Sality virus question

[Dhruv2193]

How will programs like Voodooshield, Spyshelter work against Sality virus in both cases where sality first is introduced into PC and when it is able to infect setup files of programs?

 

[EndangeredPootis]

Im pretty sure most HIPS/whitelisting programs will block the initial payload, and voodooshield scannning programs with 50+ AV's will probably catch it.

 

[Dhruv2193]

Im pretty sure most HIPS/whitelisting programs will block the initial payload, and voodooshield scannning programs with 50+ AV's will probably catch it.

Thanks. what about infected setup files of programs?

 

[EndangeredPootis]

Thanks. what about infected setup files of programs?

Uploading them to virustotal is the easiest way of knowing.

 

[Parsh]

How will programs like Voodooshield, Spyshelter work against Sality virus in both cases where sality first is introduced into PC and when it is able to infect setup files of programs?

I've not used SpyShelter.
VDS should block the .exes or the .scr files through which Sality viruses often target systems. VDS does not block exploits, but the payloads delivered.
Sality viruses have many mechanisms like loading a malicious DLL through SYSTEM folder / load their code in-memory without touching the disk / loading a device driver etc and then infecting autoruns and creating backdoors.
VDS does not protect against in-memory exploits, though if a new process (not whitelisted) is spawned in the sequence, VDS will alert. Then again, it's upon the user's conscience and choice of action on the alert. VDS was earlier not able to directly or indirectly protect against device drivers, though I had read only 1 such case on WS forum. Not sure about its current capability.

Still, for a home user, in most cases, VDS accompanied with a good AV with memory scanning should be enough.
You should not be more worried about this specific virus than other malware infections. Securing different attack vectors is the baseline. You could sandbox your browser to fortify.

Regarding the possibly infected program files, a real-time AV that scanned those setup files when they were created/downloaded will most likely be detecting (tempering) changes to the files. Malware authors had found workarounds for this, but it's a cat-and-mouse game. A VT scan can also help with 2nd opinion.
You should verify the setup.exe checksum with the checksum listed on the official site of the downloaded program. Other than that, getting a fresh/updated copy of the program setup file every time you need to install a program, and running a checksum verification before installing is a good idea.