What is Trojan.Sality?

Trojan.Sality is a highly dangerous infection which can connect the infected computer to a botnet and download additional files. As the threat is able to disable security programs, your anti-virus software may not detect the infection.  The threat attempts to infect every executable file which is located on local, removable and other drives.  At the time when the threat was created, it was less complicated because it was able only to download new malware and record the user’s keystrokes.

How dangerous is Trojan.Sality?

Now the threat is called and entry-point obscuring polymorphic file infector. It changes the entry point of a program in an attempt to make it difficult to find out the reasons of the attack. Moreover, the threat alters all running processes by injecting a copy of its code. Even if one of the instances of the infection is terminated, one of the corrupted processes will renew.

In order to prevent Safeboot mode, Trojan.Sality deletes all registry sub-keys and values which are found under the paths HKEY _ CURRENT _ USER\System\CurrentControlSet\Control\SafeBoot and HKEY _ LOCAL _ MACHINE\System\CurrentControlSet\Control\SafeBoot. Additionally, it creates a kernel driver in the System\drivers folder, which is employed to kill processes, disable access to some websites and block incoming or outgoing traffic to SMTP servers.

Additionally, Trojan.Sality can download different malware which has the same code signature, which makes malware researchers believe that the harmful files are created by the same people who have created the infection. The unwanted files which are downloaded can be spam generators, information stealers which are used for recording passwords, website infectors or experimental malware which, for example, automatically enrolls a computer user to some Facebook application.

In order to prevent payloads, it is advisable to make sure that all software applications are patched and the security tool is up-to-date.  Moreover, it is important to keep in mind that Trojan.Sality refers to different variants. For example, there is a threat called Spammer:Win32/Sality.A which can access your Outlook address book and send spam emails, which are based on the information acquired from remote servers. Like other variants of Trojan.Sality, it can create a mutex in order to prevent multiple running of the same process.

How to remove Trojan.Sality?

The removal of the Trojan in question is an enormously complex procedure which is why you should rely on either a professional specialist or a legitimate and powerful spyware removal tool. However, we suggest that you implement SpyHunter as this application can also safeguard the computer against other computer infections.

100% FREE spyware scan and
tested removal of Trojan.Sality*

Leave a Comment

Enter the numbers in the box to the right *