detection icon

Short bio

Sality.Virus.FileInfector.DDS is Malwarebytes’ detection name for a family of viruses detected by Malwarebytes’ Katana engine. Sality is a polymorphic virus that targets Windows systems and affected computers are tied together to form a botnet.

The detection names are produced by Malwarebytes 4 and Malwarebytes business products. These generic malware detections are due to our new automated signature system called BytesTotal and specifically the DDS engine that are based on Machine Learning technology with 100% autonomous learning which don’t require any human interaction to correctly identify malware. These techniques are part of Malwarebytes’ Katana engine and were developed for automated mass detection of wide ranges of malware and adware.


Sality typically infects files with a .scr or .exe extension which will increase in size dur to the infection.


After removal of the infected files the system may be missing vital files for programs to run. Since Sality avoids file protected by the Systems File Checker (SFC) there is a good chance the operating system itself will remain operational.

Type and source of infection

Sality.Virus.FileInfector.DDS spreads by adding the virus code to other executable files and can in some cases be deployed to install other malware.


The Malwarebytes’ Katana engine detects unknown threats as Sality.Virus.FileInfector.DDS by using generic detections, Machine Learning, and other Artificial Intelligence techniques to protect users from malware.