Cloud Antivirus > Activity monitor
> Sality.AN
Details of Virus Sality.AN
All details, description and effects of Sality.AN
|
|
| Common names: |
Sality.AN |
| Technical names: |
|
| Alias: |
|
| |
|
| Type: |
VIRUS |
| Size: |
91648 Bytes |
| |
|
DETECTIONS
|
| Number of sightings: |
|
| Date first seen: |
December 11, 2008 at 00:00 AM |
| Country first seen in: |
|
| Country last seen in: |
|
| |
|
|
Panda Cloud Antivirus Pro Edition
- Behavioral analysis of running processes.
- Automatic USB vaccination to protect from autorun malware.
- Automatic upgrades to new product features (firewall, etc.) as soon as they are released.
- VIP support 24x7 multilingual tech support.
|
|
Brief Description Sality.AN is a Trojan which infects the files with an EXE, PIF and SCR extension it finds in the affected computer. Additionally, it downloads several variants of the Sinowal family, which are Trojans designed to steal banking data. On the other hand, it reduces considerably the security level of the computer, as it deletes Windows Registry entries belonging to several antivirus programs. This would leave the computer vulnerable against the attack of other threats. Sality.AN uses the following means to spread: - It infects files with an EXE, PIF and SCR extension, which are then distributed through any of the usual means: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
- It makes copies of itself in all the system and removable drives.
|
Effects Sality.AN carries out the following actions: - It infects files with an EXE. PIF and SCR extensions.
- It downloads several variants of the Trojan family called Sinowal, which are designed to steal banking data. Additionally, it can receive instructions remotely, such as sending spam messages.
- It disables the following items:
- Windows Registry Editor.
- Task manager, which would prevent the user form viewing the processes that are being run. - It prevents the computer from being started in Safe Mode.
- It uses the rootkit detected as Rootkit/Sality.AM, in order to make its detection more difficult, as it hides its processes, files and Windows Registry entries.
- It reduces considerably the security level of the computer considerably, as it deletes many Windows Registry entries belonging to several antivirus programs. This would prevent them from working properly, leaving the computer vulnerable against other threats.
- On the other hand, it adds itself to the list of authorized applications by the firewall, in order to avoid being blocked.
 More information about virus Sality.AN in the Encyclopedia
|
Back