virus logo Virus

W32/SALITY.AL

description-logoAnalysis

  • This is a polymorphic virus that infects files that have the EXE and SCR extension names.
  • Drops the following files in the System folder:
    • wmdrtc32.dll
    • wmdrtc32.dl_

    These files are both detected as W32/Stration.ET@mm.
  • Drops the file [Random].sys  in the undefinedSystemundefined\drivers folder. This file is detected as Rootkit.D!tr.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2023-01-10 90.09530
2022-12-09 90.08585
ID 319415
Released Jan 11, 2007
Description
Updated		 Aug 24, 2007
Aliases Virus.Win32.Sality.s, W32/Sality.ac, W32/Sality-AD, PE_SALITY.AL, W32/Sality.AI, Win32/Sality.NAM, W32/Sality.Y
Platform Profile Win32 file format / PE 32 bit