Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Booting in Safe Mode


solbjerg

Recommended Posts

Hi

The usual way to get into Safe Mode is to Start/Restart your computer and during the Start Up - tap the key F8 repeatedly

This will normally bring up the possibility to choose what kind of Start Up you want.

 

There will also - if you notice the screen during Start Up - be information about what key to press to get into the Start Up configuration or alternatively the Bios. Press the key mentioned there according to what you want to accomplish.

(the different manufacturers select different keys unfortunately - some use F1, F2, Esc, Del or even others, but usually F8 (repeatedly) works)

 

A foolproof way (unless a virus has blocked access) of getting into Safe Mode is to write msconfig in Run and then choose the tab Boot.ini and there choose the Start Up Mode Safe Mode (then restart)

After you have accomplish what you set out to do in Safe Mode go back to msconfig and set it to start up normally (check if it has removed the mark in Safe Mode in Boot.ini )

(then restart)

 

Cheers

solbjerg

Link to comment
Share on other sites

Hi solbjerg :smile:

 

A few observations, if I may :

 

- The "Boot.ini" option via msconfig only appears on XP systems (and older). You won't have it on Vista or Win7 because they use the newer bootloader, not the Boot.ini file.

- As a rule, I never suggest using msconfig to get into Safe Mode, because you could put the machine in a reboot loop if malware has deleted the SafeBoot keys (it happens a lot). If the keys are gone and you tick "/SAFEBOOT" from the Boot.ini tab, the machine will be stuck in a loop, garanteed. The only way out is to rebuild Boot.ini from Recovery Console, or a format for those less technically inclined, not being guided by someone who knows...

 

Tapping the F8 key will work on most machines. Some newer motheboards need F5 (some by ASUS, for example).

If F8 and F5 don't work, read the manual, but don't go into msconfig unless you are 100% sure your SafeBoot keys are there.

 

Edit to add : if F8 and F5 don't work to get you in Safe Mode, it would be very wise to suspect an infection. Get help on a malware removal forum. Machine will need to be disinfected and then the SafeBoot keys (in the registry) need to be fixed/replaced.

 

Hope that helps (and prevents mistakes).

 

===

Link to comment
Share on other sites

Hi So_sad

Of course you may :-)

The more knowledge - the better.

Thanks!

Cheers

solbjerg

p.s. I came across this link with a possible solution to missing safeboot keys:

http://blog.didierstevens.com/2010/01/01/the-undeletable-safeboot-key/

 

 

Hi solbjerg :smile:

 

A few observations, if I may :

 

- The "Boot.ini" option via msconfig only appears on XP systems (and older). You won't have it on Vista or Win7 because they use the newer bootloader, not the Boot.ini file.

- As a rule, I never suggest using msconfig to get into Safe Mode, because you could put the machine in a reboot loop if malware has deleted the SafeBoot keys (it happens a lot). If the keys are gone and you tick "/SAFEBOOT" from the Boot.ini tab, the machine will be stuck in a loop, garanteed. The only way out is to rebuild Boot.ini from Recovery Console, or a format for those less technically inclined, not being guided by someone who knows...

 

Tapping the F8 key will work on most machines. Some newer motheboards need F5 (some by ASUS, for example).

If F8 and F5 don't work, read the manual, but don't go into msconfig unless you are 100% sure your SafeBoot keys are there.

 

Edit to add : if F8 and F5 don't work to get you in Safe Mode, it would be very wise to suspect an infection. Get help on a malware removal forum. Machine will need to be disinfected and then the SafeBoot keys (in the registry) need to be fixed/replaced.

 

Hope that helps (and prevents mistakes).

 

===

Link to comment
Share on other sites

That's an interesting link ! 8-)

 

I'm not that interested in the part about fixing/replacing the keys, because I already have a technique for that, but I love the part about restoring the keys with changed permissions, protecting them from further deletion while malware is actively trying to delete the keys :-D

 

I have such malware lying around on the test machine, so I'll give it a whirl later on. This malware actively monitors and deletes SafeBoot keys because we can easily get rid of it from Safe Mode ; not so in Normal Mode.

 

Should be fun ! I'll let you know how it turns out.

 

It doesn't seem to run on Vista/7 though ; too bad. Perhaps an update will cure that.

 

Stay tuned. Tomorrow maybe.

 

===

Link to comment
Share on other sites

hi So_sad

Looking forward to hear about it, sir!

I will take another look to see if there is a version for Vista and 7 somewhere - probably also tomorrow :-)

Cheers

solbjerg

 

 

 

That's an interesting link ! 8-)

 

I'm not that interested in the part about fixing/replacing the keys, because I already have a technique for that, but I love the part about restoring the keys with changed permissions, protecting them from further deletion while malware is actively trying to delete the keys :-D

 

I have such malware lying around on the test machine, so I'll give it a whirl later on. This malware actively monitors and deletes SafeBoot keys because we can easily get rid of it from Safe Mode ; not so in Normal Mode.

 

Should be fun ! I'll let you know how it turns out.

 

It doesn't seem to run on Vista/7 though ; too bad. Perhaps an update will cure that.

 

Stay tuned. Tomorrow maybe.

 

===

Link to comment
Share on other sites

Well now... the little program works as advertised :mrgreen:

 

But please consider that :

 

- I'm playing with robust infections on a test machine, and I kinda know what I'm doing, so please don't try this at home lol.

 

- This infection is very difficult to remove, partly because Safe Mode doesn't work and protections are really well built, so cleaning from Normal Mode requires a lot of muscle (we have tools). Getting it from Safe Mode is easy pickings, which is why they don't want us to go into Safe Mode.

 

I ran the infection, which deleted the SafeBoot keys immediately. Guards are in place to prevent us from simply re-installing them, by deleting them as soon as you try.

 

I then ran the little thing from your link, then I merged the appropriate XP SP3 sub keys (all Minimal and Network keys). Rebooted into Safe Mode without a problem, infection very much active. The rest was easy.

 

I wouldn't recommend this for just anybody though. Changing permissions on system registry keys is no joke, and could cause problems down the road. This program doesn't offer a way to revert, meaning you can't go back to having keys with default permissions easily ; you would need to tamper with permissions manually, then delete the keys and rebuild. Not impossible to do, but risky for many users. What the program does is basically strip System and Administrators rights to delete the SafeBoot key, but I haven't checked in depth to see what's left (we see "Special" on the guy's blog, that's it). As far as my machine is concerned, I had backed up the key prior to testing and have reverted to default now.

 

Might come in handy when dealing with new infections though.

 

I learn something new every day :wink:

 

===

Link to comment
Share on other sites

Hi So_sad

Thanks for checking it out!!

I haven't found anything for Vista and 7 - I am sorry to say.

But it isn't too difficult to do by hand, so can't one just do it by hand in those Operating Systems? (I only have XP :-) )!!

And then after cleaning out the viruses in Safe Mode go back and change it back into default - if you foresee problems by leaving them as they are?

What problems by the way?

Cheers

solbjerg

 

 

Well now... the little program works as advertised :mrgreen:

 

But please consider that :

 

- I'm playing with robust infections on a test machine, and I kinda know what I'm doing, so please don't try this at home lol.

 

- This infection is very difficult to remove, partly because Safe Mode doesn't work and protections are really well built, so cleaning from Normal Mode requires a lot of muscle (we have tools). Getting it from Safe Mode is easy pickings, which is why they don't want us to go into Safe Mode.

 

I ran the infection, which deleted the SafeBoot keys immediately. Guards are in place to prevent us from simply re-installing them, by deleting them as soon as you try.

 

I then ran the little thing from your link, then I merged the appropriate XP SP3 sub keys (all Minimal and Network keys). Rebooted into Safe Mode without a problem, infection very much active. The rest was easy.

 

I wouldn't recommend this for just anybody though. Changing permissions on system registry keys is no joke, and could cause problems down the road. This program doesn't offer a way to revert, meaning you can't go back to having keys with default permissions easily ; you would need to tamper with permissions manually, then delete the keys and rebuild. Not impossible to do, but risky for many users. What the program does is basically strip System and Administrators rights to delete the SafeBoot key, but I haven't checked in depth to see what's left (we see "Special" on the guy's blog, that's it). As far as my machine is concerned, I had backed up the key prior to testing and have reverted to default now.

 

Might come in handy when dealing with new infections though.

 

I learn something new every day :wink:

 

===

Link to comment
Share on other sites

Hi solbjerg :smile:

 

For Vista/7, I've never edited key permissions manually myself, but have done it with other means (cacls works fine). I wouldn't recommend this though, unless the circumstances were severe enough to warrant such a delicate procedure. With the infections I know to delete SafeBoot keys, we have methods to overcome the obstacles, in Normal Mode.

 

As far as backing up the key goes, it wouldn't be possible on infected machines because the whole key gets deleted. The only way to revert would be to get an export of the key - and sub keys - from a similar machine, with the same OS and same Service Pack.

If you are just testing then yes, exporting the key first would work.

 

Possible problems with modified key perms : many third party applications (programs) write sub keys for Safe Mode operation, so I'm not sure what can and cannot be done by those programs once permissions are altered. Not just for operating (the programs), but also when the time comes to uninstall such a program, where the routine would look to delete its sub keys. Permissions on the sub keys don't appear to be inherited from the parent (SafeBoot) key, but we'd need to investigate to be sure. The author should have explained this more clearly.

 

For now, running this thing for prevention wouldn't do much, because the infections capable of deleting the keys would still install and require heavy duty disinfection, by tools that are already capable of doing the job in Normal Mode.

 

I realize this is pretty technical stuff... but in real life, I don't see much use for this other than knowing it can be done. It was fun for me to try, but the outcome is no different, with or without Safe Mode.

 

That's about it :wink:

 

===

Link to comment
Share on other sites

OK So_sad

Thanks for elaborating.

I can see that I will have to study quite a bit to catch up. :-)

I will leave it for the time being :-)

Cheers

solbjerg

 

Hi solbjerg :smile:

 

For Vista/7, I've never edited key permissions manually myself, but have done it with other means (cacls works fine). I wouldn't recommend this though, unless the circumstances were severe enough to warrant such a delicate procedure. With the infections I know to delete SafeBoot keys, we have methods to overcome the obstacles, in Normal Mode.

 

As far as backing up the key goes, it wouldn't be possible on infected machines because the whole key gets deleted. The only way to revert would be to get an export of the key - and sub keys - from a similar machine, with the same OS and same Service Pack.

If you are just testing then yes, exporting the key first would work.

 

Possible problems with modified key perms : many third party applications (programs) write sub keys for Safe Mode operation, so I'm not sure what can and cannot be done by those programs once permissions are altered. Not just for operating (the programs), but also when the time comes to uninstall such a program, where the routine would look to delete its sub keys. Permissions on the sub keys don't appear to be inherited from the parent (SafeBoot) key, but we'd need to investigate to be sure. The author should have explained this more clearly.

 

For now, running this thing for prevention wouldn't do much, because the infections capable of deleting the keys would still install and require heavy duty disinfection, by tools that are already capable of doing the job in Normal Mode.

 

I realize this is pretty technical stuff... but in real life, I don't see much use for this other than knowing it can be done. It was fun for me to try, but the outcome is no different, with or without Safe Mode.

 

That's about it :wink:

 

===

Link to comment
Share on other sites

Hi solbjerg,

 

If you are going to look into this a little further, just know that something I said yesterday was a load of bull : I did use cacls on Vista and Win7 but not for registry keys... I wrote that part too quickly. It was used for files and directories. For the registry, you need something else but I won't get into that because I don't want folks to experiement with dangerous tools lol. You can edit permissions manually though, but I have to stress again that you need to know how to do it safely (making backups first, etc...).

 

===

Link to comment
Share on other sites

Hi So_sad

Sure - good advice!

I will edit my post a bit accordingly.

Thanks!

Cheers

solbjerg

 

 

Hi solbjerg,

 

If you are going to look into this a little further, just know that something I said yesterday was a load of bull : I did use cacls on Vista and Win7 but not for registry keys... I wrote that part too quickly. It was used for files and directories. For the registry, you need something else but I won't get into that because I don't want folks to experiement with dangerous tools lol. You can edit permissions manually though, but I have to stress again that you need to know how to do it safely (making backups first, etc...).

 

===

Link to comment
Share on other sites

I jsut recently looked at an ASUS netbook. It is the same F8 to go to SafeMode; however, after pressing F8 nothing happens.

 

Then I find out that after pressing F8, you have to press F1 to confirm your choice. Or else it'll stay at a list of choices for you to change your choice. :mrgreen:

 

Bottom line. Two Keys required to go into Safe Mode.

F8 then F1

 

 

Cheers.

Link to comment
Share on other sites

BootSafe

 

Does anyone use Bootsafe that comes included with SuperAntispyware ?

This is only handy if you know you want to boot into a Safe Mode at the next boot. The options are:

• Normal Restart

• Safe Made - Minimal

• Safe Mode - Networking

• Safe Mode - Directory Services Repair

 

I extracted a copy of it (it can be portable) and put it on my USB FlashDrive.

Just recently I was checking a friends NoteBook and asked them the key procedure to boot into SafeMode, they looked at me and said "what ?" :roll:

Rather than read the manual I just used Bootsafe :-D

 

By the way, we did eventually read the manual and I insisted they memorize the procedure, just in case :mrgreen:

 

All the best, woz of oz

Link to comment
Share on other sites

Hi woz

Great!!

Good addition to the thread!!

Thanks!

Cheers

solbjerg

 

Does anyone use Bootsafe that comes included with SuperAntispyware ?

This is only handy if you know you want to boot into a Safe Mode at the next boot. The options are:

• Normal Restart

• Safe Made - Minimal

• Safe Mode - Networking

• Safe Mode - Directory Services Repair

 

I extracted a copy of it (it can be portable) and put it on my USB FlashDrive.

Just recently I was checking a friends NoteBook and asked them the key procedure to boot into SafeMode, they looked at me and said "what ?" :roll:

Rather than read the manual I just used Bootsafe :-D

 

By the way, we did eventually read the manual and I insisted they memorize the procedure, just in case :mrgreen:

 

All the best, woz of oz

Link to comment
Share on other sites

Hi Woz :smile:

 

BootSafe is available as a standalone :

http://www.superadblocker.com/bootsafe.html

 

This tool mimics what you do when you go into msconfig for Safeboot.

This does work, as long as you have a SafeBoot key fully populated in the registry. If you don't have the key... guess what happens... you get stuck in a reboot loop.

 

I've known about this tool for a while, I've seen it used on the forums and I've seen disaster strike lol. That's why you won't see it much anymore : the word got around :wink:

 

===

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...