Scanning for Viruses-1.

  • Thread starter Thread starter Kayman
  • Start date Start date
K

Kayman

I have a couple of questions with respect to scanning modes.

1.Should routine scanning for viruses/malware be performed in safe mode or
is normal mode adequate?

If a virus is found, I understand that it is highly advisable to scan in
safe mode to
remove viruses more effectively.

2.Should the safe-mode scan *include* clean-boot operation, and if so, are
the succeeding steps acceptable?

Follow instructions as per http://support.microsoft.com/kb/31053 **AND**
click on tab BOOT.INI and check /SAFEBOOT.

Thanks in advance for response.
 
Kayman said:
I have a couple of questions with respect to scanning modes.

1.Should routine scanning for viruses/malware be performed in safe mode or
is normal mode adequate?
Click to expand...

ideally it would be done after booting from a known clean bootable
medium (like a bartpe disk)... barring that, safe mode is probably
better than normal mode but that's not always a sufficient precaution...

the idea is to scan in an environment where the malware can't be running
so that the malware can't interfere with the scanning process or
actively hide itself... there's a somewhat reduced chance of the malware
running when you boot into safe mode, but if you execute anything off of
the suspect drive there is a chance that whatever malware you suspect is
on it will be executed as well...
If a virus is found, I understand that it is highly advisable to scan in
safe mode to
remove viruses more effectively.
Click to expand...

running in a 'safe' environment is just as important for detection as it
is for recovery...
2.Should the safe-mode scan *include* clean-boot operation, and if so, are
the succeeding steps acceptable?

Follow instructions as per http://support.microsoft.com/kb/31053 **AND**
click on tab BOOT.INI and check /SAFEBOOT.

Thanks in advance for response.
Click to expand...

??? are you sure that's the right url? that seems to be something about
quickbasic..
 
Kayman said:
Thanks for informative response.
With respect to the URL, I omitted by mistake the number 3.
The correct URL is http://support.microsoft.com/kb/310353
Click to expand...

ah, yes, that's much better...

the answer is that microsoft's idea of what a clean boot is is
completely borked... it's a suped up version of safe mode, disabling as
much as possible but still booting from the suspect media, which means
it's running code off the suspect drive and therefore possibly running
malware...
 
Back
Top