I have seen a rash of this virus this morning on a few of our fileservers. It is quarantining alot of files that are legit (ex. AD tools) and they are all tagged with the sality virus and once I stop the scan and restart it, it seems to stop tagging files with the virus. Anyone else seeing anything like this? It's happening with ver 3 and 4 clients.
Something is infecting those files. Either the virus is spreading via network shares (make sure that you don't have system folders shared and also that admin passwords are strong enough) or you've run an infected file that is carrying on infecting other files. I'd suggest booting from a rescue cd and cleaning the computer.
I am seeing something similar also, but not the sality virus. MS SQL Files that are NOT infected were quarantined with Win32/Agent trojan. Dtswiz.exe and logread.exe were quarantined on multiple servers. I find it extremely hard to believe that these files are now infected, on multiple SQL servers. I'm still looking into it....
None of the files I had quarantined were Sality.NAU, so my circumstances are different. However, something must have changed as these files have been scanned hundreds of time and been clean until yesterday. I found the SQL files that were quarantined were from several quite old Install folders that we have for a couple specific and specialized pieces of software that are quite old. Inside the install folders there was an MSDE folder (I believe from SQL 7) with various files. That is where the SQL files were getting quarantined from. I submitted them for analysis, so hopefully that issue is fixed in future definitions.