1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Virus:W32/Sality

Virus:W32/Sality

Detection Names : Virus.Win32.Sality
Spyware.Pws.A
Category:Malware
Type:Virus
Platform:W32

Summary

A malicious program that secretly integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.

Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Additional Details

The detection name Virus:W32/Sality refers to a large family of viruses that infect executable files. Sality viruses are rather sophisticated in that they use an Entry Point Obscuration technique to hide their presence on the system.

Once installed on the computer system, Sality viruses usually also execute a malicious payload. The specific actions performed depend on the specific variant in question, but generally Sality viruses will attempt to terminate processes, particularly those related to security programs. The virus may also attempt to open connections to remote sites and steal data from the infected machine.

For representative examples of Sality viruses, see the following descriptions: