Helping people with computers... one answer at a time.
Virus programs are designed to be run in Windows normal mode. If you are looking for a suspected virus, there is a better way.
I read somewhere that one should reboot into safe mode to run all of your anti-virus program scans. Is this the best way? I thought in Safe Mode, there were things that you could not access. So will the scans be able to completely go through all of the computer? Is it really worth it to do this extra step?
In this excerpt from Answercast #45, I look at the idea that you should boot into Safe Mode to run a virus scan. A third-party solution might do a better job.
Is it worth it? It really depends on what it is you're facing. Most anti-virus programs are, in fact, written such that:
Running them normally without having to reboot in the Safe Mode is the correct way to run them;
That's one of the reasons that you'll often need to install them as administrator at some point along the installation path. They will give you the 'UAC prompt,' indicating that they are requesting administrator privileges, to get into the system at a low enough level so they can access everything they need to access to try and keep your computer safe.
Now, the admonition to actually use Safe Mode usually happens after you've been infected. In other words, when I've read folks describing how to go about cleaning up after a malware infection, one of the things they suggest is to reboot into safe mode.
Now, there's a couple of reasons for that:
One is that when you run in Safe Mode, some of the software that starts automatically does not;
It's one way to try and prevent malware from automatically starting when you reboot your machine.
You do have access to everything on your machine – as if you had booted it normally. But some software that may be interfering with your anti-virus program's ability to clean up may not run when you reboot in Safe Mode.
In reality, I never do it. That's probably the bottom line for me.
If I'm looking into a potentially infected machine, it might be one of the things I try. But in reality, if I'm already facing a machine that I know is infected, I'm much more likely to go out and get something like Windows Defender Offline (or some of the other anti-malware tools that come on CD or DVD) that you boot from instead of booting your computer normally.
That pretty much guarantees that anything your machine is infected with will not run because you didn't try to boot Windows at all.
You're booting from whatever operating system was provided on the bootable or live CD.
That's a much more effective way to get around the same problem if you are trying to track down a suspicious machine, or a machine suspected of being infected with some form of malware.
Your anti-malware tools are designed not to require that. If you're fighting a particular malware infection, it certainly is something you can do.
It certainly doesn't hurt to do it.
In fact, it can in some cases allow anti-malware tools to delete things that they otherwise could not.
But, in general, if you're going down that path anyway, I personally much
prefer to get something that you boot from instead of booting Windows at
Next from Answercast 45 – Why is this link not clickable when others are?