"X" requires restart.. ok to just reboot back to safe mode?

kisk

kisk

Member
Reaction score
24
Location
Huntsville, AL
When I receive a job for spyware/virus removal I first like to boot the computer normally to see what I'm working with. After assessing what I'll be working with, I reboot back into safe mode (heh, if possible).

Once in safe mode I'll run all my scans. Some scans require a reboot as it cannot remove the items while the OS is running. Is it sufficient to just reboot directly back into safe mode? I prefer to keep the computer in safe mode as I don't want anything left behind to recreate keys/files and make me rescan.

Thanks,
kisk
 
kisk said:
When I receive a job for spyware/virus removal I first like to boot the computer normally to see what I'm working with. After assessing what I'll be working with, I reboot back into safe mode (heh, if possible).

Once in safe mode I'll run all my scans. Some scans require a reboot as it cannot remove the items while the OS is running. Is it sufficient to just reboot directly back into safe mode? I prefer to keep the computer in safe mode as I don't want anything left behind to recreate keys/files and make me rescan.

Thanks,
kisk
Click to expand...

I think some of those programs want some kind of administrative control to finish up their work, so in some cases it would probably not be a good idea to go back into safe mode.
 
The programs asking about are Malwarebytes and SUPERAntiSpyware (both stick startups in HKLM on program start), which won't be started in safe mode. Was wondering if the removal process is actually put into a Windows pre/post startup run-list.
 
I'm like you I start the computer up normally

I'm like you I start the computer up normally to see what the user sees. If you do in shop repairs always boot the computer before the user leaves and also start it up when they come to pick it up. One of the first things I do also is make a system restore point (if possible).

Mostly it is a good idea to manually stop malware and remove them from startup locations and then do the scans with your anti maware programs to get rid of everything. You can also slave the drive and run anti malware programs on the slaved drive. Think outside of windows by running live CD's like Dr. Web or Avira Rescue.

No one anti malware program is going to catch everything, always use different ones. I recommend leaving AVG on a computer as the AV program because it is so end user friendly but Avast has a good boot up scanner. SuperAntiSpyware and Malwarebytes are good and programs like SpywareBlaster, McAfee Site Advisor and a good firewall help to prevent infections.

Good programs to help you to remove malware are HijackThis, Autoruns, Process Explorer and CCleaner. But the best thing is learning what should be in startup and what should not be there, don't depend on a program.

Here is a tip that might help you, hold down the Shift key immediately after the log on process to prevent the OS from running startup programs or shortcuts in the following folders, you must hold down the Shift key until after the desktop icons appear.
systemdrive\Documents and Settings\Username\Start Menu\Programs\Startup
systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup
windir\Profiles\Username\Start Menu\Programs\Startup
windir\Profiles\All Users\Start Menu\Programs\Startup
PS
Don't forget to check in Scheduled Tasks for malware startups
 
Thanks for the <shift> tip! Never heard this before. Does this work in all Win OS revisions? (xp/vista/seven)

I agree with AVG, I have put this onto 8 systems the past month. I like it because there is zero registration and it works well. I personally use Avast on my home machines. What do you charge for an AV install? I've been doing it for free.

Been loving Process Explorer lately. I've had 2 systems the past week that were infected with the virus that puts winlogon86.exe as the userinit and ProExp was the only thing I could use to kill winlogon86.exe. I then restored regedit/taskman/etc with Re-Enable Portable and clean the rest of the system.

Autoruns & CCleaner are a given :)

I have a live cd, UBCD4Win, but it takes foreverrrrr to load and most of the addon software I put on it doesn't even work. I'll check out the other live cd's you suggested, thanks! :)
 
If you can boot normally then why not just do everything from there? What is the thinking behind using safe mode?
 
MobileTechie said:
If you can boot normally then why not just do everything from there? What is the thinking behind using safe mode?
Click to expand...

As stated it can be faster, also those items that startup or might be locked by windows in normal mode are often times not when in safe mode, also you have less to interfere with the cleaning process by using safe mode overall.
 
You must log in or register to reply here.

Similar threads

phaZed
[SOLVED] How to uninstall Forticlient AV that was installed from EMS management dashboard?
Replies
2
Views
17K
Your PCMD
Your PCMD
Tech bud
Windows refresh freezing, safe mode
Replies
2
Views
689
Tech bud
Tech bud
sapphirescales
EVERYONE Needs to Close or Do Drop-Off Only - NOW!
Replies
18
Views
5K
britechguy
britechguy
Archon Prime
Bootup Issue with AIO Dell
2
Replies
20
Views
4K
Archon Prime
Archon Prime
sapphirescales
Going Back to my Roots
2 3
Replies
40
Views
4K
callthatgirl
callthatgirl
Back
Top