McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Virus.Win32.Sality.k (Kaspersky)

• W32.HLLP.Sality (Symantec)

• W32/Kookoo-A (Sophos)

Characteristics

This detection is for a Win32 parasitic virus variant that infects Windows portable executable (PE) files.

This is the DLL component of W32/Sality.m which is injected into the memory space of running processes. More details of this virus variant are available at http://vil.nai.com/vil/content/v_138354.htm .

Symptoms

Presence of the following file detected as W32/Sality.m.dll:

•  %Windir%\System32\olemdb32.dll
  

Method of Infection

This is a parasitic virus that searches and infects Windows Portable Executable (PE) files that typically has the .EXE file extension.

It replaces the original code at the entry point with viral code and stores an encrypted copy of the original code in the appended space of the file. Due to a bug in the virus, it may cause certain PE files to be corrupted.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Virus.Win32.Sality.k (Kaspersky)

• W32.HLLP.Sality (Symantec)

• W32/Kookoo-A (Sophos)

Characteristics

Characteristics -

This detection is for a Win32 parasitic virus variant that infects Windows portable executable (PE) files.

This is the DLL component of W32/Sality.m which is injected into the memory space of running processes. More details of this virus variant are available at http://vil.nai.com/vil/content/v_138354.htm .

Symptoms

Symptoms -

Presence of the following file detected as W32/Sality.m.dll:

•  %Windir%\System32\olemdb32.dll
  

Method of Infection

Method of Infection -

This is a parasitic virus that searches and infects Windows Portable Executable (PE) files that typically has the .EXE file extension.

It replaces the original code at the entry point with viral code and stores an encrypted copy of the original code in the appended space of the file. Due to a bug in the virus, it may cause certain PE files to be corrupted.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A