Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Malware prevents me from booting, even in Safe Mode. What do I do?

The FBI Moneypak malware just landed on my backup Dell computer. This new
version won’t let you start the system in Safe Mode. Do you have any
suggestions? Searching the internet yields some suggestions, but I wonder if
they are worse than the malware itself?

In this excerpt from
Answercast #64
, I look at a machine that has a virus that is preventing it
from booting, even in Safe Mode.

Become a Patron of Ask Leo! and go ad-free!

Malware advice

Yes, it can be interesting to search the internet for solutions to specific
viruses or malware.

Very often, you’ll find some reputable sites that will actually have some
very good malware removal instructions and those sites tend to be the sites
associated with the major anti-malware software vendors: folks like McAfee,
Kaspersky, Sophos, a bunch of others. They all have a lot of good information
about removing specific viruses using manual techniques.

There are others that are still from vendors, but their techniques always
involve, “Oh, the last step is buy and run our program.”

Bootable anti-malware CD

In a case like this, what I personally suggest that you do is to go and grab
a copy of Windows Defender
Offline
. It is from Microsoft. I’ll see if we can’t get the link in the
notes for this recording.

It is an ISO; it’s a file that you download and then you burn it to a CD.
Then, you boot from that CD.

When you do so, it automatically runs Windows Defender, which it turns out
is really more like Microsoft Security Essentials. Basically, it’s their
anti-malware, anti-spyware tool. You can then do a scan of the machine without
having had to boot from the machine at all, without having to try and boot from
the hard disk at all.

Everything required for booting is on that live CD. So, if that finds
something, that may be your way out.

If not, there are other, similar types of CDs from some of the major
manufacturers that you can download, burn to a CD, and boot from. That will
kind-of, sort-of do the same thing. They will take their anti-malware software,
put it on the CD, and have that CD then run the anti-malware software
automatically when you boot from that CD.

Those are the kinds of approaches I think that you’re going to have to take, if you can’t even boot in Safe Mode.

Completely clean the machine

And finally, you know, the other alternative… To be honest, when things
are pretty bad like this (as much as people don’t like to hear it), an
alternative that is the most reliable is to back up the machine (which you can
still do; there are definitively programs that will allow you to back up from
the rescue media that you boot from, so that even though your machine doesn’t
boot, you can still back it up.)

  • Backup your machine.

  • Reformat and reinstall Windows from scratch.

That tends to be kind of drastic; I understand that. But in situations like
this, where malware has gotten itself so entrenched into the system such that
you can’t boot in any mode sometimes, it’s the most pragmatic answer.

Next from Answercast 64 – My
router disconnects every few days. What do I do?

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

1 thought on “Malware prevents me from booting, even in Safe Mode. What do I do?”

  1. I have spent more time trying to remove malware infestation, with no guarantees, than doing a fresh Windows reinstall.
    What a great feeling when you finally decide to reinstall ..you know a genuine fix is imminent.
    Jp

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.