What is the relationship betweem safe mode & the registry?

  • Thread starter Thread starter Gary Helfert
  • Start date Start date
G

Gary Helfert

Does "safe mode" use a separate registry or the same registry as a normal XP
startup.
If the effects of a virus appear in a normal startup but disappear when
booted in
safe mode, would this indicate one of my device drivers might be infected.
As I understand it, safe mode launches windows with a minimum number of
device drivers.
Can anybody shed some light on what safe mode is all about?
 
Does "safe mode" use a separate registry or the same registry as a normal XP
startup.
If the effects of a virus appear in a normal startup but disappear when
booted in
safe mode, would this indicate one of my device drivers might be infected.
As I understand it, safe mode launches windows with a minimum number of
device drivers.
Can anybody shed some light on what safe mode is all about?
Click to expand...
Safe Mode also doesn't run stuff set to start automatically at boot
time either.
 
Gary Helfert said:
Does "safe mode" use a separate registry or the same registry as a normal XP
startup.
If the effects of a virus appear in a normal startup but disappear when
booted in
safe mode, would this indicate one of my device drivers might be infected.
As I understand it, safe mode launches windows with a minimum number of
device drivers.
Can anybody shed some light on what safe mode is all about?
Click to expand...

There is only one registry in any OS. Safe mode loads a minimal amount of
drivers (VGA, mouse, etc.) at boot. It loads no TSRs. Many of your apps
could have a RUN statement at boot up (VirusScan, eBay tool bar, Pop up
blocker, Yahoo IM, etc.). Safe mode does not load these. It is likely one of
those has the virus as the primary target for viruses is executables, and
documents (not related to this issue.) Troubleshooting this can be long. I
suggest you contact someone by phone. Writing it all out would take too much
time. I have to be at the office in 20 minutes.

Or download some other virus scanners. The free trials. Run those till you
find it.
 
Does "safe mode" use a separate registry or the same registry as a normal XP
startup.
If the effects of a virus appear in a normal startup but disappear when
booted in
safe mode, would this indicate one of my device drivers might be infected.
As I understand it, safe mode launches windows with a minimum number of
device drivers.
Can anybody shed some light on what safe mode is all about?
Click to expand...
******************* REPLY SEPARATER *******************
Life is not as simple with the NT syle operating systems as it was with Win 9x.
Registry information comes from five files stored in a subdirectory of the
Windows System directory.

c:\windows\system32\config\system
c:\windows\system32\config\software
c:\windows\system32\config\sam
c:\windows\system32\config\security
c:\windows\system32\config\default

Normally, these files are inaccessible once the system has booted up (even in
safe mode). They are however accessible in the Console Recovery mode, and
Microsoft has a procedure for manually recovering these files (Q307545).

The following description of an NT style startup process should not be taken as
gospel; it is simply my understanding of it.

- ROM BIOS initializes all the physical devices it finds and defines the boot
disk.
- the boot strap loader is loaded from track zero of the boot disk.
- the OS "kernel" is then loaded from the boot disk.

Up to this point, the boot information could have come from floppy, CD, or hard
disk, and the boot process will then look for the actual Operating System which
is normally located on a hard disk. If it finds it, it will begin to load it,
with the registry information being one of the first bits of information
loaded. As it completes each step of the load process, it logs that information
in various log files (which can be seen using the DIR /A command in the
directory noted above). Normal boot up hides the boot options, but "Safe Mode"
gives you a number of different options that determine how much of the
operating system is loaded. Anything other than a normal boot could be
considered "Safe Mode".

So in answer to your question, there is no difference in the relationship
between the boot mode and the registry. The registry determines to a great
extent what gets loaded, and the boot mode simply determines how much of that
is actually loaded.

J.A. Coutts
 
Back
Top