W32.HLLP.Sality.O Description
W32.HLLP.Sality.O is a mischievous trojan infection that is advertised through the use of bogus online scanners and other fake websites or malware that shows fraudulent security alerts on your computer. W32.HLLP.Sality.O can communicate with a remote IRC server and download files to the computer without user's consent which will lead to security threat. W32.HLLP.Sality.O also downloads additional components before the attackers get the remote access to the compromised PC. W32.HLLP.Sality.O opens up firewalls and gathers private details such as personal financial information. W32.HLLP.Sality.O is able to make modifications to various system services, such as Windows Audio, Computer Browser Network Connections, Cyptographic Services, etc.
Technical Information
File System Details
W32.HLLP.Sality.O creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %UserProfile%\Application Data mp.exe | N/A |
| 2 | %Documents and Settings%\[UserName]\Application Data\WRblt8464P | N/A |
Registry Details
W32.HLLP.Sality.O creates the following registry entry or registry entries:
Registry key
Settings 'WarnonBadCertRecving' = '0'
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'WarnOnPostRedirect' = '0'
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'