Malware

Should I remove “Win32.Sality.2.NX”?

Malware Removal

The Win32.Sality.2.NX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32.Sality.2.NX virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32.Sality.2.NX?



File Info:

name: 6AD23721A3FE2093A9E7.mlw
path: /opt/CAPEv2/storage/binaries/5b36f1b46b447e6920d148e26a66c1e4ab177321640a9a76f845ca7a0ca0162b
crc32: B0859D14
md5: 6ad23721a3fe2093a9e710af26ec7617
sha1: 3eec201ad34a8df53e3cea474a1c3a2fdc43cdd6
sha256: 5b36f1b46b447e6920d148e26a66c1e4ab177321640a9a76f845ca7a0ca0162b
sha512: bcb961297eaa4ba2f8556c45b8f390424f87f111632a5dd56def4b93c93f22eb156d37c7f9219c87bb3a37a4477dbcc344f21781448f09842f684771057aaec3
ssdeep: 768:abRajimGb2zMdigPN0plqG9nadGEWQt0H+21ja2/ZBdGMCjFBCcDzQ08jGhqZ1zo:gRaH8iNrnaAEWQY7b/iI6zQGhD2u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5630118C5BC3A6AC3E0807952B98CE1711A55678D825E5247C2B6B7F8077FCF60B1E7
sha3_384: c2190b18cd1614479abe1c2da336c2c40510fe679eda237eab4b1cd4157203c2d612670641fb96aaa7cdeb40bdd886a8
ep_bytes: 60e80000000003d3fecaeb019c8bf56a
timestamp: 2009-11-18 08:45:13


Version Info:

0: [No Data]

Win32.Sality.2.NX also known as:

BkavW32.SalityVA.PE
LionicVirus.Win32.Generic.kZUA
MicroWorld-eScanWin32.Sality.2.NX
FireEyeGeneric.mg.6ad23721a3fe2093
CAT-QuickHealW32.Sality.R
SkyhighBehavesLike.Win32.Agent.kc
McAfeeW32/Sality.u.gen
Cylanceunsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusVirus ( 00001b671 )
AlibabaVirus:Win32/Sality.c0f1e1a9
K7GWVirus ( 00001b671 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:FileInfector.D5BAA53011
VirITTrojan.Win32.Agent.LB
SymantecW32.Sality.AE
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Sality.NAO
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Sality.sil
BitDefenderWin32.Sality.2.NX
NANO-AntivirusVirus.Win32.Sality.kohg
AvastWin32:Sality [Inf]
TencentVirus.Win32.TuTu.A.200000
EmsisoftWin32.Sality.2.NX (B)
BaiduWin32.Virus.Sality.e
F-SecureMalware.W32/Sality
DrWebWin32.Sector.5
VIPREWin32.Sality.2.NX
TrendMicroPE_SALITY.M
Trapminemalicious.high.ml.score
SophosW32/Sality-AM
SentinelOneStatic AI – Malicious PE
JiangminWin32/HLLP.Kuku.poly
WebrootW32.Malware.Gen
GoogleDetected
AviraW32/Sality
MAXmalware (ai score=100)
Antiy-AVLVirus/Win32.Sality.gen
KingsoftWin32.Sality.v.9728
XcitiumVirus.Win32.Sality.gen@1egj5j
ArcabitWin32.Sality.2.NX
ViRobotWin32.Sality.Gen.A
ZoneAlarmVirus.Win32.Sality.sil
GDataWin32.Sality.2.NX
VaristW32/Sality.AJ
AhnLab-V3Win32/Kashu.B
Acronissuspicious
VBA32Virus.Win32.Sality.z
ALYacWin32.Sality.2.NX
MalwarebytesGeneric.Malware/Suspicious
PandaW32/Sality.AK
TrendMicro-HouseCallPE_SALITY.M
RisingVirus.Sality!1.A5BD (CLASSIC)
IkarusGen.Trojan
MaxSecureVirus.Sality.AA
FortinetW32/Sality.AA
AVGWin32:Sality [Inf]
Cybereasonmalicious.1a3fe2
DeepInstinctMALICIOUS
alibabacloudProxytool:Win/Agent.A

How to remove Win32.Sality.2.NX?

Win32.Sality.2.NX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment