Scanning in safe mode?

  • Thread starter Thread starter TWIST
  • Start date Start date
T

TWIST

Could someone please remind my why it is better to scan in
safe mode? And also is it an advantage to turn of system restore
temporarily?

Thanx in advance.
 
Could someone please remind my why it is better to scan in
safe mode?
Click to expand...

Fewer items get loaded. Typically, the stuff you're trying to
find doesn't get loaded and so can't stealth itself or re-
install itself from memory every time you delete it.



And also is it an advantage to turn of system restore
temporarily?
Click to expand...

It'll speed up the scan as there'll be less to do. But turning
it off loses all restore points, and maybe you might need/want
one.
 
Befunge Sudoku said:
Fewer items get loaded. Typically, the stuff you're trying to
find doesn't get loaded and so can't stealth itself or re-
install itself from memory every time you delete it.



And also is it an advantage to turn of system restore

It'll speed up the scan as there'll be less to do. But turning
it off loses all restore points, and maybe you might need/want
one.
Click to expand...
I understood if you turn off system restore it will flush out any nasties!
 
TWIST said:
Could someone please remind my why it is better to scan in
safe mode?
Click to expand...

there's a good chance (no guarantees though) that the whatever malware
you *might* have won't be active in safe mode and therefore won't be
able to interfere with your scanner...
And also is it an advantage to turn of system restore
temporarily?
Click to expand...

generally that's for when you're recovering from a
virus/worm/whatever... turning off the virus restore - err *system*
restore - is the means by which you remove any malware that may have
crept into your restore points by removing the restore points
themselves, as not only can they not be manipulated in a more
sophisticated fashion they often can't even be scanned...
 
I understood if you turn off system restore it will flush out any nasties!
Click to expand...

And everything else...
It'll get rid of anything bad in there, sure.
A full scan in Safe Mode should clean anything it finds in the
restore points anyway.

If you feel OK about throwing away all your restore points, why
did you ever have it switched on in the first place?
 
I understood if you turn off system restore it will flush out any nasties!
Click to expand...

System Restore is a form of backup. If you happen to know when you
took a malware hit, and you have a Restore point prior to that, then
you can use Restore to get rid of the malware.

The problem is that users usually have no idea of when they took a
malware hit, and their Restore points are often infested. That's why
flushing System Restore is usually suggested _after_ cleaning up the
malware.

Art

http://home.epix.net/~artnpeg
 
Could someone please remind my why it is better to scan in
safe mode? And also is it an advantage to turn of system restore
temporarily?

Thanx in advance.
Click to expand...
**************** REPLY SEPARATER ********************
If malware is configured as a service (and many are), you will not be able to
remove it while it is running. When you start in safe mode, all the programs
that are configured to auto start from registry "run" do not auto start. This
allows them to be deleted safely.

System Restore is an extension of the old "Use the previous successful boot"
configuration" in NT and W2K. Unfortunately, it is a tremendous resourse hog,
and one of the first things that I disable on a new machine.

J.A. Coutts
 
TWIST said:
Could someone please remind my why it is better to scan in
safe mode?
Click to expand...

It is best to scan from within a software environment where the malware
isn't running. Safe mode is a way to get you almost there. Better would
be to boot into an alternative OS that has the ability to read the contents
of the suspect storage areas while not running any code from those areas.
And also is it an advantage to turn of system restore
temporarily?
Click to expand...

System restore is a non-issue. Flush it if you want to (it's probably
infested anyway) or don't. It can be used to restore to a last known
good point after some non-malware related screwup, but when there
is malware involved there is a good chance that restoring will restore
the malware too.
 
kurt said:
generally that's for when you're recovering from a
virus/worm/whatever... turning off the virus restore - err *system*
restore - is the means by which you remove any malware that may have
crept into your restore points by removing the restore points
themselves, as not only can they not be manipulated in a more
sophisticated fashion they often can't even be scanned...
Click to expand...
Even under controlled conditions of sending trojan files to an AV vendor
your restore points can become infected. That has happened to me
several times.
So, anytime I deal with them I always clear my restore points afterwards.
 
Back
Top