Follow:

 

Worm:Win32/Sality.AT


Worm:Win32/Sality.AT is a detection for files that are utilized by Virus:Win32/Sality.AT when spreading. Virus:Win32/Sality.AT is a virus that spreads by infecting Windows executable files and by copying itself to removable and remote drives. It also terminates various security products, prevents certain Windows utilities from executing and attempts to download additional files from a predefined remote Web server.


What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
 
Additional remediation instructions
For additional instructions on how to return an affected computer to its pre-infected state, please refer to the recovery details for Virus:Win32/Sality.AT.

Threat behavior

Worm:Win32/Sality.AT is a detection for files that are utilized by Virus:Win32/Sality.AT when spreading. Virus:Win32/Sality.AT is a virus that spreads by infecting Windows executable files and by copying itself to removable and remote drives. It also terminates various security products, prevents certain Windows utilities from executing and attempts to download additional files from a predefined remote Web server.
 
For detailed information, please see the Virus:Win32/Sality.AT description elsewhere in our encyclopedia.
 
Analysis by Francis Allan Tan Seng

Symptoms

Please refer to Virus:Win32/Sality.AT for information on symptoms that may indicate the presence of this malware.

Prevention


Alert level: Severe
First detected by definition: 1.79.1631.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Apr 12, 2010
This entry was first published on: Dec 02, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win-Trojan/Vilsel.75776 (AhnLab)
  • Trojan.Win32.Vilsel.aboh (Kaspersky)
  • Win32/Maazben!generic (CA)
  • Win32/Sality.NAQ (ESET)
  • W32/Sality-AU (Sophos)
  • TROJ_STOPSEC.MCL (Trend Micro)