Here is the info of the Sality Virus:
http://www.virustotal.com/file-scan/report.html?id=8cc7b5a8afd90e0d5cca4a8e68a9e83842f83f86d8fb3bc4d2522885ad8da2b4-1299233212
i did not include the sample because of something reasons…
To close the vulnerability window it is a good idea to additionally scan with an on-demand anti malware solution, like MBAM, SAS, or regularly do a scan with Windows Defender or a BitDefender Quick Scan from inside the browser. One resident AV solution often is not enough to catch them all, but to improve detection of Sality variants send these to avast.
It is also a good policy to check what executables and processes run on your computer. Then check these against e.g. runscanner
see: http://www.runscanner.net/lib/iehv.exe.html or
here: http://www.threatexpert.com/files/iehv.exe.html
or Agics hash scan or newer FTR scan: http://www.computer-support.nl/Applications/FTR1_Index.php
- and establish if they are unwanted. I give an example. Someone stuck a USB password stealer into your machine and now iehv.exe is running on your computer, this is a legit nirsoft file, and nothing wrong if you installed it yourself, or it came with a program you willfully installed, so it also goes under the radar of the av program, and is not flagged as an eventual PUP (unwanted proggie), see:
so you have to establish yourself if the executable or process running on your comp is unwanted or not. So av and additional malware scanning, all OK, but the user also has some responsibility for what runs on his machine, and if in doubt about a process etc. they can always come and post in these forums,
polonus
tnx for the info sir…
but it’s better to use heuristic or string method of detections for W32.sality coz sality is a polymorphic virus…
Hi,
…general info on sality variants can be found here: http://gsa.ca.com/virusinfo/virus.aspx?ID=52797
It is interesting to read this quote:
I believe that all versions of Sality are polymorphic, hence they are a family. Don’t worry about A****** not detecting polymorphic viruses… it’s a pretty small chance the virus code has evolved into something even A****** cannot detect. Look at the polymorphic virus detection of A***** in the Av-Comparative test.quote source http://forum.avira.com/wbb/index.php?page=Thread&threadID=77177If a file is “partially infected”, it would be corrupted, as the code of the virus would not be complete in the file, causing missing references from the virus start code, or an entire lack of start commands, which will lead you not be able to open the file at all. And Sality doesn’t take a whole long time to infect files, so it’s also a small chance you’re gonna have “partially infected” files.
If you really aren’t sure about some executables, you can check them all at www.virustotal.com to see if they are infected, and also www.cwsandbox.org.
I wouldn’t recommend deleting the infected executables, unless you have spare copies. Is there a “repair” option? If not, quarantining it until the latest definitions of A***** can clean it would be good, something similar to the features in Norton.
Understand that every av solution has it’s own generic detection methods and there may be subtle and sometimes important differences between them,
polonus
once again nice info. that’s why W32.Sality is hard to detect,… because of there some variants on the wild now… i really have 30 samples of W32.sality on my file but i’ve already deleted because it’s useless to standby on my file lol… 
anyway thanks for the info. sir it’s now already added on my knowledge about the so called sality virus…
are you sure the file is not damaged? kaspersky, ms, nod, symantec, trend - all these big players don’t detect it ???
please notice the VT portion of Avast scanning nor database is not exactly up2date …
this problem must be resolved by VT staff …
yeap, its not totally corrupt, the extension of the file is pif…
–Ive been using this for 2 years and I can say that Avast is good at detecting virus and other unwanted stuff at your computer.
Hi,
Yes, we know that and that is why we are on these forums to even make avast av better still, this W32/Sality.gen! B21B8BA98317 detected 2 days ago, which malware is detected by avast as Win32:Sality , see: http://vil.nai.com/vil/content/v_394509.htm
polonus