This application requires Javascript for optimal performance.

W32/Sality.AA - Released Jul 16, 2008 - Last Updated Sep 23, 2009

Alias/es

Virus.Win32.Sality.ab (KAV), W32/Sality.ad (McAfee), W32/Sality.AN (Panda)

Detection Availability

	Active Database	Extended Database
FortiGate		low high
FortiClient
FortiMail		N/A

Visible Symptoms

The following files exist in the System folder:
- st114421.dll
- st114421.dl_

Detailed Analysis

This is a polymorphic virus that infects files that have the EXE and SCR extension names.

Drops the following files in the System folder:
- st114421.dll
- st114421.dl_
These files are both detected as W32/KillAV.NH!tr.

Drops the file [Random].sys in the %System%\drivers folder. This file is detected as W32/KillAV.NE!tr.

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 511936

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2011 Fortinet Inc. All Rights Reserved