Reply to thread

Message

<blockquote data-quote="Parsh" data-source="post: 864345" data-attributes="member: 58090">I&#039;ve not used SpyShelter.VDS should block the .exes or the .scr files through which Sality viruses often target systems. VDS does not block exploits, but the payloads delivered.Sality viruses have many mechanisms like loading a malicious DLL through SYSTEM folder / load their code in-memory without touching the disk / loading a device driver etc and then infecting autoruns and creating backdoors.VDS does not protect against in-memory exploits, though if a new process (not whitelisted) is spawned in the sequence, VDS will alert. Then again, it&#039;s upon the user&#039;s conscience and choice of action on the alert. VDS was earlier not able to directly or indirectly protect against device drivers, though I had read only 1 such case on WS forum. Not sure about its current capability.Still, for a home user, in most cases, VDS accompanied with a good AV with memory scanning should be enough.You should not be more worried about this specific virus than other malware infections. Securing different attack vectors is the baseline. You could sandbox your browser to fortify.Regarding the possibly infected program files, a real-time AV that scanned those setup files when they were created/downloaded will most likely be detecting (tempering) changes to the files. Malware authors had found workarounds for this, but it&#039;s a cat-and-mouse game. A VT scan can also help with 2nd opinion.You should verify the setup.exe <a href="https://www.novirusthanks.org/products/md5-checksum-tool/" target="_blank">checksum</a> with the checksum listed on the official site of the downloaded program. Other than that, getting a fresh/updated copy of the program setup file every time you need to install a program, and running a checksum verification before installing is a good idea.</blockquote>

[QUOTE="Parsh, post: 864345, member: 58090"] I've not used SpyShelter. VDS should block the .exes or the .scr files through which Sality viruses often target systems. VDS does not block exploits, but the payloads delivered. Sality viruses have many mechanisms like loading a malicious DLL through SYSTEM folder / load their code in-memory without touching the disk / loading a device driver etc and then infecting autoruns and creating backdoors. VDS does not protect against [I]in-memory exploits[/I], though [I]if[/I] a new process (not whitelisted) is spawned in the sequence, VDS will alert. Then again, it's upon the user's conscience and choice of action on the alert. VDS was earlier not able to directly or indirectly protect against device drivers, though I had read only 1 such case on WS forum. Not sure about its current capability. Still, for a home user, in most cases, VDS accompanied with a good AV with memory scanning should be enough. You should [I]not[/I] be more worried about this specific virus than other malware infections. Securing different attack vectors is the baseline. You could sandbox your browser to fortify. Regarding the possibly infected program files, a real-time AV that scanned those setup files when they were created/downloaded will most likely be detecting (tempering) changes to the files. Malware authors had found workarounds for this, but it's a cat-and-mouse game. A VT scan can also help with 2nd opinion. You should verify the setup.exe [URL='https://www.novirusthanks.org/products/md5-checksum-tool/']checksum[/URL] with the checksum listed on the official site of the downloaded program. Other than that, getting a fresh/updated copy of the program setup file every time you need to install a program, and running a checksum verification before installing is a good idea. [/QUOTE]

Verification