Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:W32/Sality.K
Date discovered:14/09/2006
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:6.36.00.08

 General Method of propagation:
    Infects files


Aliases:
   •  Symantec: W32.HLLP.Sality
   •  Mcafee: W32/Sality.m
   •  Kaspersky: Virus.Win32.Sality.k
   •  Eset: Win32/Sality.NAC
   •  Bitdefender: Win32.Sality.K


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
Infects files

 Files The following files are created:

%SYSDIR%\olemdb32.dll Further investigation pointed out that this file is malware, too. Detected as: W32/Sality.K

%SYSDIR%\olemdb32.dl_ Further investigation pointed out that this file is malware, too. Detected as: W32/Sality.M.2

 File infection Infector type:

Embedded - The virus inserts its code throughout the file (in one or more places).


Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


Method:

This direct-action infector actively searches for files.


The following file is infected:

By file type:
   • *.exe

 Injection – It injects itself into a process.

    Process name:
   • explorer.exe


 Miscellaneous Mutex:
It creates the following Mutexes:
   • KUKU301a
   • KUKU300a

Description inserted by Razvan Olteanu on Thursday, March 18, 2010
Description updated by Razvan Olteanu on Monday, March 22, 2010

Back . . . .