Does anybody know how to get rid of this malware called Windows Safe Mode? When you log in, it looks like you're in safe mode and it runs its fake alert program. Even if you actually boot into safe mode this comes up. Unable to do anything. It's just about impossible to search for any solutions because everything that comes up is something about actaul safe mode. Ugh!
Firefox just crashed on me as I was finishing a reply to this question, and my reply has not been autosaved ....
What's your OS? 32-bit/64-bit? Can you get access to Explorer (for files), Task Manager (to kill processes), Start menu (for DOS command window)?
Can you check with Windows Update to see if there are any updates (Priority or Custom) outstanding, and then right-click on the McAfee icon in the system tray and select Check for Updates. Download and install anything that's ready, then reboot.
Process Explorer and Autoruns from Sysinternals if you need to look more closely at running or startup processes; possibly others. The important one at the moment is Malwarebytes, that works well on most of these fake programs.
There is a McAfee program called GetSusp available, but it's a Beta program - you have to join this group and ask for it to be made available. It works by a process of elimination - take out all the entries known to be okay, then examine the rest. It might be useful here.
Thanks for your response.
I was able to get it removed after spending half a day working on it. To answer your questions I was on a 32-bit XP machine. I was able to get to Explorer twice after rebooting but it would force me to reboot then was unable to get out of the fake "safe mode" even when booting into real safe mode. Once in that fake safe mode I was only able to click on the messages it was presenting to me which were some fake hard drive errors and to scan and purchase their software to repair. The times I was able to get into Windows the task manager was grayed out. Through some other searches I was able to pick a couple things from different people that allowed me to get to what I needed to repair. Here's what I did:
I just say that Combofix has saved me on several occasions! I haven't once had it not work for me. this time though it was just so difficult to get to a point to where I could run it. What made this even more frustrating is trying to search for resolutions because every search returns results about actual safe mode. I hope this helps somebody!
If you have any further problems with this, be sure to repost and let everyone know. One poster elsewhere claims that the program manged to re-establish itself after he thought it had been cleaned.
I just noticed that the links I gave were obscured by SiteAdvisor's checking security blanket. They were to
The steps you took were some of those recommended in those threads, but I left it to you to decide whether to follow them.
Have you got rid of the redirection problem?