Malware: Sality

Problem description

A Windows computer in your network is likely infected with the Sality malware. Sality is a very common type of malicious code that affects only Windows systems. It usually infects your PC when you open a file with malicious contents. It can be used to perform many kinds of bad actions, such as using your computer to send and receive spam emails, stealing your sensitive personal or financial data, or performing computing tasks such as mining cryptocurrency or cracking passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality (opens new window). You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.