Threat Description



Aliases: Virus:W32/Sality, Virus.Win32.Sality, Win32.sality, Spyware.Pws.A
Category: Malware
Type: Virus
Platform: W32


A malicious program that secretly integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

The detection name Virus:W32/Sality refers to a large family of viruses that infect executable files. Sality viruses are rather sophisticated in that they use an Entry Point Obscuration technique to hide their presence on the system.

Once installed on the computer system, Sality viruses usually also execute a malicious payload. The specific actions performed depend on the specific variant in question, but generally Sality viruses will attempt to terminate processes, particularly those related to security programs. The virus may also attempt to open connections to remote sites and steal data from the infected machine.

For representative examples of Sality viruses, see the following descriptions:

Description Created: 2010-05-04 08:33:51.0

Description Last Modified: 2010-08-16 08:11:38.0


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More