Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Sality.T is a polymorphic file infector.
InstallationWhen executed, the virus drops the following files in the %system% folder:
- oledsp32.dl_ (18902 B)
- oledsp32.dll (26624 B)
Executable files infectionWin32/Sality.T is a polymorphic file infector.
The virus searches for executables with one of the following extensions:
Infection is attempted only if an executable is not in a folder that contains one of the following strings in the name:
Files are infected by adding a new section that contains the virus .
Size of the code inserted is 20 KB . The host file is modified in a way that causes the virus to be executed prior to running the original code.
The virus infects files referenced by the following Registry entries:
This causes the virus to be executed on every system start.
Information stealingWin32/Sality.T is a virus that steals sensitive information.
The following information is collected:
The data is saved in the following file:
- user name
- computer name
- malware version
The virus sends the information via e-mail. The virus uses the following SMTP server:
The sender address is one of the following:
The recipient address is one of the following:
The name of the attached file is following:
Other informationIf the current system date and time matches certain conditions, the virus displays the following message:
The following files are deleted:
- WIN32.HLLP.KUKU v3.0b
- <<<<< Hey, Lamer! Say "Bye-bye" to your data! >>>>>
Copyright (c) by Sector
The virus modifies the following file:
The virus writes the following entries to the file:
The %number% stands for a variable 1 digit number.