Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanning


  • Please log in to reply
3 replies to this topic

#1 hiroshi

hiroshi

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:redmond,WA
  • Local time:01:10 PM

Posted 14 September 2010 - 10:52 AM

Should one be scanning for viruses and malware in SafeMode always? I have Norton 360 which run while my computer is on but, it does not block malware. I got infected with AV Security Suite and with instruction from Bleeping Computer to remove it but, the malware kept coming back. I finally went into SafeMode and did a complete scan with Malwarebytes and Spybot and was able to remove the malware. Should I also make it a habit to scan weekly?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:10 PM

Posted 14 September 2010 - 12:54 PM

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In most cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection and removal when used in safe mode.

Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.

Note: If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. If the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used.

Edited by quietman7, 14 September 2010 - 12:55 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 hiroshi

hiroshi
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:redmond,WA
  • Local time:01:10 PM

Posted 16 September 2010 - 10:34 AM

:thumbsup: quietman7, Just so I understand, Why would Malwarebytes not remove the AV malware without going into SafeMode? I ran it several times along with Spybot and it came back every time. Have to keep learning will all the critters out there.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:10 PM

Posted 16 September 2010 - 12:21 PM

I think you may have misunderstood. To clarify Malwarebytes is more effective and will remove more malicious files in normal mode. That is how it was designed.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time.

Further, some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys so they cannot be permanently deleted. Other types of malware can even terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users