When Safe Mode Isn’t So Safe

March 17, 2009 – 12:21 PM

Windows has, for many years, come with a special mode you can load at boot called Safe Mode. The idea is that non-essential services and software don’t load in safe mode and so it can be useful in diagnosing system problems.

You might assume that it can be useful in fixing malware infections and you’d be right, but not in all cases. As McAfee’s Avert Labs points out in a blog entry, it’s possible for malware to set itself up to load even in Safe Mode.

The software and services designated to run in Safe Mode are listed in these registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

McAfee says that malware can set itself through these keys to load at boot time even in a safe boot. They don’t list any specific malware which does this.

Source:
http://blogs.pcmag.com/securitywatch/2009/03/when_safe_mode_isnt_so_safe.php

You must be logged in to post a comment.