Welcome to the Virus Encyclopedia of Panda Security.
Sality.AO carries out the following actions:
Sality.AO infects the files with an EXE and SCR extension it finds in the computer, using the technique which consists in entering its code at the end of the file it infects. By doing this, it ensures that the virus is run every time the infected file is executed, but without interfering the functioning of the file.
It also infects the files with an ASP, HTM and PHP extension it finds in the computer by adding them a script that allows the virus to download malware to the infected computer.
Sality.AO modifies the HOSTS file in order to connect to an IRC channel.
Sality.AO creates the following entries in the Windows Registry:
Sality.AO infects executable files with an EXE and SCR extension, and files with an ASP, HTM and PHP extension. They reach computers when previously infected files are distributed, entering computers through any of the usual channels: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
Sality.AO is 8,457 bytes in size.