When Safe Mode Isn’t So Safe
March 17, 2009 – 12:21 PMWindows has, for many years, come with a special mode you can load at boot called Safe Mode. The idea is that non-essential services and software don’t load in safe mode and so it can be useful in diagnosing system problems.
You might assume that it can be useful in fixing malware infections and you’d be right, but not in all cases. As McAfee’s Avert Labs points out in a blog entry, it’s possible for malware to set itself up to load even in Safe Mode.
The software and services designated to run in Safe Mode are listed in these registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
McAfee says that malware can set itself through these keys to load at boot time even in a safe boot. They don’t list any specific malware which does this.
Source:
http://blogs.pcmag.com/securitywatch/2009/03/when_safe_mode_isnt_so_safe.php
You must be logged in to post a comment.