tmhall
Had this question 4
Question
tmhall asked on
| 13309 views

Purpose of doing a virus scan after booting Windows in safe-mode?

I have heard some suggestions that, in certain circumstances, it is best to do a virus scan after booting Windows in safe-mode. So I have two questions:

(1) What type of circumstances would you want to perform a virus scan in safe-mode?

(2) What are the benefits and/or disadvantages of doing so?

I haven't found any reliable info that answers these questions and would appreciate any info, or even just a point in the right direction.

Thanks!

SpiritX MS MVP
Found this helpful 3
Answer
Hi,

The benefit is that some processes and services are not loaded in Safe Mode so there is less chance
that malware can load and interfere with the process. The disadvantage is the same thing so its best
to run the malware checks in Safe Mode and then with-in Windows. Or run in Windows and if any
tough to remove malware is detected then run in Safe Mode and then again in Windows.

If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.

No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run 
them in regular Windows when you can.

TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove. 
http://www.prevx.com/   <-- information
http://info.prevx.com/downloadcsi.asp  <-- download

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

Try the trial version of Hitman Pro :

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/

New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm

Original version
http://onecare.live.com/site/en-us/default.htm

http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

After removing any malware :

Also do these to cleanup general corruption and repair/replace damaged/missing
system files.


Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to Repair Windows 7 System Files with System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Also run CheckDisk so we can rule out corruption as much as possible.

How to Run Disk Check in Windows 7
http://www.sevenforums.com/tutorials/433-disk-check.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

======================================

If needed AFTER you are sure the machine is clean of all malware.

How to Do a Repair Install to Fix Windows 7
http://www.sevenforums.com/tutorials/3413-repair-install.html

Hope this helps.


Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
tmhall
Found this helpful 0
tmhall replied on

Reply

"The benefit is that some processes and services are not loaded in Safe Mode so there is less chance
that malware can load and interfere with the process. The disadvantage is the same thing"

That was what I was hoping to confirm, thanks for the quick response and thoroughness of your reply!

I knew about most of the software and procedures you mentioned with the exception of TDSSKiller.exe and Prevx. I will definitely have to look into those.

Again, thanks for taking the time to answer so thoroughly!

SpiritX MS MVP
Found this helpful 0

Reply

Glad to have helped.


Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
Peachekeen
Found this helpful 0
Peachekeen replied on

Reply

Is this information still relevant in 2013 and still safe to try?
Thanks so much for the great sources!
SpiritX MS MVP
Found this helpful 1

Reply

Hi, 

Yes the original one above is safe to use however there have been some minor changes so
here is the updated version :

If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as
the cause.

No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run 
them in regular Windows when you can.

TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/products/malwarebytes_free

SuperAntiSpyware Portable Scanner - Free
http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

--------------------------------------------------------

Check with :


Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx

----------------------------------------------------------

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove. 
http://www.prevx.com/   <-- information
http://info.prevx.com/downloadcsi.asp?prevx=Y  <-- download

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

Try the trial version of Hitman Pro :

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro

-----------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/

----------------------------------

http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

After removing any malware :

Also do these to cleanup general corruption and repair/replace damaged/missing
system files.


Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to Repair Windows 7 System Files with System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Also run CheckDisk so we can rule out corruption as much as possible.

How to Run Disk Check in Windows 7
http://www.sevenforums.com/tutorials/433-disk-check.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

======================================

If needed AFTER you are sure the machine is clean of all malware. (DO NOT USE IF
MALWARE IS STILL PRESENT.)

How to Do a Repair Install to Fix Windows 7
http://www.sevenforums.com/tutorials/3413-repair-install.html

=======================================

For extreme cases :

Windows Defender Offline

What is Windows Defender Offline?
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Windows Defender Offline : frequently asked questions
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

Windows Defender Offline system requirements
http://windows.microsoft.com/en-US/windows/windows-defender-offline-system-requirements

 

--------

Norton Power Eraser - Eliminates deeply embedded and difficult to remove crimeware
that traditional virus scanning doesn't always detect. Because the Norton Power Eraser
uses aggressive methods to detect these threats, there is a risk that it can select some
legitimate programs for removal. You should use this tool very carefully, and only after
you have exhausted other options.
http://us.norton.com/support/DIY/index.jsp

================================

If you are in North America, you can call 866-727-2338 for help with virus and spyware
infections. See
http://www.microsoft.com/protect/support/default.mspx for details. For
international information, see your local subsidiary Support site.

Microsoft Support - Virus and Security Solution Center
http://support.microsoft.com/contactus/cu_sc_virsec_master?ws=support#tab0

Hope this helps.


Rob Brown - Microsoft MVP <- profile - Windows Expert - Consumer : Bicycle <- Mark Twain said it right!

Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
Peachekeen
Found this helpful 0
Peachekeen replied on

Reply

Thank you SO much!  Some of this I've done, but lots of it i haven't tried yet.

Thanks again!