MalwareTeks Blog

I am a member of many security related sites, and this has been a topic of discussion on many of those sites. I had this discussion recently on the a-squared support forums, which I head their malware removal forum.

Using utilities such Microsoft’s System Configuration Utility (MSConfig) to force Safe Mode, is an unsafe method of getting to Safe Mode, when the “F8” method does not work.

These programs make changes to the boot.ini file, by adding the /safeboot argument to your Operating System startup up line, in order to force Safe Mode at reboot.

Once you have finished working in “Safe Mode”, you would run the Microsoft System Configuration Utility, uncheck the /safeboot option, removing the /safeboot argument from the boot.ini, allowing the system to boot normally.

On an Operating System that is functioning properly, this is normally not a problem. Unfortunately, there are forms of Malware that will delete the “Safeboot” Windows Registry keys, meaning the computer will not boot to “Safe Mode”, rendering the system inoperable.

If this happens, the only way to undo the changes and restore proper settings is to boot to the Recovery Console, and rebuild the boot.ini. If you do not have a Windows installation CD or the Recovery Console is not installed, you will be not be able to restore the correct settings in the boot.ini.

See the How to Boot Windows to Safe Mode Tutorial, in the MalwareTeks Wiki.