December 28, 2010

Sality Virus

Sality is a family of file infecting viruses that spread by infecting executable files, it runs an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web. So it is a combination of many infections bundled to damage the computer software.  

It will infect executable files on local, removable and remote shared drives. The virus also creates a peer-to-peer (P2P) botnet and receives URLs of additional files to download. It then attempts to disable security software on the computer. It also has key logging functionality . Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives or removable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed. Updates to the malware that is dropped by it are fed via decentralized lists of HTTP URLs.


Removing Sality Virus: 

  • Take a registry back up and create a restore point to be on safe side.
  • Unregister the file using the command in command prompt Unregsvr32 vcmgcd32.dll
  • Remove the file vcmgcd32.dll by searching it using the search option.
  • Remove the "Virus.Sality.U" components:
  • BwUnin-6.1.4.36-8876480L.exe, syslib32.dll, sysdll.dll, oledsp32.dll and all the files those are associated with that file.

This will remove the virus Virus.Sality.U from the virus.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More