When to safemode/boot-scan?

Marco2

New Member
Thread author
Jun 19, 2015
12
My USB flash was recently infected with an annoying worm that kept producing folder.exe, the infected computer wasn't mine and it had no AV protection at all, I installed Qihoo and MBAM on the spot, and they took care of everything (deleted malware and none of my flash files were deleted). When I looked up this malware later it turned out it was a worm from 2010 or so called w32-rotinom. There was an article on precisesecurity.com where they explained how to remove this malware, it said one should scan in safe mode!! Is it because the article dates 2011 when AV capabilities were lower? Qihoo and MBAM were able to detect and delete the threat, why the safe-mode scan? (my question applies to any malware, AV detected and deleted the threat, call it a day or dig deeper?)
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The reason for that, is safe mode makes all non Windows processes disabled upon booting up which makes worm inactive for possible replication therefore you can use a scanner or manual deleting it.

Other steps is done via Linux to scan and delete them since computer viruses have no ability when its Windows based due to different environment.
 
  • Like
Reactions: Marco2

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I knew this worm. Monitor - rotinom. It creates copies of files from USB to your appdata folders. Much likely you must be running of HDD space. I already have these covered in my old blogs. I'll provide the link when I see it.
 
  • Like
Reactions: Marco2

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top