Easier to detect stealth rootkits in safe mode?

Discussion in 'malware problems & news' started by R2D2, Oct 19, 2005.

Thread Status:
Not open for further replies.
  1. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    I was just wondering.

    Would a hidden rootkit or malware (such as keyloggers) come out of stealth mode if rebooting a PC into safe mode for a scanner to detect them? I'm pretty sure some scanners work fine in safe mode to detect them.

    Jeff
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    My guess is that it would still be invisible in safe mode.

    So long as it is running it can tell Windows it is not there by interfering with the relevant telltale info. So the question is would it still be running in safe? I think that in all probability it would have installed part of itself into an important system file that would always be running on bootup - even in safe.
     
  3. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    there are many rootkits that are partly visible( a trace in the registry, or filesystem ) , or not loaded in safe mode-
    as there are some that are invisible too.

    you 'd still need to know what to search for
     
Loading...
Thread Status:
Not open for further replies.