Using Safe mode for cleaning PC

Is using safe mode nowadys useful? Many malware runs in safe mode too/blocks safe mode.

P.S. Which of these run in safe mode?

http://www.techsupportalert.com/con...-security-list-world.htm#Scanners__on-demand_

AV-Scanners:
Hitman Pro
Trendmicro
Kaspersky
Norton Security Scan
Bitdefender free
MWAV
Wuzzup
VBA32check
MalAware
Online Armor Cloudscanner
Sophos Threat Detection Test
ClamWin
Comodo cloud scanner

Anti-malware scanners:
Malwarebytes Anti-Malware
Superantispyware
NoVirusThanks
Spy Sweeper
Spyware Doctor
Spy-Emergency
CA antispyware
Spybot S&D

Portable antivirus/antimalware (can be run with UBCD4Win):
DrWeb cureit
Emsisoft Emergency USB Stick files
Superantispyware
VIPRE Rescue
AVZ AVZ database
Norman malware cleaner
Trendmicro Sysclean
ClamWin portable

Multi-AV scanners:
Multi-AV scan
Antivirusmulti
Avert

 

Since blowing away the samode keys and loading malware from safemode are both trivial actions safemode cleanup is close to useless or not even possible in most modern cases.

Before I quit IT if I could not fix a system in regular mode I would move directly to boot disk as safemode did not offer enough additional stability to justify the terrible safemode system performance.

Malwarebytes installs and runs from safemode but we only recommend it when regular mode is unreachable.


EDIT:

This actually brings up an interesting question. To all of the HIPS/behavior blocker users, does your software block/prompt when the safemode keys themselves are tampered with/deleted? I am not talking about adding/removing an additional service now, I am talking about the parent key to all of them.

 

I think most HIPS/BB software block attemps to tamper with the safemode keys, Kaspersky Internet Security included.

AFAIK AVZ works under safemode, I don't know about the rest (except for Malwarebytes, which got already answered).

I don't think cleaning in safemode helps anything, since most rootkits are active also in safe mode, defending themselves just like in normal mode.

 

Well, when you're attempting malware cleanup in the field and you can't get access in normal mode it makes sense to try SAFE mode simply because it's a lot faster than booting a rescue CD. Lately I've been coming up against more rogue AVs which are active in SAFE mode, but sometimes I can get Regedit up and disable the rogue autostart entry. Obviously if the F8 key is disabled during boot you know that SAFE is not an option. By the way, does anyone know if there's a third party app for Vista/7 that can be used to force a safe mode boot?

 

i also cleaning in normal mode. only if an tool dos not run in normal mode trying to clean in safe mode.

 

I never use safe mode. Just asking, as still some people recommend it.

 

Bruce,

Why not simply remove change permission through regedit for admin and system. After installing the OS and the anti-malware programs one likes to use?

Since this setting is intended as a bare back rescue route, there should be no need to adopt ever, would it?

As a Newby I would appreciate your expert thoughts on this

 

Permissions are a way to harden a system but are not bullet proof. If you execute (intentionally or unintentionally) malware from an admin account it (like you) can change any permissions it feels like.