Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 29, 2008

by Marianna Schmudlach Oct 28, 2008 12:02PM PDT

W32/Sality-AM


Aliases Win32/Sality.gen
W32/Sality.dll
New Win32.s

Category Viruses and Spyware

Type Virus

W32/Sality-AM is a virus for the Windows platform.

The virus includes the functionality to download additional files from a remote location.

When first run, the virus may infect executables in the root folder, files on network shares, and files it may find based on the following registry locations:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

W32/Sality-AM may install the following file:

<System&gtMischief<random>.sys

This file is detected as Troj/RkSal-A

http://www.sophos.com/security/analyses/viruses-and-spyware/w32salityam.html?_log_from=rss

Discussion is locked

1 - 30 of 57 Posts
- Collapse + Expand Details
- Collapse -
Troj/Zbot-AQ
by Marianna Schmudlach Oct 28, 2008 12:03PM PDT
- Collapse -
Troj/Dloadr-BXG
by Marianna Schmudlach Oct 28, 2008 12:04PM PDT
- Collapse -
Troj/Dloadr-BXF
by Marianna Schmudlach Oct 28, 2008 12:05PM PDT
- Collapse -
Troj/Agent-IBW
by Marianna Schmudlach Oct 28, 2008 12:06PM PDT
- Collapse -
Troj/Wimad-K
by Marianna Schmudlach Oct 28, 2008 2:35PM PDT
- Collapse -
W32/Autorun-NA
by Marianna Schmudlach Oct 28, 2008 3:36PM PDT
- Collapse -
Troj/Zbot-AR
by Marianna Schmudlach Oct 28, 2008 3:37PM PDT
- Collapse -
Troj/PWS-AVE
by Marianna Schmudlach Oct 28, 2008 3:38PM PDT
- Collapse -
Troj/Invo-Zip
by Marianna Schmudlach Oct 28, 2008 3:39PM PDT
- Collapse -
Troj/Fakevir-GU
by Marianna Schmudlach Oct 28, 2008 3:40PM PDT
- Collapse -
Troj/Agent-IBX
by Marianna Schmudlach Oct 28, 2008 3:41PM PDT
- Collapse -
Mal/RarMal-C
by Marianna Schmudlach Oct 28, 2008 3:42PM PDT
- Collapse -
Troj/PWS-AVE
by Marianna Schmudlach Oct 29, 2008 1:52AM PDT
- Collapse -
Troj/Invo-Zip
by Marianna Schmudlach Oct 29, 2008 1:53AM PDT
- Collapse -
Troj/Fakevir-GU
by Marianna Schmudlach Oct 29, 2008 1:54AM PDT
- Collapse -
Troj/Agent-IBX
by Marianna Schmudlach Oct 29, 2008 1:55AM PDT
- Collapse -
Mal/RarMal-C
by Marianna Schmudlach Oct 29, 2008 1:56AM PDT
- Collapse -
Troj/Swizzor-OK
by Marianna Schmudlach Oct 29, 2008 1:57AM PDT
- Collapse -
Troj/FakeAle-JE
by Marianna Schmudlach Oct 29, 2008 2:16AM PDT
- Collapse -
Troj/FakeAle-JD
by Marianna Schmudlach Oct 29, 2008 2:19AM PDT
- Collapse -
Troj/Agent-IBZ
by Marianna Schmudlach Oct 29, 2008 2:20AM PDT
- Collapse -
Troj/Agent-IBY
by Marianna Schmudlach Oct 29, 2008 2:21AM PDT
- Collapse -
Troj/PDFEx-AF
by Marianna Schmudlach Oct 29, 2008 3:06AM PDT
- Collapse -
Troj/PDFEx-AE
by Marianna Schmudlach Oct 29, 2008 3:07AM PDT
- Collapse -
Troj/Mdrop-BWM
by Marianna Schmudlach Oct 29, 2008 3:10AM PDT
- Collapse -
Troj/FakeAle-JC
by Marianna Schmudlach Oct 29, 2008 3:11AM PDT
- Collapse -
Troj/Dwnldr-HJT
by Marianna Schmudlach Oct 29, 2008 3:13AM PDT
- Collapse -
Troj/Dloadr-BXH
by Marianna Schmudlach Oct 29, 2008 3:14AM PDT
- Collapse -
Troj/Cmjspy-AJ
by Marianna Schmudlach Oct 29, 2008 3:15AM PDT

Aliases the BackDoor-CEP.svr trojan

Category Viruses and Spyware

Type Trojan

Troj/Cmjspy-AJ is a Trojan for the Windows platform.

Troj/Cmjspy-AJ attempts to connect to a remote website.

Troj/Cmjspy-AJ deletes itself on execution and copies itself to:
<System>\Bifrost\<Trojan Filename>

Troj/Cmjspy-AJ creates the following files:

<UserProfile>\Application Data\addon.dat
<System>\Bifrost\klog.dat

Klog.dat and addon.dat are not malicious and they can be safely deleted.

Troj/Cmjspy-AJ creates the following Registry entries:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
stubpath
<System>\Bifrost\<Trojan Filename> s

Registry entries are created under HKCU\Software\Bifrost and HKLM\Software\Bifrost

http://www.sophos.com/security/analyses/viruses-and-spyware/trojcmjspyaj.html?_log_from=rss

- Collapse -
Troj/Agent-ICA
by Marianna Schmudlach Oct 29, 2008 3:16AM PDT
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info