I did a search of the forums but didn’t find any threads on this topic and since CIS has a “Safe Mode” also, lots of other stuff came up.
The Installer Service is disabled in safe mode. To emulate safe mode try booting with selective startup. Otherwise you’ll have to find a 3rd party utility that provides standalone installer service in safe mode.
edit: 3rd party standalone installer service (not ‘startup’ service)
Thanks for the reply. I eventuallly used enough other online scans and shut down a bunch of Services and Startup items to get the computer clean enough to load CIS in normal mode and it’s scanning now… 10 threats found so far even after running online scans from several others… including Comodo’s online scan which only found two things and then the Comodo online scan doesn’t clean things… just finds them… but i feel better knowing i’m 90% done with this computer. I wish people would have to learn some basics about computer security before they get on the internet… this lady had over 200 different malware files found between three different online scans and no other programs would install in safe mode either… usually i can get MalwareBytes to install in safe mode and use it but this computer was a no-go.
Anyhow… thanks for your help.
I would use a bootable scanner to clean out that computer, download kaspersky rescue disk and use that.
Isn’t the Kaspersky Rescue Disk used when a computer cannot be booted up normally or safe mode? Here’s a snip of the first paragraph on the page…
http://support.kaspersky.com/viruses/rescuedisk/all?qid=208282173
Kaspersky Rescue Disk 10 is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.
This person did not have a problem booting up and thought they only had a Fake AV Security Suite infection when I started to help her online but after trying the usual ways to get rid of Fake AV, I found that she had LOTS of other infections… mostly due to her not updating Java for over a year so she had LOTS of Java trojans and viruses… she’s almost back to normal now.
Thanks for the suggestion though.
No I use that cd whenever I do a malware removal, it does not matter if I can boot up or not. There are lots of infections that cannot be removed or repaired while windows is booted. I always start out with a rescue cd and go from there.
Thanks for the Kaspersky info. It looks like she’s going to need it… although I’m not sure if she’ll be able to do it since she was kind of computer illiterate but has learned a LOT in the past 14 days while trying to get this computer back to normal.
She YM’ed me from a yahoo group that she came to last week so I’ve been helping her over Ym for a week but while we’ve removed hundreds of malware issues, she still has something that is blocking MalwareBytes, SuperAntiSpyware and Spybot from working. I did get a couple of online scans from Emsisoft and OneCare to clean hundreds of things and then got CIS installed and it found another dozen things. I got SpywareBlaster installed but it’s more of for future defense. I need to still try with Emsisoft AntiMalware installed on her computer but I suspect the malware she has will block it also… I’m surprised it let CIS work.
Any other suggestions besides Kaspersky? I don’t think she’ll try it since she would be on her own running it. so far, she only does things when I’m able to help her “live” over YM and she sends me lots fo screenshots for me to walk her thru each step and we won’t be able to do this with Kaspersky.
she will have to learn how to use it, that is the only true way to clean the system out. Show here these:
http://www.makeuseof.com/tag/kaspersky-rescue-disk-saves-reinstalling-windows/
she also has to have a wired connection to the modem when doing these scans.
Thanks for the reply.
New minor issue…
She was running an Emsisoft AntiMalware on computer scan since we got that one installed also and Comodo kept giving LOTS of AV popups for heuristic.suspicious files and she kept ignoring them 1X but she accidentally Trusted one of them. I realize they are probably OK since I had her set her hueristics to medium but I’d like to move them out of Trusted items and back to being suspicious. I think it was mainly because Emsi was poking around in them that she was getting all these pop ups and they were all for files on her D: drive… the Recovery partition… although I realize it could also be infected but so far, there have only been hueristic files found in there.
I’ve never had this issue before for myself and I poked around in my own CIS but don’t see how to move a file from Trusted back to normal mode.
Thanks in advance.
go to AV on top, acanner settings, exclusions select the one you want to remove and select remove. You can have her turn off the AV while running scans with something else by using the system try icon.
Thanks Languy99.
I meant to reply right after you gave your reply but got tied on on this project and others. Anyhow, we went into the Exclusions file and nothing was there except for the standard Recycle Bin and Comodo. Maybe she didn’t click Trust… or could it be “trusted” somewhere else?
It looks like she is going to trying Kaspersky’s Rescue Disk soon. Should I send her here for additional help since I’m not very experienced with KRD either… or do you recommend another forum? I’ve given her the link to this thread so she will have the links all in one place and also hoping you might be able to help her more if she needs help with Kaspersky. I’ll still be helping as much as I can but since she will be offline during the KRD process, I’m sure she will have lots of questions prior to using it.