I’ve cleaned many Windows PCs over the years and it continues to amaze me that no one PC infection is the same (I suppose the malware writers deserve some credit here), even when infected with the same malware. One particular method malware writers have focussed on is Windows Safe Mode. Windows Safe Mode only loads up the necessary Windows drivers, devices and services and normally allows applications to run, so you can remove the infected files.
So, it’s no surprise then that malware writers continue to target the Windows Safe Mode. Malware can be coded to disable Safe Mode by deleting the Safeboot registry keys, so you can see the problem before you start. It can also disable the Windows System Restore function. So how do you recover your PC in the event you cannot reboot in Safe Mode or use the System Restore function?
There are some simple options you can use if your PC is a victim of malware, spyware a virus or a rootkit, so don’t panic just yet. These are the three options that I would consider:
- The first assumes that you have a backup registry export file (.reg) with the Safeboot keys (prior to the infection). If you have this file, then your system will be restored to a clean state.
- If you haven’t got the above (.reg) file (most non-technical users probably wouldn’t know about this), then I’d suggest creating a ‘Malware Removal Starter Kit CD-ROM’. This creates a bootable Windows disk that contains antivirus and anti-malware utilities which can be used to quarantine and remove the malicious files. Microsoft calls this bootable disk ‘Windows PE Tools’.
- There is also a third using software called ‘RegRun Warrior’* which works in the same way as the ‘Malware Removal Starter Kit CD-ROM’ (and uses the Windows PE mode) and makes the process very simple indeed. *There is other software that does this, but this is the best I’ve used.
I have used all three methods and best of all the three methods all worked in removing/cleaning the infected PC. On system restoration it is a good idea to run your antivirus software and any one of a number of FREE malware and spyware removers that are available.
Safe surfing folks!