Spotting and Stopping Sality

The Sality virus, also known as Win32/Sality, reportedly made its debut in 2003 as a low-level virus created in Russia. The virus has since morphed into a more aggressive worldwide threat that disables antivirus software and blocks access to antivirus websites. Sality attacks systems running Windows 95, 98, XP, Me, NT and 2000.

The Sality virus infects systems via executable files and screensavers, or files with the extensions EXE and SCR respectively. The virus spreads when computer users open infected email attachments with an EXE extension or download an infected screensaver from the internet. When people download these files, they open a door that allows Sality to take up residence.

Once the Sality virus has gained access to your computer, it can do several things in addition to disabling your antivirus protection. Sality includes a worm that helps the virus spread to removable drives so it can be transported to other computers without your awareness. The Sality virus also includes a downloading component that invites malicious software into your system from the internet. Sality also is able to log keystrokes and allow hackers to access your computer via backdoor security breaches in your system applications.

In addition to infecting single systems, the Sality virus also can unite infected computers into a self-created network that helps deliver malware to each computer.

How Do You Know If Your Computer's Infected?

Several signs indicate that Sality has infected your system. For example, failure of your security or firewall settings is a big red flag indicating that the Sality virus has infected your system. The virus can throw up a blue-screen error when you try to reboot in safe mode, and it can create a RUNDLL error that pops up continuously when you run your task manager. You may also notice that certain files have unexpectedly increased in size after your computer has become infected.

If your system has been infected, there are several ways to remove the virus. You can download free software that’s designed specifically to remove Sality. Many free antivirus applications are able to address issues with Sality as part of their overall antivirus scanning. You also can find instructions online for manually removing Sality and dismantling its functionality, but you should only use this route if you clearly understand the instructions and know what you’re doing.

Closing the Door to Sality

The Sality virus has created a botnet of more than 100,000 computers, so it’s important to know how to protect your system from infection. The primary way to stay clean is to enable a firewall on your computer because Sality cannot easily breach a firewall. You can find free firewall software online or purchase a full security suite that includes firewall protection.
In addition, install antivirus software and download regular updates. Monitor other users on your computer and know which sites they visit. If other people use your computer for email communication, warn them to avoid opening unusual attachments because Sality travels easily via email. Finally, change your passwords regularly and choose ones that are difficult to decipher even if a hacker has some of your personal information.

Remember: Like a virus that infects humans, the Sality virus is able to evolve, so you must be constantly vigilant to avoid infections with the latest version of Sality.

At TopTenREVIEWS We Do the Research So You Don’t Have To.™