Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: virus removal from within safe mode

01 May 2011   #1

Windows 7 Home Ultimate 64-Bit, Ubuntu 10.04 Lucid Lynx, Windows XP
virus removal from within safe mode

I've got a reallybad virus. Laptophas MSE installed and I have malwarebytes intaller on a thumb drive but can't install it because of virus. I've booted into safe mode alternate shell. What are my options from here? Can I run scans from here? Can I install malwarebytes off my thumbdrive in hed 4un itj

My System SpecsSystem Spec
01 May 2011   #2

Windows 7 Ultimate SP1 (64-bit)

Hello there, eduede!

Let's see, first, you have to boot into Safe Mode with Networking for the malwarebytes to update its database, install it, update it, do a complete system scan, and the rest should be taken care of...

After the scan finishes, select the infected items, delete them, reboot your PC and you could just do another system scan, to double check that the virus is no longer infecting your PC

My System SpecsSystem Spec
01 May 2011   #3

Windows 7 Ultimate 64 bit

Try running Rkill, then run Malwarebytes

Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download RKill by Grinler from Here & save it to your Desktop.
Alternate download links:
  • Double click Rkill to run it
  • A command window will open then disappear upon completion, this is normal
    • If this does not happen... delete the file, then download & use the next link provided
    • If it does not work, repeat the process & attempt to use one of the remaining links until the tool runs
  • Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know
  • When finished, Notepad will open with a log file, automatically saved at C:\rkill.log
  • Copy/paste the contents of the rkill.log file in your next reply
  • Leave Rkill on the Desktop unless instructed otherwise
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.
My System SpecsSystem Spec

01 May 2011   #4

Windows 7 Home Ultimate 64-Bit, Ubuntu 10.04 Lucid Lynx, Windows XP

well i accidently booted into the Safe Mode minimal (alternate shell) so everything is command line. What are the command line commands for running Malicious Software Removal Tool?
My System SpecsSystem Spec
01 May 2011   #5

Windows 7 Ultimate SP1 (64-bit)

I'd suggest reboot again and go into Safe Mode with Networking instead of Safe Mode with Command Line
My System SpecsSystem Spec
01 May 2011   #6

Win7 Ultimate 64bit

RKill. That's a nice one. Like ComboFix? Will try that out one of these days

Encountered the "can't install Malwarebytes" before and I posted at the MBAM forums about it. They told me to rename the mbam.exe to anything other than mbam.exe. I did that and it worked. Updated manually. Pasted the rules.ref to C:\Program Data\Malwarebytes\Malwarebyte's Anti-Malware\. Just copy the rules.ref from a pc which has MBAM installed.

Or visit Manual Malwarebytes definitions download link

Seems like your here:

MBAM will not run

MBAM Command Line Parameters

Alternatives to Safe Mode scanning and removal can be found at this post. You do not need to boot to Safe Mode there just boot to cd or USB and your good to go.

But if you can try RKill that would be great.
My System SpecsSystem Spec
01 May 2011   #7
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1

You might be better served burning a bootable AV disc (or 2), and cleaning from outside windows completely.

FREE Bootable AntiVirus Rescue CDs Download List

Delete all system restore points by turning off SR. If any signs of infection remain after boot scanning, and running additional scans within windows (online scanners are also a good idea: HouseCall - Free Online Virus Scan - Trend Micro USA , Free Online Virus Scan - BitDefender Online Scanner , Panda ActiveScan | Free Online Antivirus | Free Virus Disinfection - Panda Security , Free Virus Scan - Kaspersky Lab ) , a fresh install may be the best idea. A Guy
My System SpecsSystem Spec
02 May 2011   #8

Linux CENTOS 7 / various Windows OS'es and servers

Hi there
I keep saying to people -- it is UTTERLY NO POINT in using an INFECTED computer to remove any VIRUS -- how can you be sure that the virus removing software itself hasn't been compromised.

Say you were drilling on an Oil Platform and the drill needed sharpening, You wouldn't use a tool which was already worn out to sharpen / renew the bit would you.

Same with Virus removal -- why trust an INFECTED computer to work properly.

The ONLY IMO safe solution is a COMPLETE restore from a KNOWN Virus free backup or a total W7 re-install.

If you have data copy that to an external HDD and run a virus check against the data ON A SEPARATE MACHINE.

AV software is just that -- should protect against getting a virus -- once you have one then ONLY a RESTORE or Re-INSTALL can be guaranteed to be 100% safe.

Forget ANY AV removal software -- once you've BEEN infected it's TOO LATE. You need to catch any virus in Real time then you can take proper action.

MSE does a reasonable job at this once you've got your computer working properly again.

My System SpecsSystem Spec
02 May 2011   #9

windows 7 ultimate x64 SP1

you are apsolutley wright.
and what if he doesn't have an backup
in taht case I would downlaod kaspersky administartion kit wich enables you remotly intstalling antivirus and other components and disinfection as well as all other protection tasks from one conmputer (AK server) to another (infected client)

se more at Product Updates --> Kaspersky Administration Kit 8

My System SpecsSystem Spec
02 May 2011   #10

Linux CENTOS 7 / various Windows OS'es and servers

Hi there
I wish NOBODY would be allowed to use a computer until they learned how important it was to take backups regularly AND ACTUALLY DO IT.

However if he doesn't have a backup then the only solution is to do a complete W7 re-install.

He could still copy DATA files (Music, documents, films, photos etc etc) to an external HDD or whatever before doing the re-install . Even with no backup program these can be copied via Windows explorer. ===> BUT VIRUS SCAN THESE ON A SEPARATE MACHINE before copying back to your computer.

As I said previously after you've re-installed W7 install MSE and then take a BACKUP before installing any software etc. This will give you a decent image to recover from in the future without having to re-install again.

Incidentally keep the OS and applications in ONE partition = W7 partition size typically around 35 - 50 GB depending on what applications are installed. Divide the rest of your disc storage up into various partitions such as DATA, scratch volumes, Multi-media etc etc.

My System SpecsSystem Spec

 virus removal from within safe mode

Thread Tools

Similar help and support threads
Thread Forum
System will only start in Safe mode, Clean virus in safe mode
I recently attempted to clean my brother's computer after he aquired a virus from the torrent file program he uses. Regardless, I cleaned a trojan and a backdoor from his system from safe mode. I can not boot in normal mode. Everytime i try the system gets hung up at the windows loading screen...
General Discussion
Can not remove virus and LT is useless, unless in safe mode
Hello, I am pretty good with computers and have never been able to fix any problem on my own, but this virus has been working circles around me. First it went blue screen memory dump on me. Turned it back on and it worked fine for a few hours, but then crashed again. Every time I tried to run...
System Security
Virus windows 7 no safe mode
Hi their I'm looking for some help, my laptops got a virus and not sure how to fix it. Got a pop up box from user account control and by mistake hit yes. So switched off laptop straight away and tried to restart in safe mode. However when it starts in safe mode computer shuts down and restarts,...
System Security
Slow/freezes even in safe mode, found obfuscator virus
Hello, I downloaded a file yesterday and was alerted by MSE that it was a threat. I deemed it a false positive after scanning it with both malwarebytes and superantispyware and reading the comments of the download. Everything was fine until today when out of the blue the computer restarts and...
System Security
FBI / Bundespolizei virus without Safe mode and system recovery
Hi Gents, I had the "German" version of the virus (Bundespolizei) 2 times in the last 1 year and I managed to get rid of it. But now... One of my biggest problems is BitLocker - my hard drive is encrypted (but I have the codes) I am having the following problem now: 1. The screen after a...
System Security
BSOD happening after virus, having trouble booting into safe mode.
Hello, Recently, while I was browsing the web awhile ago, my computer had randomly begun to shutdown. I hadn't done anything to trigger this, so I simply rebooted my computer, and headed to Symantec to run a quick scan on my system. Without a doubt, multiple Trojans were detected. I removed...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:23.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App