Hi,

…general info on sality variants can be found here: http://gsa.ca.com/virusinfo/virus.aspx?ID=52797

It is interesting to read this quote:

I believe that all versions of Sality are polymorphic, hence they are a family. Don’t worry about A****** not detecting polymorphic viruses… it’s a pretty small chance the virus code has evolved into something even A****** cannot detect. Look at the polymorphic virus detection of A***** in the Av-Comparative test.

If a file is “partially infected”, it would be corrupted, as the code of the virus would not be complete in the file, causing missing references from the virus start code, or an entire lack of start commands, which will lead you not be able to open the file at all. And Sality doesn’t take a whole long time to infect files, so it’s also a small chance you’re gonna have “partially infected” files.

If you really aren’t sure about some executables, you can check them all at www.virustotal.com to see if they are infected, and also www.cwsandbox.org.

I wouldn’t recommend deleting the infected executables, unless you have spare copies. Is there a “repair” option? If not, quarantining it until the latest definitions of A***** can clean it would be good, something similar to the features in Norton.

quote source http://forum.avira.com/wbb/index.php?page=Thread&threadID=77177

Understand that every av solution has it’s own generic detection methods and there may be subtle and sometimes important differences between them,

polonus