We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Sality.AT
Detected by Microsoft Defender Antivirus
Aliases: Win-Trojan/Vilsel.75776 (AhnLab) Trojan.Win32.Vilsel.aboh (Kaspersky) Win32/Maazben!generic (CA) Win32/Sality.NAQ (ESET) W32/Sality-AU (Sophos) TROJ_STOPSEC.MCL (Trend Micro)
Summary
Worm:Win32/Sality.AT is a detection for files that are utilized by Virus:Win32/Sality.AT when spreading. Virus:Win32/Sality.AT is a virus that spreads by infecting Windows executable files and by copying itself to removable and remote drives. It also terminates various security products, prevents certain Windows utilities from executing and attempts to download additional files from a predefined remote Web server.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions
For additional instructions on how to return an affected computer to its pre-infected state, please refer to the recovery details for Virus:Win32/Sality.AT.
Follow us
