Threat Search: 

ThreatExpert's Statistics for W32/Sality.gen [McAfee]:

W32/Sality.gen [McAfee] is also known as:
Threat AliasNumber of Incidents
Virus:Win32/Sality.AM [Microsoft]3,368
W32/Sality-AM [Sophos]2,913
W32.Sality.AE [Symantec]2,862
Win32/Kashu.B [AhnLab]2,441
Virus.Win32.Sality.aa [Kaspersky Lab]2,393
Virus.Win32.Sality [Ikarus]1,579
Win32.Sality.AM.Gen [PC Tools]664
Virus.Win32.Sality.z [Kaspersky Lab]564
PE_SALITY.EK [Trend Micro]550
Virus.W32.Sality [Ikarus]536
Mal/Sality-B [Sophos]521
PE_SALITY.EN-1 [Trend Micro]465
PE_SALITY.JER [Trend Micro]458
PE_SALITY.EN [Trend Micro]427
PE_SALITY.BU [Trend Micro]391
Trojan.Win32.Autoit.ci [Kaspersky Lab]190
W32.SillyFDC [Symantec]153
Trojan.Win32.Autoit [Ikarus]136
PE_SALITY.DAM [Trend Micro]107
PE_SALITY.EN-O [Trend Micro]107
Malware.Sality [PC Tools]94
W32.Imaut [Symantec]80
PE_SALITY.BU-O [Trend Micro]78
Infostealer [Symantec]66
Virus.Win32.Sality.y [Kaspersky Lab]66
Trojan.Autoit [Ikarus]59
PE_SALITY.M [Trend Micro]55
IM-Worm.Win32.Sohanad [Ikarus]52
PE_SALITY.EM [Trend Micro]52
Trojan.Dropper [Symantec]41
Worm:Win32/Sohanad.I [Microsoft]41
Trojan.Win32.Crypt [Ikarus]39
PE_SALITY.BU-1 [Trend Micro]36
Trojan.Win32.KillAV.ayh [Kaspersky Lab]36
W32.Sality [Ikarus]36
Email-Worm.Win32.Brontok.ab [Ikarus]30
PE_SALITY.BI [Trend Micro]30
Win32.Sality.AK [PC Tools]30
IM-Worm.Win32.VB [Ikarus]29
Win-Trojan/Xema.variant [AhnLab]29
Worm.AutoIT.DP [PC Tools]29
W32.Imaut.AS [Symantec]28
Worm.Autoit.DU [PC Tools]28
W32.Imaut.A [Symantec]26
Virus.Win32.Bifrose [Ikarus]24
W32.Imaut.AA [Symantec]24
Worm.Sohanad.U [PC Tools]23
Worm:AutoIt/Sohanad.AQ [Microsoft]23
Email-Worm.Win32.Rays [Ikarus]22
Mal/Sality-A [Sophos]22
Trojan-Spy.Ardamax.J [Ikarus]22
TrojanSpy.Ardamax.WQ [PC Tools]22
W32.Imaut.U [Symantec]22
Trojan Horse [Symantec]21
W32.SillyDC [Symantec]21
Worm.AutoIT.V [PC Tools]21
Worm.Win32.AutoIt [Ikarus]20
Worm.AutoIt.dn [PC Tools]19
Backdoor.Win32.Bifrose [Ikarus]17
Gen.Win32 [Ikarus]17
Mal/HckPk-A, Mal/Sality-B [Sophos]17
Trojan-Dropper.Win32.Flystud.B [Ikarus]16
Trojan.Win32.VB [Ikarus]15
Win-Trojan/Autorun.225280.B [AhnLab]14
Email-Worm.Win32.Rays.d [Kaspersky Lab]13
PE_SALITY.EM-O [Trend Micro]13
Trojan.DL.AutoIt.DO [PC Tools]13
Win32.Sality.AL [PC Tools]13
Trojan.Win32.Agent.cru [Kaspersky Lab]12
Trojan-Downloader.Win32.AutoIt [Ikarus]12
Worm.Win32.AutoRun.fjx [Kaspersky Lab]12
Worm.Win32.VB [Ikarus]12
PE_SALITY.EN-2 [Trend Micro]11
Trojan.Midgare.hhn [PC Tools]11
Trojan-Downloader.Win32.AutoIt.aa [Kaspersky Lab]11
Virus.Win32.KillFiles.058 [Ikarus]11
Worm.AutoRun.ADQ [PC Tools]11
IM-Worm.Win32.Sohanad.t [Kaspersky Lab]10
Mal/Sality-Gen [Sophos]10
Trojan.Win32.Pakes.cob [Kaspersky Lab]10
Virus.Win32.VB.bg [Ikarus]10
W32.Blastclan [Symantec]10
W32.HLLP.Sality.O [Symantec]10
W32.Sality.Y [Ikarus]10
Worm.VB.FMU [PC Tools]10
Worm:AutoIt/Sohanad.AI [Microsoft]10
WORM_SOHANAD.EJ [Trend Micro]10
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]9
Backdoor.Win32.Jaan.w [Kaspersky Lab]9
Email-Worm.Win32.Silly.e [Kaspersky Lab]9
PE_SALITY.AE [Trend Micro]9
Trojan.Autorun.UA [Ikarus]9
Trojan-Downloader.Win32.VB.iyl [Kaspersky Lab]9
Virus.Win32.Sality.l [Kaspersky Lab]9
Virus:Win32/Sality.G [Microsoft]9
W32.Blastclan.B [Symantec]9
W32.Imaut.CN [Symantec]9
W32.Imaut.N [Symantec]9
W32.Svich [Symantec]9
W32/Sality-I [Sophos]9

W32/Sality.gen [McAfee] has the following possible countries of origin:
OriginNumber of Incidents
United Kingdom439
Taiwan189
Germany164
China129
Russian Federation107
Sweden40
Japan39
Spain36
Brazil33
Israel33
Republic of Korea31
Turkey25
France20
Canada13
Saudi Arabia13
Australia12
Poland9
Iran8
Portugal7
Italy6
Czech Republic5
Belgium4
Netherlands3
Slovenia3
Croatia2
Finland2
Hungary2
Indonesia2
New Zealand2
Thailand2
Austria1
Mexico1
Norway1
Serbia and Montenegro1
Singapore1
Slovakia1
South Africa1
United Arab Emirates1
Viet Nam1

W32/Sality.gen [McAfee] is known to be created as:
%AllUsersProfile%\menu iniciar\programas\inicializar\svchost.exe
%AllUsersProfile%\smss.exe
%AppData%\csrss.exe
%AppData%\explorer.exe
%AppData%\foxitreader_setup.exe
%AppData%\inetinfo.exe
%AppData%\lsass.exe
%AppData%\microsoft\cd burning\coolworld.exe
%AppData%\microsoft\hscg.exe
%AppData%\services.exe
%AppData%\smss.exe
%AppData%\spool.exe
%AppData%\usrinit.exe
%AppData%\winlogon.exe
%CommonAppData%\fearghus\lsass.exe
%CommonAppData%\microsoft\kbdriver\classified.exe
%CommonAppData%\microsoft\kbdriver\kbdsys.exe
%CommonAppData%\microsoft\usb2.0\usb-hi.exe
%CommonAppData%\microsoft\user account pictures\my_heart.exe
%CommonAppData%\zilch.infinisoft\dirlock.exe
%CommonDesktopDir%\classified.exe
%CommonDesktopDir%\classified\classified.exe
%CommonDesktopDir%\desktop.exe
%CommonDesktopDir%\documents.exe
%CommonDesktopDir%\files.exe
%CommonDesktopDir%\notepad.exe
%CommonDocuments%\classified.exe
%CommonDocuments%\classified\classified.exe
%CommonDocuments%\documents.exe
%CommonDocuments%\my music\my_heart.exe
%CommonDocuments%\my music\sample music\my_heart.exe
%CommonDocuments%\my pictures\my_heart.exe
%CommonDocuments%\my pictures\sample pictures\my_heart.exe
%CommonDocuments%\my videos\my_heart.exe
%CommonDocuments%\my_heart.exe
%CommonFavorites%\favorites.exe
%CommonPrograms%\accessories\accessibility\accessibility.exe
%CommonPrograms%\accessories\accessories.exe
%CommonPrograms%\accessories\communications\communications.exe
%CommonPrograms%\accessories\entertainment\entertainment.exe
%CommonPrograms%\programs.exe
%CommonPrograms%\startup\classified.exe
%CommonPrograms%\startup\folderwiz.com
%CommonPrograms%\startup\kbdrv16.com
%CommonPrograms%\startup\lsass.exe
%CommonPrograms%\startup\msconfig.exe
%CommonPrograms%\startup\my_heart.exe
%CommonPrograms%\startup\setup.exe
%CommonPrograms%\startup\startup.exe
%CommonPrograms%\startup\svchots.exe
%CommonPrograms%\startup\systemil2.exe
%CommonPrograms%\startup\winlogon.exe
%DesktopDir%\desktop.exe
%DesktopDir%\games.exe
%DesktopDir%\mp3.exe
%DesktopDir%\videos.exe
%Favorites%\favorites.exe
%Favorites%\links.exe
%Favorites%\links\links.exe
%FontsDir%\26dfa.com
%FontsDir%\79134.com
%FontsDir%\9d46d.com
%FontsDir%\9d46d1.com
%FontsDir%\c4bb1.com
%FontsDir%\fonts.exe
%FontsDir%\tskmgr.exe
%FontsDir%\wuauclt.exe
%LocalSettings%\explorer.exe
%LocalSettings%\services.exe
%LocalSettings%\smss.exe
%LocalSettings%\startup.exe
%LocalSettings%\svchost.exe
%LocalSettings%\winlogon.exe
%MyDocuments%\classified.exe
%MyDocuments%\games.exe
%MyDocuments%\hiddenfolder.exe
%MyDocuments%\mp3.exe
%MyDocuments%\my pictures\mskernel.exe
%MyDocuments%\videos.exe
%Profiles%\default user\my documents\my_heart.exe
%Profiles%\default user\nethood\my_heart.exe
%Profiles%\default user\services.exe
%Profiles%\default user\start menu\programs\startup\my_heart.exe
%Profiles%\localservice\services.exe
%Profiles%\networkservice\services.exe
%ProgramFiles%\adobe.exe
%ProgramFiles%\b\w.exe
%ProgramFiles%\bifrost\a.exe
%ProgramFiles%\bifrost\server.exe
%ProgramFiles%\bytescribe\tsp_codec\uninst.exe
%ProgramFiles%\classified.exe
%ProgramFiles%\common files\adobeupdate.exe
%ProgramFiles%\common files\designer\designer.exe
%ProgramFiles%\common files\mssoap\binaries\binaries.exe
%ProgramFiles%\common files\mssoap\mssoap.exe
%ProgramFiles%\common files\odbc\odbc.exe
%ProgramFiles%\common files\services\services.exe
%ProgramFiles%\common files\speechengines\microsoft\tts\tts.exe
%ProgramFiles%\common files\speechengines\speechengines.exe
%ProgramFiles%\common files\system\ado\ado.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
  • %CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
  • %CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
  • %Favorites% is a variable that refers to the file system directory that serves as a common repository for the user's favorite items. A typical path is C:\Documents and Settings\[UserName]\Favorites.
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.