Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Better To Scan In Safe Mode Or Regular Mode For Virus/malware?


  • Please log in to reply
4 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 23 October 2007 - 10:45 AM

Just a general question:

1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode?

2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode?

3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?

(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)

Thanks! :thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:16 AM

Posted 23 October 2007 - 10:53 AM

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

Edited by quietman7, 23 October 2007 - 10:56 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 23 October 2007 - 01:14 PM

Thanks for the reply. I think we discussed the general terms of what you posted on another thread. But a question I asked at the time, but never heard back from you on, was the fact that when I scan my computer in safe mode with AVG A/V or Anti-Spyware -- it actually takes 3 times as long (if not longer) than if I scan in normal mode. Why would this be the case?

And just to verify, is it correct then that there is no benefit to scanning in regular mode as compared to safe mode in terms of "bad stuff" not getting spotted by the scanning program, etc.? There's nothing that gets missed in safe mode that would get picked up in regular mode, is that correct?

Thanks again! :thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:16 AM

Posted 23 October 2007 - 01:56 PM

If the malware is not related to a running process it probably will not make a difference if doing your scan in normal or safe mode. If the security tool your using does not include definitions for the malware, then they may not detect or remove it regardless of what mode your using. Most anti-rootkit scanners will not work in safe mode because they utilize a driver which is required for the scanning process and that driver will not load in safe mode. Further, there are rootkit variants (haxdoor) that can run in safe mode so the usual reason for running a scan in that mode does not apply.

Generally speaking, safe mode is more effective but that does not mean you have to use it everytime you perform a scan. Again, generally speaking, doing your scans in safe mode is usually faster but speed depends on a variety of factors.
  • The anti-virus program itself and how its scanning engine is designed to scan.
  • Deep scanning or quick scanning.
  • What action has to be performed when malware is detected.
  • Competition between the scanner and other applications for system resources.
  • Your computer's hard drive size.
  • Disk used capacity (number of files) that have to be scanned.
  • Running processes in the background.
  • Interference from malware.
  • Interference from the user.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Alan D

Alan D

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 23 October 2007 - 04:36 PM

when I scan my computer in safe mode with AVG A/V or Anti-Spyware -- it actually takes 3 times as long (if not longer) than if I scan in normal mode. Why would this be the case?

I find the same thing. In fact pretty well everything I do in safe mode is painfully slow (and has always been so). Someone once explained to me that this was probably because a graphics driver was disabled in safe mode, though I have no idea whether this is correct.
Windows XP Home SP2; AVG 7.5 Internet Security Suite (AV/AS r.t.p, and firewall); Windows Defender (r.t.p on); SuperAntispyware Free; a-squared Free 3.5.0.15; Spybot 1.4 (Immunised, but no Tea-timer); AdAware SE Free; AVG Anti-Rootkit Free; Spywareblaster; MVPS Hosts file (with HostsMan); McAfee Site Advisor.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users