Last Updated on Sunday, 15 July 2012 17:40 Sunday, 15 July 2012 17:29
A virus program from the family of W32 Sality is found to do the following things
It stops the following services
"Application Layer Gateway Service",
"Windows Firewall/Internet Connection Sharing (ICS)",
It creates an autorun.inf file in the root directory, which then infects other computers in the network.
It disable notification in the Security Center,
It also disables Task Manager and registry editor.
It deletes the safeboot registry keys. This will prevent the computer from starting in Safe Mode.
The virus program modifies the following files.
Symantec's website describes the way W32 Sality's infects a computer as follows
W32.Sality will infect executable files on local, removable and remote shared drives. It replaces the original host code at the entry point of the executable to redirect execution to the polymorphic viral code, which has been encrypted and inserted in the last section of the host file.
In addition to infecting local and remotely shared executable files, W32.Sality will purposely search for specific registry subkeys to infect the executable files that run when Windows starts.
You can read more about W32 Sality at Symantec on this link
|< Prev||Next >|