Using Safe mode for cleaning PC

Discussion in 'other anti-malware software' started by ako, Oct 30, 2010.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Is using safe mode nowadys useful? Many malware runs in safe mode too/blocks safe mode.

    P.S. Which of these run in safe mode?

    http://www.techsupportalert.com/con...-security-list-world.htm#Scanners__on-demand_

    AV-Scanners:
    Hitman Pro
    Trendmicro
    Kaspersky
    Norton Security Scan
    Bitdefender free
    MWAV
    Wuzzup
    VBA32check
    MalAware
    Online Armor Cloudscanner
    Sophos Threat Detection Test
    ClamWin
    Comodo cloud scanner

    Anti-malware scanners:
    Malwarebytes Anti-Malware
    Superantispyware
    NoVirusThanks
    Spy Sweeper
    Spyware Doctor
    Spy-Emergency
    CA antispyware
    Spybot S&D

    Portable antivirus/antimalware (can be run with UBCD4Win):
    DrWeb cureit
    Emsisoft Emergency USB Stick files
    Superantispyware
    VIPRE Rescue
    AVZ AVZ database
    Norman malware cleaner
    Trendmicro Sysclean
    ClamWin portable

    Multi-AV scanners:
    Multi-AV scan
    Antivirusmulti
    Avert
     
  2. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Since blowing away the samode keys and loading malware from safemode are both trivial actions safemode cleanup is close to useless or not even possible in most modern cases.

    Before I quit IT if I could not fix a system in regular mode I would move directly to boot disk as safemode did not offer enough additional stability to justify the terrible safemode system performance.

    Malwarebytes installs and runs from safemode but we only recommend it when regular mode is unreachable.


    EDIT:

    This actually brings up an interesting question. To all of the HIPS/behavior blocker users, does your software block/prompt when the safemode keys themselves are tampered with/deleted? I am not talking about adding/removing an additional service now, I am talking about the parent key to all of them.
     
    Last edited: Oct 30, 2010
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    I think most HIPS/BB software block attemps to tamper with the safemode keys, Kaspersky Internet Security included.

    AFAIK AVZ works under safemode, I don't know about the rest (except for Malwarebytes, which got already answered).

    I don't think cleaning in safemode helps anything, since most rootkits are active also in safe mode, defending themselves just like in normal mode.
     
    Last edited: Oct 30, 2010
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Well, when you're attempting malware cleanup in the field and you can't get access in normal mode it makes sense to try SAFE mode simply because it's a lot faster than booting a rescue CD. Lately I've been coming up against more rogue AVs which are active in SAFE mode, but sometimes I can get Regedit up and disable the rogue autostart entry. Obviously if the F8 key is disabled during boot you know that SAFE is not an option. By the way, does anyone know if there's a third party app for Vista/7 that can be used to force a safe mode boot?
     
  5. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    i also cleaning in normal mode. only if an tool dos not run in normal mode trying to clean in safe mode.
     
  6. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I never use safe mode. Just asking, as still some people recommend it.
     
  7. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Bruce,

    Why not simply remove change permission through regedit for admin and system. After installing the OS and the anti-malware programs one likes to use?

    Since this setting is intended as a bare back rescue route, there should be no need to adopt ever, would it?

    As a Newby I would appreciate your expert thoughts on this
     
  8. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Permissions are a way to harden a system but are not bullet proof. If you execute (intentionally or unintentionally) malware from an admin account it (like you) can change any permissions it feels like.
     
Loading...
Thread Status:
Not open for further replies.