ThreatExpert's Statistics for Malware.Sality [PC Tools]:

Malware.Sality [PC Tools] is also known as:

Threat Alias	Number of Incidents
PE_SALITY.AO-O [Trend Micro]	148
Virus:Win32/Sality.AM [Microsoft]	112
W32.Sality.AE [Symantec]	111
Trojan.Win32.KillAV.nh [Kaspersky Lab]	108
Win32/Kashu.B [AhnLab]	106
W32.Sality.AB [Symantec]	100
Virus.Win32.Sality.aa [Kaspersky Lab]	99
W32/Sality.gen [McAfee]	94
W32/Sality-AM [Sophos]	84
Trojan.Win32.KillAV [Ikarus]	64
Mal/Sality-B [Sophos]	25
PE_SALITY.EN [Trend Micro]	25
PE_SALITY.BU [Trend Micro]	23
PE_SALITY.JER [Trend Micro]	21
Trojan.Win32.KillAV.nh [Ikarus]	18
PE_SALITY.EN-2 [Trend Micro]	11
PE_SALITY.EN-O [Trend Micro]	8
BackDoor-CEP.gen.au [McAfee]	4
PE_SALITY.BU-1 [Trend Micro]	4
PE_SALITY.DAM [Trend Micro]	3
W32.HLLP.Sality.O [Symantec]	3
Generic VB.j [McAfee]	2
Mal/Bifrose-S, Mal/Sality-B [Sophos]	2
Packed.Win32.Krap.b [Kaspersky Lab]	2
PE_SALITY.BU-O [Trend Micro]	2
PE_SALITY.EN-1 [Trend Micro]	2
Virus.Win32.Bifrose [Ikarus]	2
Virus.Win32.Virut.q [Kaspersky Lab]	2
Backdoor.Win32.IRCBot.jvw [Kaspersky Lab]	1
BackDoor-CEP.svr [McAfee]	1
BackDoor-DVR.gen.c [McAfee]	1
BackDoor-EEF [McAfee]	1
Constructor/Bifrose.1466368 [AhnLab]	1
Generic BackDoor.b [McAfee]	1
Generic Dropper.ln [McAfee]	1
Generic PWS.ak [McAfee]	1
Mal/Bifrose-R, Mal/Sality-B [Sophos]	1
Mal/HckPk-A, Mal/Sality-B [Sophos]	1
MultiDropper-TJ [McAfee]	1
PE_SALITY.AM [Trend Micro]	1
PE_SALITY.EM-O [Trend Micro]	1
PWS-Gamania.gen.o [McAfee]	1
Troj/Agent-LCN [Sophos]	1
Trojan.Win32.FraudPack.xmu [Kaspersky Lab]	1
Trojan.Win32.Refroso.jvi [Kaspersky Lab]	1
Trojan.Win32.Scar.atws [Kaspersky Lab]	1
Trojan-Dropper.Win32.Agent.ayqm [Kaspersky Lab]	1
Trojan-Dropper.Win32.Malf [Ikarus]	1
TSPY_ARDAMAX.HR [Trend Micro]	1
VirTool:Win32/CeeInject.B [Microsoft]	1
Virus.Win32.Sality [Ikarus]	1
Virus.Win32.Sality.l [Kaspersky Lab]	1
Virus.Win32.Sality.v [Kaspersky Lab]	1
Virus:Win32/Sality.AH [Microsoft]	1
Virus:Win32/Sality.G [Microsoft]	1
Virus:Win32/Sality.gen!enc [Microsoft]	1
W32/Kelvir.worm.gen [McAfee]	1
W32/Sality.ad [McAfee]	1
W32/Sality.gen.b [McAfee]	1
W32/Sality-AI [Sophos]	1
Win32.SuspectCrc [Ikarus]	1
Win32/IRCBot.worm.variant [AhnLab]	1
Win32/Kashu [AhnLab]	1
Win32/Sality.F [AhnLab]	1
Win-Trojan/Buzus.98304.X [AhnLab]	1
Win-Trojan/Magania.106383 [AhnLab]	1
Win-Trojan/OnlineGameHack.106174 [AhnLab]	1

Malware.Sality [PC Tools] has the following possible countries of origin:

Origin		Number of Incidents
	Sweden	9
	Taiwan	8
	Russian Federation	6
	Spain	6
	China	3
	Croatia	2
	Hungary	2
	Brazil	1
	Finland	1
	France	1
	Iran	1
	Japan	1
	United Kingdom	1

Malware.Sality [PC Tools] is known to be created as:

%AllUsersProfile%\menu iniciar\programas\inicializar\svchost.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bytescribe\tsp_codec\uninst.exe

%System%\bifrost\server.exe

%System%\ckvo.exe

%System%\kamsoft.exe

%System%\lsas.exe

%System%\lt.exe

%System%\macfee_.exe

%System%\system32\windows.exe

%System%\twex.exe

%System%\winupdate.exe

%Temp%\final.exe

%Windir%\123.exe

%Windir%\internetxplor\internet.exe

%Windir%\macfee_.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.