The principles of antivirus scanning in Safe Mode …
by
older mycroft
·
about 13 years, 8 months ago
In reply to Sites blocked
Basically, any antivirus scanner is employed to eradicate any infections that it finds.
However, at the fundamental level of computer logic, you cannot delete a file that is already in use. Most users will have experienced this error message at some point in there computing life: “[i]Cannot xxx – file is in use by another program[/i]”.
If the file in question is a virus-infected program [u]and is already active in RAM[/u], it cannot be moved to a vault OR deleted from the hard drive. No computer has ever been able to delete a file that is already in use (otherwise it might delete itself by mistake).
Safe Mode boots the PC with a minimal number of drivers and associated files – just enough to let the system interact with the user, with basic graphics too. It is at this point, that an antivirus scan is most likely to detect an infected file that has not yet loaded itself into memory, and is (so far) not yet active. Moving to a secure vault or deleting this file will not present the system with a problem.
The other ~even more effective~ way to scan for viruses is to do so AT BOOT. This way you can initiate an entire system-wide antivirus scan BEFORE WINDOWS HAS LOADED AT ALL. This method would present the user with a white-letters-on-black-background environment because there is no GUI present at all.
But if you only ever run antivirus scans from NORMAL MODE, with Windows and the GUI fully loaded and active in RAM, then any virus that has infected (or is hiding inside) one or more of your system files, will alas go undetected, or be detected but not eradicated due to already being active in memory.
If you currently cannot get the system to boot, I suggest you remove the hard drive fro its present location and fit it to a USB caddy and connect it to another computer as a slave drive.
By connecting this drive as a slave you can scan it (without accessing its directory structure – otherwise it may infect the host system) from the other computer.
Alternately you could download and burn to disc, the Ultimate Boot Disc (UBCD) which runs from its own self contained operating system. You then BOOT from the UBCD and then scan it, in situ, for viruses with the various antivirus programs contained on the disc.
[i]*Edited to remove a glaring ambiguity.[/i]