Home Malware Programs Viruses Win32.Sanity.N

Win32.Sanity.N

Posted: May 7, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 1,031
First Seen: May 7, 2013
Last Seen: February 15, 2023
OS(es) Affected: Windows

Win32.Sanity.N Screenshot 1Win32.Sanity.N is a variant of the Sality virus that, like most versions of Sality, can be used to disable security features, install other malware, infect a variety of files and/or install other malware. Fake Flash updates are the obvious culprit behind Win32.Sanity.N's current attacks, which install Win32.Sanity.N by Trojan droppers that pretend to be updating Flash through downloads that are initiated from fake video-player windows. Since thousands of individual PCs are estimated to be infected each day by this attack alone, SpywareRemove.com malware experts encourage the use of all trustworthy and competent anti-malware products to block Win32.Sanity.N's installation and delete Win32.Sanity.N from your computer before any additional problems can arise from the presence of this high-level PC threat.

Win32.Sanity.N: a New Sality Virus that Arrives in a 'Flash'

Win32.Sanity.N currently has been found being distributed by three separate websites that appear to be targeting Turkish and English-speaking PC users. The implied media content on these Web pages is presented as being accessible only after you update Flash, with the characteristic update notification being designed to look like a real update. However, the associated links actually lead to a malware installer for Win32.Sanity.N, which is hosted on the file storage site of Dropbox. SpywareRemove.com malware experts note that, typically, the links will mask the Web addresses for Win32.Sanity.N's installer with HXXP obfuscation, which can prevent some programs from recognizing the malicious Web link.

Unfortunately, the Trojan droppers that install Win32.Sanity.N viruses currently have very low detection rates among most anti-malware programs. There are multiple versions of this Trojan dropper in existence, albeit always disguised as fake Flash updates. As a silver lining, SpywareRemove.com malware experts are happy to point out that Win32.Sanity.N and most other versions of Sality are detected by most competent anti-malware products.

However, the Trojan droppers are of especial concern even when considered separately from Win32.Sanity.N. Unlike a usual Trojan dropper that installs malware before deleting itself, Trojan droppers for Win32.Sanity.N viruses have been found to include functions for disabling many Windows security features, including update management, the firewall and the User Account Control. These attacks, while obviously very negative for your computer's security, do provide obvious symptoms of an infection that will encourage you to disinfect your PC with appropriate software.

Don't Let Win32.Sanity.N Steal Your Sanity Along with Your Security

After its Trojan droppers are done dismantling your computer's security and installing Win32.Sanity.N, Win32.Sanity.N will proceed with its own attacks, which malware analysts have found to include:

  • Infecting EXE and SCR file types on your computer, particularly those that are used regularly or launch by default with Windows.
  • Infecting other computers through any shared removable hard drives or local networks.
  • Interfering with security-related programs by terminating them automatically and/or deleting their database files.
  • Blocking your browser from loading websites that are associated with major PC security companies.
  • Installing other malicious software.
  • Disabling a range of security features through various Registry changes.

Both structurally and in terms of its hostile functions, Win32.Sanity.N is as sophisticated as any other variant of Sality, and SpywareRemove.com malware experts urge you to delete Win32.Sanity.N with the most powerful anti-malware programs you can access. While containing Win32.Sanity.N, you also should avoid sharing any removable hard drive-based devices, and other PCs should not access your hard drive through a network since either action can result in the Win32.Sanity.N infection spreading further.

Win32.Sanity.N Screenshot 2

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



FlashPlayer.sfx.exe File name: FlashPlayer.sfx.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Videonuizle.exe File name: Videonuizle.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Additional Information

The following URL's were detected:
syncrenewedintenselythefile.vip
Loading...