In which Windows startup mode should I scan for adware?

I think my Acer Windows 7 64-bit PC is infected with adware because even though I customize my browser settings within seconds it changes to the previous setting. Also the message Not Responding shows in the title bar of both Internet Explorer 11 and Firefox. I have deleted Opera and Chrome due to the same issue hoping for a solution but the problem still persists.

I plan to start my PC in either Safe Mode or Safe Mode with Networking to scan my PC using AdwCleaner, Malwarebytes Anti-Malware and Combofix one by one.

Which mode should I use? Should I delete all those displayed in the result log?

rayanA

Posted 2015-05-15T12:18:17.470

Reputation: 65

Restart PC in safe mode, run the scans – Dave – 2015-05-15T12:27:44.890

Check out How can I remove malicious spyware, malware, viruses or rootkits from my PC?

– CharlieRB – 2015-05-15T12:28:26.207

After you run those programs, come back and revise the question, right now any answer we could provide would be to tell you to run those programs. If the programs need an internet access then choose "Safe Mode with Networking" otherwise Safe Mode should be fine. Honestly though those programs might not work in Safe Mode, so unless your system can't boot normally, you really shouldn't use Safe Mode in this case. – Ramhound – 2015-05-15T12:37:04.330

Do not use ComboFix unless you are explicidly instructed to do so, or you have a full backup first, or have nothing to lose. I have traced what it does before and it makes some changes that are not always about removals. Should you wildly delete everything a "huristic scan" would discover? You usually can, but you should remember that Hurisitcs is AI, and you are the one in charge . – Psycogeek – 2015-05-15T12:48:03.033

@rambound Could u pls clarify me the last part of ur comment. I mean a Youtube video tutorial was advising not to scan in Normal Mode since potential malware communication can happen. – rayanA – 2015-05-15T12:58:07.493

I've already answered you. Try the scan in safe mode. If for any reason it won't do the scan, then try it in safe mode with networking – Dave – 2015-05-15T14:30:29.880

How about Sysinternal Tools . Mark Russinovich says it is possible without wiping PC. I am learning those tools. What do u think? – rayanA – 2015-05-15T14:06:03.833

if you had the stamina to watch entire Mark Russinovich's video series regarding troubleshooting BSODs and you fully understand the methods , tools, process and the theory behind than I shall say - go ahead. Be stubborn and do it the hard way (really HARD way). Because this is how security researchers do that.

But if you're looking for results in relatively short time - wiping or better re-imaging is the way to go. Next time have a image restore CD ready. – Bored SysAdmin – 2015-05-15T15:35:24.357

I agree nuking from orbit is the only 'guaranteed' way to end up with a clean system. However, learning to use tools like AutoRuns, Process Explorer, and Process Monitor in tandem with the likes of Malwarebytes Anti-Malware, ComboFix and traditional antivirus tools is well worth the effort. I'm able to clean >95% of the infected machines I service without reinstalling Windows using these tools. It did take a lot of practice to get my success rate to this. Here's an example.

– I say Reinstate Monica – 2015-05-16T02:11:36.900

@Twisty thaks for ur reference tutorial. that's a very helpful one especially beginners like us. – rayanA – 2015-05-16T18:47:35.313

In which Windows startup mode should I scan for adware?

Answers