IRC/BackDoor.SdBot3.ZBO, W32/Sdbot-DJV, W32/SDBot.BIFZ
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
11 Jan 2008
W32.Sality.AB is a virus that propagates by infecting executable files. It also attempts to download other malicious files from remote locations. The virus infects .exe and .scr files. And once the system is infected, it may lower the computer's security settings. Systems affected by this worm are Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, and Windows XP.
W32.Sality.AB Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Sality.AB from your computer.
More details about W32.Sality.AB
When the virus is executed, it drops %System%\[RANDOM].dll, %Temp%\[RANDOM].tmp, %System%\[RANDOM].dl_ and %System%\drivers\[RANDOM].sys files. The virus also creates the mutex so that only one instance of the virus is running. It modifies and deletes registry entries. It registers the file %System%\drivers\[RANDOM].sys as a new service and stops antivirus services. The virus is likely to infect all executable .scr files on the C drive, registry and on any writable network resource, except the files on any folder with “system” and “ahead” strings. The infected file size would then be increased to 57,344 bytes. The virus connects to the particular URLs to get instructions. These instructions contain additional URLs to possibly download other malicious files.
The W32.Sality.AB program comes with a rootkit tool. A rootkit program may conceal the existence of the application in the user’s computer. The rootkit feature replaces the file names of the program’s components to appear as legitimate Windows files. The rootkit function of the application may also disable security tools installed on the computer. It may terminate personal firewalls and anti-virus programs running on the background.