Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Safe Mode Recommendations for ComboFix & MBAM

Avatar of younghv
younghvFlag for Kiribati asked on
Anti-Virus AppsAnti-Spyware
47 Comments1 Solution3350 ViewsLast Modified:
Safe Mode Scans for ComboFix & MBAMQuestion:

(New version of the old question https://www.experts-exchange.com/Q_24860646.html)

The intent of this string is to provide mutual support for the proper use of ComboFix & MBAM applications.

We frequently see the mistake of suggesting "Safe Mode" as a starting point for these tools and we need to do what we can to stop that recommendation.

Both products are created for "Normal Mode" operation and they are more effective when it is done so.

I fully realize that there are times when a system will only boot to Safe Mode, so obviously that is how you have to do it - in that situation.

To summarize:
The developers of both products recommend "Normal Mode" to run the programs they created. That should be the only STARTING recommendation we make on this site.

When you see someone making this recommendation, please ask them to join us here. It will help avoid cluttering real questions with a lot of back and forth about procedures.
(The short URL for this string is: https://www.experts-exchange.com/Q_26896002.html)

A good reference from the MBAM Member Forum - a good discussion about how MBAM works and why "Normal Mode" is recommended:


At no point have I ever hinted at saying your should NEVER run either program in "Safe Mode". There are times when we need to try every damn trick in the book to fix a problem - or even throw the book out the window.

Thank you,

Zone Advisors
Virus & Spyware
THE RECOMMENDED "CF" POST (please give attribution to rpggamergirl when using)

Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename before saving to your desktop - use the "Save As"  function) 
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by
 pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix. 
Do not mouse-click ComboFix's window while it is running. That may cause it to stall. 
CF disconnects your machine from the internet. The connection is automatically restored before CF
 completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 
If needed, here's the ComboFix tutorial which includes the installation of the Recovery Console:


When finished with the question, don't forget this:
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field: 

ComboFix /Uninstall
Recent comment from rpggamergirl

"Here's my .02 with regards CF and MBAM.
Many people believe that running CF or MBAM from Safe Mode is better, but that's not true because
 CF and MBAM are optimized to run from Normal mode, that's where they work best. Running in Safe
 Mode is only necessary if users have trouble loading Windows in normal mode, or in special cases
 where CF or MBAM just won't run successfully in normal mode.

Yes, ComboFix doesn't like it when AVG or CA Internet Security Suite is installed in the system so
 the user must uninstall this first before running CF.
Sometimes even when AVG is already uninstalled but its folder is still present CF may still
 complain so the AVG folder needs to be deleted.

ComboFix also pops up alert if an AVG entry in the WMI is present (you can remove its entry
 following the steps in one of my articles) or you can just ignore it and ComboFix will still run.

ComboFix in Windows 2003 Server:
We should not be recommending CF to be run in systems other than those CF is designed for.
CF will run in 2003 Standard Server but doing that is a big risk to take... Things have gone wrong
 when CF is run in the systems it is designed for, so how much likely things could go wrong if we
 disregard the author's instructions?

sUBs doesn't even want users using ComboFix without a Helper who is trained to use the tool."
Avatar of rpggamergirl
This problem has been solved!
Unlock 1 Answer and 47 Comments.
See Answers