Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should virus scan be done in safe mode?


  • Please log in to reply
4 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 26 August 2012 - 07:45 PM

First let me say that there is nothing wrong with my computer. I am just curious. I am interested in people's opinions as to the recommended environment for scanning for malware, that is, scanning using my anti-virus software, Malwarebytes, etc which I do periodically (every few weeks or so). Should the scan be done in safe mode? Would scanning in safe mode make it harder for malware to hide from the scanning software? Or is there no difference as to whether I can in safe mode or regular mode?

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 PM

Posted 27 August 2012 - 04:59 AM

Would scanning in safe mode make it harder for malware to hide from the scanning software?

As rule, Malwarebytes Anti-Malware should always be used in Normal mode, as not all items are loaded, and are available for scanning.
The company, Malwarebytes, has always said to use Normal mode when ever you can to scan.
Because there can be problems when infected, they developed the Chameleon version, for use when Normal version is not working -

Go - Start > Programs > Malwarebytes > Tools > Malwarebytes Chameleon -
From there you can run the Safety Version that will work if you are infected or can only get Safe mode

Your statement of scanning "every few weeks" is a bit "not reasonable", as you should Update and Quick Scan at least once a week to be sure of safety
I have Pro version on one computer, but only Free version on another one that I Update daily, and scan at least 3 or 4 times a week.
With the average Quick scan only taking 4 to 5 minutes, it is no problem while I just make a coffee and it is finished -

Thank You -
Please ask further if you have more questions B)

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 AM

Posted 27 August 2012 - 01:28 PM

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In many cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, Malwarebytes loses some effectiveness for detection and removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of Malwarebytes.

Scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. A hidden piece of malware such as a rootkit which protects other malicious files and registry keys may not be detected in either mode without the use of special tools. Additionaly, if the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used. Also keep in mind that there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 xspeed

xspeed

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 30 May 2017 - 11:51 PM

Greetings,

 

Can someone say please if these advises ares till available today, after almost 5 years ?

 

Edit: Are these advises available for all kinds of malware scan, like adware, spyware, etc?

 

Regards.


Edited by xspeed, 31 May 2017 - 12:04 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 AM

Posted 31 May 2017 - 04:24 AM

Yes...the above information is still applicable today.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users