How to remove viruses from the Windows Safe Mode?

by Brendan Smith
December 15, 2021

The majority of viruses that are widespread nowadays can be removed from your PC without any additional setups. However, some “serious” examples of computer viruses can block the anti-malware software usage, or just load the CPU so much that the security tool will fail to start. For that case (and some other actions) Microsoft added the Safe Mode to their operating system.

What is Safe Mode in Windows?

During the standard startup process, Windows launches tens of services and all applications that were added to startup. All these things are essential for OS correct work and also for better user experience. Services in Windows provide a lot of essential things, like managing the DLLs between programs or user access to shared folders. But sometimes they must be disabled – and let me explain why.

Malware tries to provide itself sustainability in your system. Usually, it just adds itself to your startup – using the Run hive in the Windows registry. Thus, it obtains the ability to launch together with the system start, regardless of your actions. Coin miners additionally change the Group Policies to make their .exe file starting with the highest priority. This mode allows you to launch the quasi-clean system – without all startup programs, launch rules, or other things that can be dictated by malware.

Coin miner Task Manager

Coin Miner overloads the CPU, which makes the anti-malware software functioning impossible

Thus, you can already understand when the Safe Mode is needed. The situations when malware creates too much load on the system, or when it forcibly prevents the launching of any of the anti-malware programs are just the direct indication for using this Windows mode.

How to remove viruses from a computer in Safe Mode?

Just as in a usual Windows boot. The only problem is that “as usual” will not work when the computer is under attack. Even if you had a security tool on your computer before the attack, malware could corrupt its files, or even delete it completely. Using Microsoft Defender will not work either: it does not work in Safe Mode because of the disabled services. The only solution for malware removal in this mode is a third-party program. But before we step up to the exact removal process, let’s see how to reboot your computer into a Safe Mode.

Enter the Safe Mode on Windows 7

Different Windows versions have different ways to enter the Safe Mode, and also a different interface of this system mode. In Windows 7, perform the following steps:

  • Press Win+R, then type “msconfig” in the search bar. In the appeared window, click the Boot tab.
    • Msconfig Run

  • In this tab, opt the Safe Mode → Minimal in the Boot Options column. Press Apply and OK to save the changes.
    • Msconfig Safe Mode

  • System will offer you to reboot the PC. Agree with this offer – and you will see your system rebooting right into a Troubleshooting screen.
    • Safe Mode Win7

  • In the Troubleshooting mode, choose the Safe Mode with Networking, and proceed to the paragraph with malware removal guide.

Enter the Safe Mode on Windows 8/8.1/10/11

  • Press Start button, then click on Restart while holding the Shift button on your keyboard. Your PC will be booted into a Troubleshooting screen.
    • Troubleshooting screen

  • Click on Troubleshoot → Advanced options.
    • Advanced options Win10

  • On that screen, go to Startup Settings and press “5” to call the Safe Mode with Networking.
    • Startup Settings

Malware removal in the Safe Mode

As I have mentioned before, malware removal in that Windows mode requires a third-party anti-malware program. Such a need is dictated by the essence of the Safe Mode – most of the services, including ones that are crucial for Windows Defender work, are disabled. Moreover, malware could stop it even before you decided to perform any counteractions. That’s why I’d recommend you to use GridinSoft Anti-Malware.

Download GridinSoft Anti-Malware

GridinSoft Anti-Malware is an easy-to-use program that can clean your computer effectively for free. It has a free trial period that lasts for 6 days – more than enough to make your system clean. Just type your email address – and the key will be sent to your email. Paste that key in the field and you are ready to go!

GridinSoft Anti-Malware trial license

Remove malware with GridinSoft Anti-Malware

Launch the full scan of your device. It usually takes less than 20 minutes, but may be longer on weak systems. You can use your PC as usual.

Gridinsoft Anti-Malware during the scan process

When the scan is finished, you will see the list of detected malware. Click on Clean Up to get rid of all detected malware. This procedure will take less than a minute.

GridinSoft Anti-Malware after the scan process

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
How to remove viruses from the Windows Safe Mode?
Article
How to remove viruses from the Windows Safe Mode?
Description
Safe Mode is made specially to clean your system up from malware. However, it is not 100% how to remove malware in Safe Mode - when Defender is not working.
Author
Copyright
HowToFix.Guide
 

About the author

Brendan Smith

Cybersecurity analyst with 15+ years digging into malware and threats, from early days reverse-engineering trojans to leading incident responses for mid-sized firms.

At Gridinsoft, I handle peer-reviewed breakdowns of stuff like AsyncRAT ransomware—last year, my guides helped flag 200+ variants in real scans, cutting cleanup time by 40% for users. Outside, I write hands-on tutorials on howtofix.guide, like step-by-step takedowns of pop-up adware using Wireshark and custom scripts (one post on VT alternatives got 5k reads in a month).

Certified CISSP and CEH, I’ve run webinars for 300+ pros on AI-boosted stealers—always pushing for simple fixes that stick, because nobody has time for 50-page manuals. Tools of the trade: Splunk for hunting, Ansible for automation, and a healthy dose of coffee to outlast the night shifts.

View all posts

Leave a Reply

Sending