Microsoft security software detects and removes this threat.

This virus is a member of the Win32/Sality family. This family can delete Windows files with the extensions .SCR or .EXE.

This family can also end or close your antimalware software and other security-related processes.

Find out ways that malware can get on your PC.  

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Advanced troubleshooting

To restore your PC, you might need to download and run Windows Defender Offline. See our advanced troubleshooting page for more help.

Get more help

You can also ask for help from other PC users at the Microsoft virus and malware community.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

This threat is a member of the Win32/Sality family, a family of polymorphic file infectors that target Windows files with the extensions .SCR or .EXE. They can delete files with certain extensions and end or close antivirus and other security-related processes and services.


The following could indicate that you have this threat on your PC:

  • Infected files may unexpectedly increase in size
  • Antimalware and firewall applications may not work properly


Alert level: Severe
First detected by definition:
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Jul 08, 2008
This entry was updated on: Aug 12, 2014

This threat is also detected as:
  • Win32/Kashu.B (AhnLab)
  • Win32.Sality.NX (BitDefender)
  • Win32/Sality.W (CA)
  • Win32.Sector.5 (Dr.Web)
  • Win32/Sality.NAO (ESET)
  • W32/Sality.AJ (Frisk (F-Prot))
  • Virus.Win32.Sality.y (Kaspersky)
  • W32/Sality.AE (McAfee)
  • W32/Sality.AO (McAfee)
  • W32/Smalltroj.DXSV (Norman)
  • W32/Sality-AM (Sophos)
  • W32.Sality.AE (Symantec)
  • Win32.Sality.AK (VirusBuster)