was reading an article about new version of sality,the part that "blew my mind" when i saw that the new sality adds the driver to the registry branch System\CurrentControlSet\Control\SafeBoot that allows the driver to boot in safe mode.Safe mode won't work..i mean it's completely useless to try to remove the virus in safe mode(correct me if i am wrong)
also:
Below is a screenshot of the unpacked DLL. It contains lines which demonstrate the virus’ capability to resist security software: “avast! Self Protection”, “NOD32krn”, “Avira AntiVir Premium”, “DRWEBSCD” etc. Sality uses one of the simplest ways to shut off an antivirus: it attempts to close all windows and terminate all processes with names associated with security products.