This application requires Javascript for optimal performance.

W32/Sality.AA - Released Jul 16, 2008 - Last Updated Sep 23, 2009

Alias/es

Virus.Win32.Sality.ab (KAV), W32/Sality.ad (McAfee), W32/Sality.AN (Panda)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • The following files exist in the System folder:

    • st114421.dll
    • st114421.dl_



Detailed Analysis


  • This is a polymorphic virus that infects files that have the EXE and SCR extension names.

  • Drops the following files in the System folder:

    • st114421.dll
    • st114421.dl_

    These files are both detected as W32/KillAV.NH!tr.

  • Drops the file [Random].sys  in the %System%\drivers folder. This file is detected as W32/KillAV.NE!tr.

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 511936