ThreatExpert's Statistics for PE_SALITY.BU [Trend Micro]:

PE_SALITY.BU [Trend Micro] is also known as:

Threat Alias	Number of Incidents
Virus:Win32/Sality.AM [Microsoft]	392
W32/Sality.gen [McAfee]	391
Virus.Win32.Sality.aa [Kaspersky Lab]	376
Mal/Sality-B [Sophos]	367
W32.Sality.AE [Symantec]	333
Win32/Kashu.B [AhnLab]	250
Virus.Win32.Sality [Ikarus]	184
Virus.W32.Sality [Ikarus]	70
Malware.Sality [PC Tools]	23
IM-Worm.Win32.Sohanad [Ikarus]	13
W32.SillyFDC [Symantec]	13
Mal/HckPk-A, Mal/Sality-B [Sophos]	12
Worm:Win32/Sohanad.I [Microsoft]	9
IM-Worm.Win32.VB [Ikarus]	8
BackDoor-CEP.svr [McAfee]	7
Trojan Horse [Symantec]	7
W32.Imaut.AS [Symantec]	7
W32.Imaut.N [Symantec]	7
Mal/EncPk-GT, Mal/Sality-B [Sophos]	6
Virus.Win32.Bifrose [Ikarus]	6
W32.Imaut [Symantec]	6
Backdoor.Trojan [Symantec]	5
Mal/Behav-043, Mal/Sality-B [Sophos]	5
W32/Sohana-AS [Sophos]	5
Backdoor.Bifrose.AHY [PC Tools]	4
Gen.Win32 [Ikarus]	4
Mal/Sality-Gen [Sophos]	4
Trojan.Win32.Agent.bcn [Kaspersky Lab]	4
Trojan.Win32.KillAV.ayh [Kaspersky Lab]	4
Trojan.Win32.VB [Ikarus]	4
W32.Imaut.A [Symantec]	4
Worm.Sohanad.U [PC Tools]	4
BackDoor-EEF [McAfee]	3
IM-Worm.Win32.Sohanad.ao [Kaspersky Lab]	3
IM-Worm.Win32.Sohanad.t [Kaspersky Lab]	3
Mal/Bifrose-S, Mal/Sality-B [Sophos]	3
P2P-Worm.Win32.Malas.g [Ikarus]	3
P2P-Worm.Win32.Malas.r [Kaspersky Lab]	3
Trojan.DL.AutoIt.DO [PC Tools]	3
W32.Gammima.AG [Symantec]	3
W32.Linkfars [Symantec]	3
Worm.Sohanad.Z [PC Tools]	3
Worm:AutoIt/Sohanad.AI [Microsoft]	3
Backdoor.Win32.Bifrose.fny [Kaspersky Lab]	2
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	2
Email-Worm.Win32.Brontok.ab [Ikarus]	2
Mal/Bifrose-R, Mal/Bifrose-R, Mal/Sality-B [Sophos]	2
Mal/EncPk-F, Mal/HckPk-A, Mal/Sality-B [Sophos]	2
Mal/HckPk-A, Mal/EncPk-F, Mal/Sality-B [Sophos]	2
Packed.Win32.Krap.b [Kaspersky Lab]	2
Suspicious.Bifrose [Symantec]	2
Trojan.Jonben.A [PC Tools]	2
Trojan.Midgare.hhn [PC Tools]	2
Trojan-Dropper.Win32.Flystud.B [Ikarus]	2
Trojan-Proxy.Win32.Agent [Ikarus]	2
Trojan-Spy.Ardamax.J [Ikarus]	2
TrojanSpy.Ardamax.WQ [PC Tools]	2
VirTool.Win32.VBInject [Ikarus]	2
Virus.Win32.Hakaglan [Ikarus]	2
W32.Imaut.AA [Symantec]	2
W32.Rontokbro.AN@mm [Symantec]	2
W32/Cocung.worm [McAfee]	2
W32/Sohana-AM [Sophos]	2
W32/Sohana-CO [Sophos]	2
Win-Trojan/Bifrose.29053 [AhnLab]	2
Worm.AutoIt.dn [PC Tools]	2
Worm.VB.ZUI [PC Tools]	2
Worm.Win32.AutoRun.fwl [Kaspersky Lab]	2
Worm.Win32.VB.cj [Ikarus]	2
Worm.Win32.VB.mz [Ikarus]	2
Worm:AutoIt/Sohanad.AQ [Microsoft]	2
Backdoor.Bifrost [Ikarus]	1
Backdoor.Win32.Bifrose [Ikarus]	1
Backdoor.Win32.Tofsee [Ikarus]	1
Backdoor:Win32/Bifrose [Microsoft]	1
Backdoor:Win32/Bifrose.FH [Microsoft]	1
BackDoor-CEP.gen.au [McAfee]	1
BehavesLike.Win32.Malware [Ikarus]	1
Email-Worm.Win32.Rays [Ikarus]	1
Email-Worm.Win32.Rays.d [Kaspersky Lab]	1
Generic Downloader.aj [McAfee]	1
Generic Dropper.bw [McAfee]	1
Generic PWS.ak [McAfee]	1
Hacktool.Keylogger [Symantec]	1
HeurEngine.ZeroDayThreat [PC Tools]	1
IM-Worm.Win32.Sohanad.gu [Kaspersky Lab]	1
JS.Chir.B [PC Tools]	1
Mal/Behav-103, Mal/Behav-043, Mal/Sality-B [Sophos]	1
Mal/Bifrose-R, Mal/Sality-B [Sophos]	1
Mal/Frethog-B, Mal/Sality-B [Sophos]	1
Mal/SillyFDC-A, Mal/Behav-043, Mal/Sality-B [Sophos]	1
Mal/SillyFDC-A, Mal/Sality-B [Sophos]	1
not-a-virus:AdWare.Win32.MyWebSearch [Ikarus]	1
PWS-Gamania.gen.a [McAfee]	1
PWS-Gamania.gen.c [McAfee]	1
PWS-Gamania.gen.o [McAfee]	1
Trojan.Chifrax.a [PC Tools]	1
Trojan.Generic [Ikarus]	1
Trojan.Inject.ldi [PC Tools]	1
Trojan.VB.ilm [PC Tools]	1

PE_SALITY.BU [Trend Micro] has the following possible countries of origin:

Origin		Number of Incidents
	United Kingdom	32
	Taiwan	24
	Russian Federation	14
	China	13
	Sweden	9
	Spain	8
	Germany	6
	Turkey	5
	Republic of Korea	4
	Australia	3
	Iran	3
	Israel	3
	Japan	2
	Brazil	1
	Croatia	1
	Czech Republic	1
	France	1
	Thailand	1
	United Arab Emirates	1
	Viet Nam	1

PE_SALITY.BU [Trend Micro] is known to be created as:

%AllUsersProfile%\smss.exe

%AppData%\foxitreader_setup.exe

%AppData%\usrinit.exe

%CommonAppData%\microsoft\user account pictures\my_heart.exe

%CommonDocuments%\my music\my_heart.exe

%CommonDocuments%\my music\sample music\my_heart.exe

%CommonDocuments%\my pictures\my_heart.exe

%CommonDocuments%\my pictures\sample pictures\my_heart.exe

%CommonDocuments%\my videos\my_heart.exe

%CommonDocuments%\my_heart.exe

%CommonPrograms%\startup\lsass.exe

%CommonPrograms%\startup\my_heart.exe

%CommonPrograms%\startup\svchots.exe

%FontsDir%\fonts.exe

%FontsDir%\tskmgr.exe

%LocalSettings%\startup.exe

%Profiles%\default user\my documents\my_heart.exe

%Profiles%\default user\nethood\my_heart.exe

%Profiles%\default user\start menu\programs\startup\my_heart.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bytescribe\tsp_codec\uninst.exe

%ProgramFiles%\common files\adobeupdate.exe

%ProgramFiles%\xpcode\sexgame.exe

%ProgramFiles%\xpcode\sexscreensaver.scr

%Programs%\startup\svchots.exe

%System%\%computername%\my_heart.exe

%System%\1025.exe

%System%\1028.exe

%System%\1031.exe

%System%\1033.exe

%System%\1037.exe

%System%\1041.exe

%System%\1042.exe

%System%\1054.exe

%System%\1126\ctfmon.exe

%System%\2052.exe

%System%\3076.exe

%System%\3com_dmi.exe

%System%\amvo.exe

%System%\avpo.exe

%System%\bifrost\server.exe

%System%\blastclnnn.exe

%System%\bycool1\log.exe

%System%\bycool1\windo.exe

%System%\catroot.exe

%System%\catroot2.exe

%System%\ckvo.exe

%System%\com.exe

%System%\config.exe

%System%\dhcp.exe

%System%\directx.exe

%System%\dllcache.exe

%System%\dllcache\default.exe

%System%\dllcache\global.exe

%System%\dllcache\regedit32.com

%System%\dllcache\shell32.com

%System%\dllcache\svchost.exe

%System%\dllchache.exe

%System%\drivers.exe

%System%\drivers\drivers.cab.exe

%System%\dxgdialog.exe

%System%\export.exe

%System%\gphone.exe

%System%\grouppolicy.exe

%System%\ias.exe

%System%\icsxml.exe

%System%\ime.exe

%System%\inetsrv.exe

%System%\kabo0o-serever.exe

%System%\kamsoft.exe

%System%\logoneui.exe

%System%\m5vbvm60.exe

%System%\macromed.exe

%System%\microsoft.exe

%System%\msdtc.exe

%System%\msmsgs.exe

%System%\mui.exe

%System%\my_heart.exe

%System%\npp.exe

%System%\ntmsdata.exe

%System%\olhrwef.exe

%System%\oobe.exe

%System%\ras.exe

%System%\reader_s.exe

%System%\regedit.exe

%System%\regsvr.exe

%System%\reinstallbackups.exe

%System%\restore.exe

%System%\rund1132.exe

%System%\rvhost.exe

%System%\save.exe

%System%\scvhost.exe

%System%\scvhsot.exe

%System%\scvshosts.exe

%System%\scvvhsot.exe

%System%\setup.exe

%System%\shellext.exe

%System%\spool.exe

%System%\sscvihost.exe

%System%\sscviihost.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ComputerName% is a variable that refers to the current computer name.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).