How to Remove MS Removal Tool from Computer

Cover Photo
Remove is a FAKE rogue Security SoftwareiTechWhiz (April 03, 2011) - "MS Removal Tool" is a FAKE rogue Security Software which uses fraudulent strategies by displaying false or exaggerated security issues on your Computer rather than any legitimate ones to coerce you into purchasing their software.

"MS Removal Tool" deceives user with same graphical user interface, as the original genuine program distributed by Microsoft had. This is not the first version of malware that uses this mimic technique, couple month ago there was another, rogue virus that used name and looks of 'Microsoft Malicious software Removal Tool'.

How does MS Removal Tool infects Computers

MS Removal Tool is spread via seditious Trojans. These Trojans enter and root themselves in their host PCs with the help of sly browser hijackers and bogus online malware scanners. MS Removal Tool has also been known to bundle its malware and Trojans together with other legitimate security updates and downloads obtainable from third party websites.

Typically, MS Removal Tool may use Trojans to infiltrate computers. Often these Trojans install on a computer by pretending to be video codec installations required to view online videos. Another technique used by rogue anti-spyware programs is to use browser hijackers to change computer users’ homepage and redirect them to fake online scanner webpages with links to download a fake anti-spyware installer.

One might also get infected when visiting websites displaying infected advertisements or when you download some kind of free download from the torrents or web. It is critical to scan all executables downloaded with Effective Antivirus software, or in worst case upload to websites as virustotal.com for double-checking.

What are the Symptoms and Actions of MS Removal Tool

MS Removal Tool uses self-protection techniques such as block the usage of Windows utilities (Task Manager, Registry Editor, Command prompt, etc.) which can be used to remove this bogus program.

After installation MS Removal Tool performs a standard system scan where it will list various files and mark the as highly infected. The catch is that files listed in the MS Removal Tool scan are always listed in the same order and are not existing in a computer at all. After the scan completion it will constantly show various bogus security threat warning messages asking to purchase a full version. It will change your desktop wallpaper with its own which stating that your computer is infected with spyware.

It will constantly display fake security alert about serious security and privacy issues like:
"Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Secure yourself right now!
Removal all spyware from your PC!"
Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
MS Removal Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool.
Warning!
Your're in Danger!
Your Computer is infected with Spyware!

All you do with your computer is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics, and in some cases

For your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

Secure yourself right now!
Removal all spyware from your PC!
Users who did not manage to destroy MS Removal Tool in time complained about various disturbing symptoms associated with this rogue, including blocked Internet connections, dramatic slowdown in system performance, unaccessible 'Windows Task Manager' and a blue desktop wallpaper with a Huge warning sign. Trying to load an internet browser will only allow visiting the MS Removal Tool purchase page.

How to Automatically Clean Computer of MS Removal Tool

Because MS Removal Tool sets your browser to use an invalid proxy, you will not be able to surf any websites.
  • If you are using Internet Explorer, click on the Tools menu and select Internet Options.
    Microsoft Internet Explorer Tools Internet Options
  • Now click on the Connections tab and then the Lan Settings button.
    Microsoft Internet Explorer Tools Internet Options Connections LAN Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN.
  • Microsoft Internet Explorer Tools Internet Options Connections LAN Settings Proxy and VPN Settings
  • Click the OK button. Then press the Apply button and then the OK button. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
If you are using Firefox, click on Tools and click the Advanced tab.
  • Go to the Network tab and select Settings.
  • Select No proxy and click the OK button and click OK again. Now that you have disabled the proxy server you will be able to browse the web again with Firefox.

Ok, Now, You have to start computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, keep tapping F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode with Networking.
1). Please download this official version of Malwarebytes Anti-Malware.
Download Malwarebytes Anti-Malware Software
2). Install Malwarebytes' Anti-Malware by double clicking on mbam-setup
3). Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.
Malwarebytes Anti Malware Update and Launch Install Options
4). Malwarebytes' Anti-Malware will automatically update itself after the installation, click the OK button to close that box and you will now be at the main program Window as shown below. If you are having problems with the updater, you can use this link to manually update Malwarebytes' Anti-Malware with the latest database. Make sure that Malwarebytes' Anti-Malware is closed before installing the update.
5). Close All opened Windows, Programs, File or Folders.
6). Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown below.
7). Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.
8). When the scan is finished a message box will appear, click OK to continue. Then click Show Results.
Malwarebytes Anti Malware Scanner Scanning in Progress
9). You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.
10). Click on Remove selected.
Malwarebytes Anti Malware Scanner Scanning Results
11). When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it displays a message stating that it needs to restart, click Yes.
12). After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned from the malware infection.

How to Manually Clean Computer of MS Removal Tool

Use this activate serial WNDS-G8FB6-1V87S-DRT1S-63SRG to into MS Removal Tool to temporarily block its annoying false alerts.

Stop MS Removal Tool system processes:
C:\\Documents and Settings\\[USERNAME]\\Local Settings\\Temp\\aC555.exe
C:\\Documents and Settings\\All Users\\Application Data\\oGcMaMjAlJj07003\\oGcMaMjAlJj07003.exe
%AppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].exe
%CommonAppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].exe
Remove MS Removal Tool files:
C:\\Documents and Settings\\[USERNAME]\\Local Settings\\Temp\\aC555.exe
C:\\Documents and Settings\\[USERNAME]\\Local Settings\\Temp\\aC555.tmp
C:\\Documents and Settings\\All Users\\Application Data\\oGcMaMjAlJj07003\\oGcMaMjAlJj07003.exe
C:\\Documents and Settings\\All Users\\Application Data\\oGcMaMjAlJj07003
%AppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].exe
%AppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].bat
%AppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].cfg
%CommonAppData%\\[RANDOM CHARACTERS]\\[RANDOM CHARACTERS].exe
%CommonAppData%\\[RANDOM CHARACTERS]
Remove MS Removal Tool registry values:
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\oGcMaMjAlJj07003=C:\\Documents and Settings\\All Users\\Application Data\\oGcMaMjAlJj07003\\oGcMaMjAlJj07003.exe
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "[RANDOM CHARACTERS].exe"
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\[RANDOM CHARACTERS]
Author:
iTechWhiz
12:28 AM

4 comments:

  1. Do you have the instructions for removal this virus in WINDOWS 7?

    ReplyDelete
  2. To Remove MS Removal Tool Virus From Computer Running Windows 7 or Windows Vista Editions, please follow these additional steps:

    1. Turn on Show hidden files, Find and Delete the files looking like:
    - C:\ProgramData\[random characters]\[random characters].exe

    2. Locate and Remove the infected registry items that look like:
    - KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce [random]

    ReplyDelete
  3. my malwarebytes is not responding! can anyone help to solve my problem?

    ReplyDelete
  4. Can you please list me down the detailed behaviors of MBAM at you machine.
    Whats the response of you regular Anti-virus? does it show something?

    ReplyDelete

Comments which are abusive, offensive, contain profanity, or spam links will be discarded as per our Comments Policy.

Copyright © 2011-2020 iTechWhiz.com powered by Google
Powered by Blogger.