W32.Sality.AB 是个 W32 病毒，长度 57,344 字节，感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP 系统　，它感染计算机中的可执行文件，下载运行其他病毒，当收到、打开此病毒时，有以下危害：

A 从http://piratas-numericos.info/handlers/get下载执行病毒

B 生成文件

临时目录[随机字母].tmp

系统目录[随机字母].dll

系统目录[随机字母].dl_

系统目录drivers[随机字母].sys

C 修改注册表项

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion

Internet Setting"GlobalUserOffline" = "0"

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion

policiessystem"EnableLUA" = "0"

D 删除注册表项

HKEY_CURRENT_USERSystemCurrentControlSetControlSafeBoot

HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeBoot

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExtStats

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExtStats

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorer

Browser Helper Objects

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer

Browser Helper Objects

E 创建信号量，使得病毒只运行一份

_kkiuynbvnbrev406

F 注册服务

名称: MCIDRV_2600_6_0

显示名: MCIDRV_2600_6_0

启动类型: Automatic

影像：％System％drivers[随机字母].sys

G 结束以下服务

ALG

aswUpdSv

avast! Antivirus

avast! Mail Scanner

avast! Web Scanner

AVP

BackWeb Plug-in - 4476822

bdss

BGLiveSvc

BlackICE

CAISafe

ccEvtMgr

ccProxy

ccSetMgr

F-Prot Antivirus Update Monitor

fsbwsys

FSDFWD

F-Secure Gatekeeper Handler Starter

fshttps

FSMA

InoRPC

InoRT

InoTask

ISSVC

KPF4

LavasoftFirewall

LIVESRV

McAfeeFramework

McShield

McTaskManager

navapsvc

NOD32krn

NPFMntor

NSCService

Outpost Firewall main module

OutpostFirewall

PAVFIRES

PAVFNSVR

PavProt

PavPrSrv

PAVSRV

PcCtlCom

PersonalFirewal

PREVSRV

ProtoPort Firewall service

PSIMSVC

RapApp

SmcService

SNDSrvc

SPBBCSvc

Symantec Core LC

Tmntsrv

TmPfw

tmproxy

UmxAgent

UmxCfg

UmxLU

UmxPol

vsmon

VSSERV

WebrootDesktopFirewallDataService

WebrootFirewall

XCOMM