Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why does safe mode work?


  • Please log in to reply
4 replies to this topic

#1 netdinosaur

netdinosaur

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 26 February 2013 - 12:39 AM

Mod Edit:Moved from XP to the Am I Infected forum... boopme


I caught the "disk antivirus professional" bug on 2-17. It was as described by Mr. Abrams in his front cover article. Fortunately I found this website (chrome wouldn't work, but IE did) and Mr. Abrams described how I could get into safe mode. I was frustrated trying to figure it out and didn't have access to help files.


 

It worked out that I was able to do a successfull system restore to 2-16 while in safe mode. With the computer freed up, I was then able to do a scan, I used microsoft essentials, that located the offending files. 3 were in the recycle bin and the major one in a restorer file which I guess would be used if I wanted to reverse the restore. I was able to remove them completely then.


 

My questions are why did safe mode work? And can safe mode be compromised by an attacker?


Edited by boopme, 26 February 2013 - 10:33 AM.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:52 AM

Posted 26 February 2013 - 08:44 AM

Safe Mode runs a minimum amount of applications which makes it good platform for running scans as you have.  This isn't true with all security software.

 

You should be aware that there is no single software which will catch all of the possible types of infections.  For this reason I will request that this topic be moved to the Am I Infected forum where members and staff who are best qualified to address this can help you.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:52 PM

Posted 26 February 2013 - 10:39 AM

Windows Safe Mode is a way of booting up your Windows operating system in order to run administrative and diagnostic tasks on your installation. When you boot into Safe Mode the operating system only loads the bare minimum of software that is required for the operating system to work. This mode of operating is designed to let you troubleshoot and run diagnostics on your computer. Windows Safe Mode loads a basic video drivers so your programs may look different than normal.

 

Many malware are not executed until the system boots.. This makes them easier to remove in safe mode as they are not active. Also the security tools, that at times can hinder other security tools, are also not running.


Edited by boopme, 26 February 2013 - 11:56 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 netdinosaur

netdinosaur
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 26 February 2013 - 11:52 PM

boopme,

 

Thanks for the insight.

 

 A note of clarification, I didn't run the scan or have it remove offending files while in safe mode.


 

I did the system restore in safe mode, then when informed that the restore was successful, rebooted into regular windows. The "restore" sequestered the malware for eventual removal (I guess). Safe mode, circumvented the malware, and allowed the restore.

 

I didn't even think to run the scan in safe mode. Maybe that would have worked also.


 


Edited by netdinosaur, 26 February 2013 - 11:53 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:52 PM

Posted 27 February 2013 - 12:02 AM

It probably would have. In your case you wer able to get it quickly and remove it ,it appears. Depending on the malware running security scan tools would be a wise choice. That malware was rogue with the onl purpose was to try to separate you from your money. But a Trojan or a Downloader malware would have already droped other things and thus further removal is needed.

 

I would still run my antivirus at least.

 

You're welcome!!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users