A
* Win32:V-29032
* Win32/Sality.A
* Win32.Sality.A
* W32/Sality.A
* Win32/Sality.A
|
| AKA
| - * Win32.Sality.a
* W32/Sality.a
* W32.HLLP.Sality
* Win32.HLLP.Sector.29032
* W32/Sality-A
* PE_ROSEC.A
* W32/Sality.A
* Win32:V-29032
* Win32/Sality.A
* Win32.Sality.A
* W32/Sality.A
* Win32/Sality.A
|
| affectedplatforms
| |
| abstract
| - <default>Sality</default> Type Subtype Creator(s) Date Place of Origin Source Language Platform File Type Aliases Family File Size Infection Size Infection Impact Reported Costs MD5 Hash SHA1 Hash CRC32 Hash Sality is a virus with keylogging and backdoor capabilities. It may infect executable files by prepending its code to host files. It is a mix of the common known polymorphic viruses, Conficker aka Downadup and the old Nimda. It appends itself to every scf or exe file run on the machine. It spreads over USB devices, E-Mail or through the Windows Domains and Workgrups.It dislable and delete AV(Antiviruses) and delete files whit these strings:
* _AVPM.
* A2GUARD.
* AAVSHIELD.
* AVAST
* ADVCHK.
* AHNSD.
* AIRDEFENSE
* ALERTSVC
* ALOGSERV
* ALSVC.
* AMON.
* ANTI-TROJAN.
* AVZ.
* ANTIVIR
* APVXDWIN.
* ARMOR2NET.
* ASHAVAST.
* ASHDISP.
* ASHENHCD.
* ASHMAISV.
* ASHPOPWZ.
* ASHSERV.
* ASHSIMPL.
* ASHSKPCK.
* ASHWEBSV.
* ASWUPDSV.
* ATCON.
* ATUPDATER.
* ATWATCH.
* AVCIMAN.
* AVCONSOL.
* AVENGINE.
* AVESVC.
* AVGAMSVR.
* AVGCC.
* AVGCC32.
* AVGCTRL.
* AVGEMC.
* AVGFWSRV.
* AVGNT.
* AVGNTDD
* AVGNTMGR
* AVGSERV.
* AVGUARD.
* AVGUPSVC.
* AVINITNT.
* AVKSERV.
* AVKSERVICE.
* AVKWCTL.
* AVP.
* AVP32.
* AVPCC.
* AVPM.
* AVAST
* AVSERVER.
* AVSCHED32.
* AVSYNMGR.
* AVWUPD32.
* AVWUPSRV.
* AVXMONITOR9X.
* AVXMONITORNT.
* AVXQUAR.
* BDMCON.
* BDNEWS.
* BDSUBMIT.
* BDSWITCH.
* BLACKD.
* BLACKICE.
* CAFIX.
* CCAPP.
* CCEVTMGR.
* CCPROXY.
* CCSETMGR.
* CFIAUDIT.
* CLAMTRAY.
* CLAMWIN.
* CLAW95.
* CUREIT
* DEFWATCH.
* DRVIRUS.
* DRWADINS.
* DRWEB32W.
* DRWEBSCD.
* DRWEBUPW.
* DWEBLLIO
* DWEBIO
* ESCANH95.
* ESCANHNT.
* EWIDOCTRL.
* EZANTIVIRUSREGISTRATIONCHECK.
* F-AGNT95.
* FAMEH32.
* FILEMON
* FIRESVC.
* FIRETRAY.
* FIREWALL.
* FPAVUPDM.
* FRESHCLAM.
* EKRN.
* FSAV32.
* FSAVGUI.
* FSBWSYS.
* F-SCHED.
* FSDFWD.
* FSGK32.
* FSGK32ST.
* FSGUIEXE.
* FSMA32.
* FSMB32.
* FSPEX.
* FSSM32.
* F-STOPW.
* GCASDTSERV.
* GCASSERV.
* GIANTANTISPYWAREMAIN.
* GIANTANTISPYWAREUPDATER.
* GUARDGUI.
* GUARDNT.
* HREGMON.
* HRRES.
* HSOCKPE.
* HUPDATE.
* IAMAPP.
* IAMSERV.
* ICLOAD95.
* ICLOADNT.
* ICMON.
* ICSSUPPNT.
* ICSUPP95.
* ICSUPPNT.
* IFACE.
* INETUPD.
* INOCIT.
* INORPC.
* INORT.
* INOTASK.
* INOUPTNG.
* IOMON98.
* ISAFE.
* ISATRAY.
* ISRV95.
* ISSVC.
* KAV.
* KAVMM.
* KAVPF.
* KAVPFW.
* KAVSTART.
* KAVSVC.
* KAVSVCUI.
* KMAILMON.
* KPFWSVC.
* MCAGENT.
* MCMNHDLR.
* MCREGWIZ.
* MCUPDATE.
* MCVSSHLD.
* MINILOG.
* MYAGTSVC.
* MYAGTTRY.
* NAVAPSVC.
* NAVAPW32.
* NAVLU32.
* NAVW32.
* NEOWATCHLOG.
* NEOWATCHTRAY.
* NISSERV
* NISUM.
* NMAIN.
* NOD32
* NORMIST.
* NOTSTART.
* NPAVTRAY.
* NPFMNTOR.
* NPFMSG.
* NPROTECT.
* NSCHED32.
* NSMDTR.
* NSSSERV.
* NSSTRAY.
* NTRTSCAN.
* NTOS.
* NTXCONFIG.
* NUPGRADE.
* NVCOD.
* NVCTE.
* NVCUT.
* NWSERVICE.
* OFCPFWSVC.
* OUTPOST
* OP_MON.
* PAVFIRES.
* PAVFNSVR.
* PAVKRE.
* PAVPROT.
* PAVPROXY.
* PAVPRSRV.
* PAVSRV51.
* PAVSS.
* PCCGUIDE.
* PCCIOMON.
* PCCNTMON.
* PCCPFW.
* PCCTLCOM.
* PCTAV.
* PERSFW.
* PERTSK.
* PERVAC.
* PNMSRV.
* POP3TRAP.
* POPROXY.
* PREVSRV.
* PSIMSVC.
* QHONLINE.
* QHONSVC.
* QHWSCSVC.
* RAVMON.
* RAVTIMER.
* AVGNT
* AVCENTER.
* RFWMAIN.
* RTVSCAN.
* RTVSCN95.
* RULAUNCH.
* SALITY
* SAVADMINSERVICE.
* SAVMAIN.
* SAVPROGRESS.
* SAVSCAN.
* SCANNINGPROCESS.
* SDRA64.
* SDHELP.
* SHSTAT.
* SITECLI.
* SPBBCSVC.
* SPHINX.
* SPIDERCPL.
* SPIDERML.
* SPIDERNT.
* SPIDERUI.
* SPYBOTSD.
* SPYXX.
* SS3EDIT.
* STOPSIGNAV.
* SWAGENT.
* SWDOCTOR.
* SWNETSUP.
* SYMLCSVC.
* SYMPROXYSVC.
* SYMSPORT.
* SYMWSC.
* SYNMGR.
* TAUMON.
* TBMON.
* AVAST
* TMLISTEN.
* TMNTSRV.
* TMPFW.
* TMPROXY.
* TNBUTIL.
* TRJSCAN.
* UP2DATE.
* VBA32ECM.
* VBA32IFS.
* VBA32LDR.
* VBA32PP3.
* VBSNTW.
* VCRMON.
* VPTRAY.
* VRFWSVC.
* VRMONNT.
* VRMONSVC.
* VRRW32.
* VSECOMR.
* VSHWIN32.
* VSMON.
* VSSERV.
* VSSTAT.
* WATCHDOG.
* WEBSCANX.
* WEBTRAP.
* WGFE95.
* WINAW32.
* WINROUTE.
* WINSS.
* WINSSNOTIFY.
* WRCTRL.
* XCOMMSVR.
* ZAUINST
* ZLCLIENT
* ZONEALARM
- Sality is a virus with keylogging and backdoor capabilities. It may infect executable files by prepending its code to host files.Can post fake blue screen error when attempting too boot into safe mode. When running task manager, the virus sometimes causes a RUNDLL error that pops up constantly until task manger is ended
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)