My Windows XP got screwed by Evo-gen, Sality, Vitro and what not!! 😦 and I wasn’t allowed to boot in the safe mode. But, thanks to this blog and the fix provided in this post, I was able to boot into the safe mode. Now trying to remove the virus.

Didier Stevens

I present you a new program to create the SafeBoot registry key with special permissions protecting it from deletion. After using this new program, you’ll be able to restore the SafeBoot registry keys with my .REG files.

Many malware deletes the SafeBoot registry key to prevent you from booting into Safe Mode. I provide a registry fix to restore these keys.

But there exists malware that goes even further and actively monitors the registry to thwart every attempt to restore the keys by deleting them as soon as they are restored. Untill now, I recommended to use a Live CD to restore the keys in such a case (this is a complex procedure). This way, the malware is not running while you restore the SafeBoot keys.

Now I developed another solution: a program to create the SafeBoot registry key with permissions to deny Administrators and System accounts to delete…

View original post 291 more words

Advertisements