Discussion in 'malware problems & news' started by rOadToIS, Dec 21, 2008.
Is there any differences between scanning computer in normal mode and scanning it in safe mode?
It used to be that many forms of malware did not load in safe mode. This made removal pretty easy by the scanning application. Seems though that the bad guys have gotten better in their coding and scanning in safe mode has become less effective.
I think it's something analogous to why I prefer driving my hour and 40 mintues to work at 4:30 in the morning instead of waiting until 7:00? A much simpler cleaner slate environment to hunt the nasties down in where the nasty's ability to cloak itself is more likely to be inhibited.
P.S. Yeah, per ThunderZ nearly simultaneous post, safe mode scanning has certainly been talked long and loud enough that it's bound to have become less airtight than it's been perceived to be in the past.
Better chance of removal in safe mode....much less services loaded, so greater chance of files not being in use, and better chance of being able to be removed.
A while back ago, I read a forum thread that mentioned an article about this by Kevin Souter.(I'm not sure if Wilders ever discussed this.) But here is a link to the article:
Spyware attacks! Windows Safe Mode is no Longer Safe.
Safe mode is ineffective with some viruses... Typically if you cant remove them in your normal user account, you are better off not wasting time, and use an alternate boot disk to do the job... If you are a bit technical a well customized BartPE CD works well...
Here is a nice tool for the technically challenged, that work without much trouble: Dr.Web LiveCD Beats safe mode big time! and it's free!
Note: Don't create these Cleanup CD's from an infected system as the infection could transfer to the CD and infect it as well.
Also once you are done cleaning up with the Boot/Cleanup CD, make sure your system is stable, then turn off system restore. Reboot, and re activate system restore and manually create a fresh restore point. This way you know you will not be reinfected because system restore re installed the infection by accident or you did not re install the previously removed virus trying to resolve some other problem by using system restore to do so. Many accidentally re infect themselves that way...
Separate names with a comma.