TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
PE_SALITY.AS
Overview
Solution

Malware type: File infector

Aliases: W32.Sality.U(Symantec), W32/Sality-AA(Sophos), Email-Worm.Win32.NetSky.q(Kaspersky), Worm/Netsky.AP(Avira), W32/Sality.AD(F-Prot), W32/Sality.x(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Infection Channel 1 : Infects files

Description: 

When executed, this file infector infects all .EXE files in the Windows folder and subfolders. It also infects all .EXE files in the affected system's root folder (usually C:\), in random subfolders, and in all removable and network drives. This routine may cause system applications to malfunction.

It drops in the Windows system folder, a file detected by Trend Micro as PE_SALITY.AS-O. The dropped file is injected into all processes found running on the affected system, after which control is returned to the host file.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 11, 2006 7:59:15 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.