Follow:

 

Virus:Win32/Sality.AM


Microsoft security software detects and removes this threat.

This virus is a member of the Win32/Sality family. This family can delete Windows files with the extensions .SCR or .EXE.

This family can also end or close your antimalware software and other security-related processes.

There is more information about this family in the Win32/Sality description.



What to do now

The following free Microsoft software detects and removes this threat:

However, in some cases you may need to use the free tool Windows Defender Offline to fully clean your PC:

The following articles may help if you're having trouble getting the tool to work:

After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

Virus:Win32/Sality.AM is a member of the Win32/Sality family, a family of polymorphic file infectors that target Windows files with the extensions .SCR or .EXE. They can delete files with certain extensions and end or close antivirus and other security-related processes and services.

There is more information about this family in the Win32/Sality description.


Symptoms

System changes

The following changes to your computer may indicate the presence of Virus:Win32/Sality.AM:

  • Infected files may unexpectedly increase in size
  • Antimalware and firewall applications may not work properly

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Jul 08, 2008
This entry was updated on: Dec 09, 2013

This threat is also detected as:
  • Win32/Kashu.B (AhnLab)
  • Win32.Sality.NX (BitDefender)
  • Win32/Sality.W (CA)
  • Win32.Sector.5 (Dr.Web)
  • Win32/Sality.NAO (ESET)
  • W32/Sality.AJ (Frisk (F-Prot))
  • Virus.Win32.Sality.y (Kaspersky)
  • W32/Sality.AE (McAfee)
  • W32/Sality.AO (McAfee)
  • W32/Smalltroj.DXSV (Norman)
  • W32/Sality-AM (Sophos)
  • W32.Sality.AE (Symantec)
  • Win32.Sality.AK (VirusBuster)