My PC was just attacked. MS Removal Tool

by **Bandung_Dero** » April 13, 2011, 6:59 am

MS Removal Tool:- Looks like the real Microsoft utility but is not.

This rogue software bypasses most protection packages and installs itself onto your computer then runs. You APPEAR to loose most of your applications and functions.

There are a number of sites with instructions on how to remove it eg:-

http://www.wiki-security.com/wiki/Paras ... emovalTool

These did not quite work for me. I managed to get into this folder (XP Prof SP3):
C:\Documents and Settings\All Users\Application Data\oGcMaMjAIJ07003 (or something similar, just check the time and date of install it’ll be close to the time of the invasion) and was able to rename both the folder and executable. Could not delete it!!! I rebooted, all was OK then I was able to SHREAD it --- 9 times no less out of anger! :evil:

As recommended by a number of sites I downloaded and tried SpyHunter 4 and received the all clear. At $39.95 I may even consider buying it after that shock!

by **BobHelm** » April 13, 2011, 8:45 am

Dero, thanks for the warning & destruction method..
How did the fake MS Removal Tool 'arrive' with you??

by **Bandung_Dero** » April 13, 2011, 12:47 pm

I'm currently working -- no playing on a PC I bought and installed into my Mums home in Aust. Gets very little use.

Anyway I was bringing it up to emulate my machine in Ban Dung and currently rebuilding the 'Speed Dial' tool I use with Firefox so whilst it was migrating all the links over I went outside to do other things (one years worth of odd jobs that needed doing).

I returned to see the screen basically blank accept for a few icons with the strange looking tool running (looks like most other virus package, mainly pink in color, doing a scan but this is finding 100s of problems). I could not stop it so just pulled the plug. On reboot all looked normal initially then this thing kicked in again, it had shut down Nod32 and all other background software including the task manager and administrator tools eg regedit, cmd etc.

I have since read that the victim can actually go to the site responsible for this bullshlt and pay USD $60.00 to find a remedy --- Effin cheeky arseholes!

I cranked up my notebook and went in search of information on the crap.

by **vlad** » April 13, 2011, 12:50 pm

Bandung whenever I have troublesome spyware or a virus i download the trial version of Kasperski always fixes the problem.

by **fdimike** » April 13, 2011, 10:46 pm

If you are running a legal copy of Windows try using MS Essentials. This is MS very own anti everything software which is free if you have a legal copy of Windows. I previously had Avast which allowed a virus to hitch a ride on my machine. The shop I brought it to for repairs used MS Essentials to remove the bug. I've been using Essentials for nearly 2 years now without a problem.

by **vlad** » April 13, 2011, 11:55 pm

yes I agree im using windows own protection never had a problem for 6 month's now.

by **jorg** » April 14, 2011, 12:23 am

MBAM should be a good product to scan for and remove malware and other things like that.

by **jackspratt** » April 14, 2011, 7:38 am

fdimike wrote:If you are running a legal copy of Windows try using MS Essentials. This is MS very own anti everything software which is free if you have a legal copy of Windows. I previously had Avast which allowed a virus to hitch a ride on my machine. The shop I brought it to for repairs used MS Essentials to remove the bug. I've been using Essentials for nearly 2 years now without a problem.

Some time ago I downloaded and installed a (ahem) not strictly legal copy of Win7. The copy was already activated.

Because of the W7 provenance I didn't install MSE - but was quite happy with Avast anyway. I subsequently installed the same W7 copy on other computers - along with advice not to install MSE.

I have subsequently discovered that one of the computers has had MSE installed, and that it is working fine, including updating.

However, I will continue to use Avast (together with Malwarebytes), as the new version 6 has a free, automatic sandbox.

by **BobHelm** » April 14, 2011, 11:10 am

When using XP I ran with Windows Firewall & AGV free to use virus protection, plus Malwarebytes for scanning downloaded material.

I initially carried on with the same set up when running 7. However I had a few issues (rather like arjay had the other week) with downloading files. Sometimes worked & sometimes didn't.
About the same time MS released a new version of MS Essentials. The technical press were quite impressed. It ranked as good as just about any of the paid virus protection & better than some.
So I removed AGV & installed Essentials.
No download issues since & it has quarantined a couple of programs, so is working as well.
I still use Malwarebytes to scan any downloads but if it is an executable program it is often impossible to tell it is dangerous until you actually try to run it.

I don't think there is any 'best' combination to use as it very much depends what operating system you are using, what equipment set up you have & what you actually want to do.
I am happy with Essentials & 7 BUT, like anything to do with Microsoft, it is a 'resources hungry' solution. For anyone running anywhere near the minimum suggested equipment specification then another virus protection program than Essentials might make the machine run a lot quicker while still being safe.

by **Bandung_Dero** » April 14, 2011, 12:12 pm

From my experience Nod32 has been great, very non intrusive and saved my arse many times in the past. This is the first time it has let me down! I'm just going to stick by it for now and also have SpyHunter running along side it with no obvious performance issues. SpyHunter will not let my run any excecutable it has not verified or allowed me to pass, been a bit of a pain in the arse but now all applications have now been recognized it's fine, just sitting there waiting for some malware to appear. Anyway, one week and the PC will be shut down again for another year.

Who is online