can malware execute itself on safe mode ?

(:WAV)hi all,
i’ve read it in another forum (non comp/security forum)
the virus name is : Worm.VBWorm.NUJ AKA. Moontox Bro.
so is it true?

Ganda

May I ask you a question firstly? Why is a now-security expert asking this question? Is it to tease us non-techie folks? :frowning:

Googling “Worm.VBWorm.NUJ AKA. Moontox Bro.”, I found only 2 search results leading to http://www.vaksin.com/2007/1107/moontox-bro.htm

;D ;D ;D i forgot that i’m an expert now.

oh, so it’s true :o :o :o . www.vaksin.com is indonesian Norman Virus control website. i hope Defense+ can block it.

I forgot to answer your thread title question: Nothing is impossible

Some related threads (doesn’t necessarily answer your question, but revolves around it):
http://boards.cexx.org/index.php?topic=15787.0;prev_next=prev
http://www.windowsmaven.com/Scan_Virus_Spyware_Safe_Mode.htm
http://wiki.castlecops.com/Malware_Removal:_Trojan_Removal_Programs

They basically state that most malware can’t load in safe mode. “Most” does not = “All”.

i hate the answer >:(

i prefer this ;D

of all viruses in all countries, and indonesian create this virus >:( , why don’t they just make some tofu

Don’t you be giving the malware programmers any ideas now. cough tofu.32.virus cough

:smiley: , so the name “tofu” has already taken

Wonder how long it will be before there’s a ‘soya’ virus :wink:

not there yet? hmmm surprising… :slight_smile:

Harry

The safe mode loads as few services as possible to make Windows go, but it has to load some…

So there’s the answer, I guess. Only a thought…

Yes, “correctly” and “professionally” programmed malware would, of course, and not only in theory, be able at any time to start itself, even if, as a user, being on “safe mode”. Yes, of course it’s true. And it’s a serious problem within this Billy OS, methinks…
(Sorry to say so, but a lot of malware able to exchange sys files would be capable of doing so…)

That’s the reason for real preventive software being needed more than ever. The better your preventive measures, the lesser the chance for your sys getting “zombified”…

Cheers, though

The REBOL

:frowning: no cheers for malware,but…okay :■■■■ :■■■■ ;D ;D

As far as i know, its impossible. Especially because when booting into safe mode, the internet drivers, and several other crucial drivers/services dont load when in safe mode. If the worm does start up, it is most likely a very crippled version:

  1. most likely dosnt function just runs
  2. prob. lost its stealth

Ect, ect. No worries, actually booting into safe mode has been known to permanantly disable some viruses. O.o

really ? i love you info-sec :-* :-*

Np np man. If you want to get rid of the worm try a system restore. It may not eliminate the whole worm, but it will most definatly kill its main components so its more useless then well, norton. (if thats possible :stuck_out_tongue: )

no, i have a clean PC.
hey, i think i’ve heard that once a system is infected, the malware will stay on restore points ??? so is it okay to do system restore then?
and i’ve just re-checked the site
http://www.vaksin.com/2007/1107/moontox-bro.htm
(it’s indonesian norman virus control website)
this cursed virus will run on “safe mode” & “safe mode with command prompt” :o

Well embedding itself into a restore point i can see. Because restore points are simply files on your computer, no more vulnerable then a text file. Anyway it is possible to run in safe mod i suppose, but that would mean it would have to use essential services in order to run in safe mode. Even if it could run in safe mode what is the purpose? Safe mode is useless (for malware) but i suppose its possible (most likely a bluff.) If it does place itself in already set restore points it could hurt to restore. Its possible (even though there is a presence in a past point) the worm may not have been able to copy its most essential parts over to the point, its worth a shot restoring.

You’ve only “heard”? I thought you “experienced” it.

ow yeah, that one ;D .

so you mean :

  1. even if the malware’s active on safe mode, it can’t do anything coz of the limited function in safe
    mode? am i correct? cool!
  2. not every malware has the ability to infect the restore point.

ha! this is the answer i like, i love you info-sec :-* :-* :-*

soya! >:( >:(

I don’t know…at work it’s a different story. I’ve heard cases where people’s PC’s still experienced pop-ups and whatnot even in safe mode.