This detection is for a Win32 parasitic virus variant that infects Windows portable executable (PE) files. This virus also attempts to disable certain security programs by deleting the executable file.
4769 (2006-05-24)Updated DAT
The W32/Sality.t detection bears the following characteristics:
This is a parasitic virus that searches and infects Windows Portable Executable (PE) files that typically has the .EXE file extension.
It replaces the original code at the entry point with viral code and stores an encrypted copy of the original code in the appended space of the file. Due to a bug in the virus, it may cause certain PE files to be corrupted.