Cloud Antivirus > Surveillance de l’activité
> Sality.AN
Détails du virusSality.AN
Tous les détails, la description et les effets de Sality.AN
|
|
| Noms courants : |
Sality.AN |
| Noms techniques : |
|
| Alias : |
|
| |
|
| Type : |
VIRUS |
| Taille : |
91648 Bytes |
| |
|
DETECTIONS
|
| Nombre de détections : |
|
| Date de première détection : |
December 11, 2008 at 00:00 AM |
| Premier pays où il est apparu : |
|
| Dernier pays où il est apparu : |
|
| |
|
|
Panda Cloud Antivirus Pro Edition
- Analyse comportementale des processus en cours d'exécution.
- Vaccination USB automatique contre les logiciels malveillants à exécution automatique.
- Mises à niveau automatiques pour bénéficier immédiatement des nouvelles fonctionnalités (firewall, etc.).
- Assistance technique VIP multilingue 24h/24 7j/7.
|
|
Brief Description Sality.AN is a Trojan which infects the files with an EXE, PIF and SCR extension it finds in the affected computer. Additionally, it downloads several variants of the Sinowal family, which are Trojans designed to steal banking data. On the other hand, it reduces considerably the security level of the computer, as it deletes Windows Registry entries belonging to several antivirus programs. This would leave the computer vulnerable against the attack of other threats. Sality.AN uses the following means to spread: - It infects files with an EXE, PIF and SCR extension, which are then distributed through any of the usual means: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
- It makes copies of itself in all the system and removable drives.
|
Effects Sality.AN carries out the following actions: - It infects files with an EXE. PIF and SCR extensions.
- It downloads several variants of the Trojan family called Sinowal, which are designed to steal banking data. Additionally, it can receive instructions remotely, such as sending spam messages.
- It disables the following items:
- Windows Registry Editor.
- Task manager, which would prevent the user form viewing the processes that are being run. - It prevents the computer from being started in Safe Mode.
- It uses the rootkit detected as Rootkit/Sality.AM, in order to make its detection more difficult, as it hides its processes, files and Windows Registry entries.
- It reduces considerably the security level of the computer considerably, as it deletes many Windows Registry entries belonging to several antivirus programs. This would prevent them from working properly, leaving the computer vulnerable against other threats.
- On the other hand, it adds itself to the list of authorized applications by the firewall, in order to avoid being blocked.
 Plus d’informations sur virus Sality.AN dans l’Encyclopédie
|
Précédent