whats a good virus scanner that can install/run in safe mode?

eon

2[H]4U
Joined
Oct 11, 2003
Messages
2,218
im helping a friend over the phone and i dont have access to a computer right now. Basically the computer is booting into safe mode no matter what. We already checked the boot options in msconfig. I just wanted to make sure this isnt a virus doing this but MSE wont install in safe mode. So does anyone know of a solid scanner/removal app that install or scan without needing an install in safe mode? thanks
This is for Win7 btw.
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,406
MSE uses windows installer, which is a service that may not be loading in Safe Mode. Try something like Malwarebytes.

You checked MSCONFIG and "Safe Boot" is unchecked? What about Diagnostic mode? It looks a lot like Safe Mode.
 

eon

2[H]4U
Joined
Oct 11, 2003
Messages
2,218
Yes we already checked msconfig, and also boot options from f8 menu do nothing. It will still go immediately to safe mode even if you select boot normally or with "last good configuration"
but ill have her try malwarebytes, i kinda assumed that was just for spyware kinda stuff but we'll see. thanks
 

jeoff_b

Limp Gawd
Joined
Mar 29, 2010
Messages
133
If your just trying to run a virus scan, why not just run a web version. Pretty much all the good virus scanners offer an online version that is great for running when you have a virus and are afraid that it might have compromised your current virus scanner.
 

kettle

n00b
Joined
Apr 16, 2011
Messages
6
You could always boot up a live Linux CD (knoppix/debian/...) and run clamav. Make sure to update it first. A benefit of running a live CD (created on a different computer!!) is that you won't have any viruses running that could theoretically circumvent the anti-virus when it is installed.
 

GushpinBob

2[H]4U
Joined
Dec 11, 2007
Messages
2,721
combofix dont work on windows 7
If it boots into safe mode try tappng f8 and then choose normal startup
otherwise download hironbootd cd
http://www.hirensbootcd.org/files/Hirens.BootCD.13.2.zip

heres how to make a bootable usb with it
http://www.hirensbootcd.org/usb-booting/

use win xp lite on it and scan your pc with dr web or avira

Huh? ComboFix is explicitly stated in the link 440BX posted as supported under Windows 7 (32/64 bit)

EDIT: Good Lord! [H]ard|Gawd status in 41 days?! Time to take a break from the keyboard, friend. :D
 

Spooony

2[H]4U
Joined
Mar 9, 2011
Messages
2,073
Huh? ComboFix is explicitly stated in the link 440BX posted as supported under Windows 7 (32/64 bit)

EDIT: Good Lord! [H]ard|Gawd status in 41 days?! Time to take a break from the keyboard, friend. :D

Again Combofix don't work under windows 7. Combofix is useless against file viruses as well as it will just pop up message saying its been tampered with and won't run. You never boot into safe mode when you don't know the name of a virus coz rootkits can't be detected nor most viruses.
Virut will destroy your data beyond repair going into safe mode.
Then malware will try and disable safe boot not let you boot into it the whole time.

Download this
www.glaryutilities.com/

Run Autoruns and see what's running at startup
Download this aswell
www.hijackfree.com/en/hijackfree/
And scan look for files that suspicious or post the log here.

Edit: I notice they fixed the windows 7 issue
http://www.facebook.com/topic.php?uid=121623401752&topic=14555
So Combofix do work on it now. Still shouldn't be run in safe mode.
 
Last edited:

Rockjay420

Gawd
Joined
Sep 29, 2005
Messages
732
malwarebytes or spybot s&d
although you will need to run safe mode with networking to receive updates
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,406
A lot of people suggest ComboFix, but the one time I tried it, things got all screwed up. I don't even really know what it does other than "Clean Malware". Does it fix things that malware changes, like no being able to open .exe's, hidden user folders, etc.?

As for a stand-alone scanner that doesn't need to be installed, Comodo Cleaning Essentials is just about as good as Malwarebytes. It also has a built in tool called Killswitch that shows all running processes and flags the bad ones, which you can terminate.
 

whatisboom

n00b
Joined
Mar 14, 2011
Messages
21
A lot of people suggest ComboFix, but the one time I tried it, things got all screwed up. I don't even really know what it does other than "Clean Malware". Does it fix things that malware changes, like no being able to open .exe's, hidden user folders, etc.?

No, It just deletes bad files, and some registry entries, but any decent tech can come in behind it and clean up the mess.
 

Spooony

2[H]4U
Joined
Mar 9, 2011
Messages
2,073
Tell me does your friend have a pc with a non supported dx 9 gpu or a igp that's dx 8 and not 9?
 

Spooony

2[H]4U
Joined
Mar 9, 2011
Messages
2,073
A lot of people suggest ComboFix, but the one time I tried it, things got all screwed up. I don't even really know what it does other than "Clean Malware". Does it fix things that malware changes, like no being able to open .exe's, hidden user folders, etc.?

As for a stand-alone scanner that doesn't need to be installed, Comodo Cleaning Essentials is just about as good as Malwarebytes. It also has a built in tool called Killswitch that shows all running processes and flags the bad ones, which you can terminate.

first

1. Combofix is safer than a av with cleaning. Why?
-It backs up your registry and important settings.
-Combofix doesn't scan for signatures. Its a file hunter. It runs a script with millions names the malware use when theyre on your pc.
-Combofix installs the recovery console on your pc. Which means if your system files get infected you just boot into the recovery console to repair it. What av does that? None.

2. Combofix uses gmer rootkit engine. So does most of the anti rootkits you get. All that's different is a different interface. No process av or malware has ever survived against gmer. That's why most of them will use gmer coz there's nothing it can't kill.

3. If you have a rootkit then Combofix will try and remove it. If it can't remove it, it quarantines it. Now rootkits are attached to your system files which means if it can't be removed your operating system won't boot. Now its not due to Combofix. All antivirus products will give you the same result. That's why avg is so pathetic. It doesn't disinfect it quarantines system files or not. Combofix doesn't disinfect. Its a file killer so it won't disenfect the files but what it will do it will hunt down the startup file for the malware which stops it from spreading and enables you to get your system back in your avs hand coz there's nothing killing it anymore. So that thing Combofix is dangerous is bullshit. Any av wouldve done the same coz then its a rootkit that can't be removed. There's one virus that comes to mind. Virut. Virut had a coding error or maybe it was on purpose but the files it infected it overwrite part of the data instead of attaching part of it to the file. Which means when the file gets disinfected its corrupted. Same with the rootkit. Combofix had to quarantine it. But all you did was boot into the recovery console and just expanded clean copys of it from your installation disk. like I mentioned above with a av your screwed.

Combofix can be dangerous when you use a script that you made. Yes you can make a script and drag and drop it onto Combofix and it will execute it whatever you asked. You can remove new malware it doesn't have the name for like that by telling it to delete files with that name. That's when it can be dangerous. Also it doesn't ask it just removes the files without user interaction that's why they also say should not be run without experience blah blah. But it doesn't delete system files by mistake. It can't. It doesn't have false positives. Av products does because they use signatures.

Also cd emulation products should be uninstalled when your run antirootkits. It interferes with the process. Only 1 antirootkit. If you use two you'll get BSODs and crashes from the the anti rootkit. If you identify a file virus. Switch of the pc till you got hold of a boot disk with a scanner on it like dr web. Your only chance of saving your data is from a cold boot. Going into safe mode your data will be destroyed. Trojans and worms can be removed in safe mode. Always rename mbam exe file. Malware do same as Combofix. They hunt down names of avs and kill the process where Combofix just do the opposite killing malware. That's why you should rename Combofix and that's why gmer name change every couple of hours when you download it.
 
Last edited:
Top