Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should Super Antispyware and/or Malwarebytes be run in safe mode?


  • Please log in to reply
5 replies to this topic

#1 CTC40

CTC40

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 28 September 2010 - 09:29 AM

I know that after you run either one of them in normal mode, if they find Malware that is in use/or in memory, they prompt you to reboot to complete the removal process.
So, is it necessary to run them in safe mode?

Edit: Moved topic from All Other Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:05:43 AM

Posted 28 September 2010 - 12:47 PM

A lot of times, if I know a system is really infected (instinct) I run a scan in safe mode first and then follow it up with a scan in normal mode.

But in answer to your question, it isnt really necessary
In the beginning there was the command line.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 22,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 September 2010 - 03:58 PM

Generally SUPERAntiSpyware is more effective if run in Safe Mode. Malwarebytes, however, is designed to be more effective in Normal Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 chromebuster

chromebuster

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:43 AM

Posted 28 September 2010 - 06:19 PM

I wonder why that is? I've run SAS plenty of times just for background malware checks or varification and have never ran it in safe mode. Well, that also probably has to do with the fact that microsoft doesn't let the sound drivers load while in safe mode, and being a blind user, that's not very efficient. LOL.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:43 AM

Posted 28 September 2010 - 08:42 PM

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again.


Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In most cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection and removal when used in safe mode.

Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.

Note: If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. If the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 chromebuster

chromebuster

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:43 AM

Posted 03 October 2010 - 12:18 AM

Now that you mention drivers, considering the blind population were not considered when Microsoft developed Windows, have you ever seen a piece of malware hidden within one or more of the sound drivers? Just a curious question.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users