Tweet
Spyware attacks! Windows Safe Mode is no Longer Safe.
Article By: Kevin Souter
Spyware and viruses are getting craftier. New methods allow them
to boot up even when the user attempts to use safe mode; making
them extremely hard to remove.
Many of us have run into an annoying and time-consuming error:
With your machine running goofey you decide to run a scan for
trojans and spyware. Following the scan, which usually takes
forty minutes or longer if you scan the entire system, you are
hit with the "access denied" error. Frustrating, for sure, but
being the savvy computer user that you are you decide to boot
to safe mode to take care of the issue. No spyware can load
when booted to safe mode, right?
Wrong.
The newer variants of the CoolWebSearch, HuntBar, and VX2
*********s all load even when safe mode is used. There are a few
different ways of accomplishing this, the most common being that
the spyware registers itself as a critical system process. This
ensures that it is loaded regardless of what happens, and makes
it much harder to shut down.
If you can't prevent it from loading then how do you kill it?
The answer to that is easier than it might seem. If you're
running Windows 98 or ME, then the easiest way is to boot to
DOS, and use a command-line scanner to search your hard drive.
These scans actually tend to run a bit faster, since they have
more system resources available to them courtesy of no GUI
being loaded.
"Well, that's all fine and dandy", you're likely thinking to
yourself, "I run Windows XP. You can't read it from DOS." True.
You can't read NTFS hard disks from DOS. However, you can use
Barts PE.
Barts PE is effectively a stripped version of Windows XP. It
boots completely from a CD, and loads a simple graphical user
interface. Coupled with plugins, McAfee, for example, you can
scan your entire computer without the fear that your nifty
little ********* has somehow loaded.
Article By: Kevin Souter
Spyware and viruses are getting craftier. New methods allow them
to boot up even when the user attempts to use safe mode; making
them extremely hard to remove.
Many of us have run into an annoying and time-consuming error:
With your machine running goofey you decide to run a scan for
trojans and spyware. Following the scan, which usually takes
forty minutes or longer if you scan the entire system, you are
hit with the "access denied" error. Frustrating, for sure, but
being the savvy computer user that you are you decide to boot
to safe mode to take care of the issue. No spyware can load
when booted to safe mode, right?
Wrong.
The newer variants of the CoolWebSearch, HuntBar, and VX2
*********s all load even when safe mode is used. There are a few
different ways of accomplishing this, the most common being that
the spyware registers itself as a critical system process. This
ensures that it is loaded regardless of what happens, and makes
it much harder to shut down.
If you can't prevent it from loading then how do you kill it?
The answer to that is easier than it might seem. If you're
running Windows 98 or ME, then the easiest way is to boot to
DOS, and use a command-line scanner to search your hard drive.
These scans actually tend to run a bit faster, since they have
more system resources available to them courtesy of no GUI
being loaded.
"Well, that's all fine and dandy", you're likely thinking to
yourself, "I run Windows XP. You can't read it from DOS." True.
You can't read NTFS hard disks from DOS. However, you can use
Barts PE.
Barts PE is effectively a stripped version of Windows XP. It
boots completely from a CD, and loads a simple graphical user
interface. Coupled with plugins, McAfee, for example, you can
scan your entire computer without the fear that your nifty
little ********* has somehow loaded.
