- slide 1 of 3
Some virus, Trojans, worms, spyware and other types of malware will prevent the normal operation of the operating system. The desktop background will be taken over and important utilities in Windows, such as Task Manager, System Configuration Utility (MSCONFIG), Services Console, and the Windows Registry editor, are disabled by the malware. Some malware may not be removed properly if the malicious processes is actively running, and not all antivirus or antimalware programs can shutd own the processes, especially if the malware is programmed to prevent antimalware programs from running or even from loading during the normal boot of Windows. A Safe Mode scan may help in some cases, which is what we will cover here.
- slide 2 of 3
Disadvantage and Advantages of Running a Scan in Safe Mode
The advantage of running a scan in Widndows Safe Mode is that only a subset of the normal Windows processes load. Some malware will not load its processes if the computer is started in safe mode, thus allowing the antivirus and antimalware scanner to remove the infection without interference.
A virus scan in Safe Mode has disadvantages, as well. If the malware continues to run its processes and services even in Safe Mode and the antimalware is not effective enough to end the task of the malicious processes, the removal may fail. The antivirus may remove some infections only and the malware will load itself again or download additional malware onto the system when a network connection is found. Some malware will disable Safe Mode option in Windows by deleting the registry key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot. An example of this infection is done by Conficker worm (AKA Downadup, Downup or Kido).
- slide 3 of 3
How to Run an Antivirus Scan in Safe Mode
If your antivirus or antimalware program has the ability to scan in Safe Mode, you don’t have to do anything other than restarting your computer in Safe Mode. To do that, simply restart the computer and press F8 key on your keyboard. You’ll be presented with several boot options:
When pressing F8 key will not help you to boot to Safe Mode, proceed to load Windows in Normal mode then use MSCONFIG to set the computer to start in Safe Mode: Click on Start → Run → type MSCONFIG → press enter key on the keyboard. Select the Boot.ini tab (for XP) or Boot tab in Vista or Windows 7. Under Boot Options, select /SAFEBOOT (in X) or put a check in the box for Safe Boot (for Vista and 7 users). Click OK and allow the system to restart when you received the prompt to restart the computer.
If you don’t have access to the System Configuration Utility (MSCONFIG), download Emergency Utilities to create usable copies of MSCONFIG, Regedit and Task Manager, from Doug Knox website. Use the MSCONFIG from that download to set-up the PC to boot to Safe Mode.
If you succeed in booting or starting the PC to Safe Mode, you can proceed to scanning the computer. Below are examples of antivirus programs that allow scanning in Safe Mode:
- Microsoft Security Essentials let you scan in Safe Mode:
- Avast by Alwil does not offer a safe mode scan but a boot-time scan:
- AVG provides a command-line scanner if your PC is booted to safe mode:
- Like AVG, NOD32 by ESET also offers a command-line scanner in safe mode:
- Norton Antivirus has the ability as well to scan the PC in Safe Mode.
Other antimalware programs also let you scan the computer in Safe Mode:
- SUPERAntiSpyware Free
- Malwarebytes Anti-malware Free
- A-squared Free
- Windows Defender
- Ad-Aware Free
- Spybot-Search & Destroy
If Safe Mode scanning has helped in removing any infection, proceed to undo the changes with your boot-options using MSCONFIG utility. It is recommended to run another scan using Normal mode to verify that the computer is free from viruses or any type of malware.