Computer Support Forum

Question Virus Removal Related - Not infected, but removal tool related

Question: Question Virus Removal Related - Not infected, but removal tool related

So in the past when dealing with virus removal, I generally took the hard drive out of the affected machine and placed it into an IDE or SATA dock to turn it into an external hard drive and have the virus non functional outside of its "startup and infected/affect state" rooted to the root OS of the drive it is on.I have seen online people claim to use tools like creating a Bart PE startup CD or DVD with an antivirus on that to clean the systems as well as someone else on another google hit claimed to use a Linux Live CD with an Antivirus on that to clean the drive of malware.Question I have is ... What are the best bootable tool methods of attacking the removal of the malware? I am guessing its the bootable CD or DVD method which introduces a read-only source to the equation of which the system also boots off of so that any viruses would not start up, cant infect the disc, and they can be detected dormant and removed. I tried to make a Bart PE disc once placing Norton Antivirus on it, but it doesnt function, and then if it did function, how do you update the definitions on a read-only disc.* I understand that there is the potential to infect my test station ( workstation I use for projects and data recovery and malware removal ) using my current malware/virus removal method. This is one reason why I never use my important systems to perform interaction with foreign drives to contain any infection to that of the test station which can be wiped out clean via a ghost image etc to start clean again at a baseline for next project etc. This test station is also running Windows XP Pro because Ghost 2003 works with Windows XP, but Ghost 2003 doesnt work with any newer OS than XP. So until I find the need to leave XP such as if the HDD becomes too big to access etc, I am sticking with XP, however if there is a good Linux option for a test station for malware removal etc, I am open at trying a distro and tool or two.

More replies
Relevance 100%
Preferred Solution: Question Virus Removal Related - Not infected, but removal tool related

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 79.17%

i believe the infection to be the zero access root kit or a close relative
I had to use a Antivirus CD to clean out a laptop and it seems to have left in some sort of registry entry preventing the computer from booting.

i already included a FRST64 Log.
EDIT: Log didn't attach for some reason re added

Answer:Need a Fix for a BSOB Related to Virus Removal

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

6 more replies
Relevance 100.86%

I started getting messages last night that some temporary file could not be saved because my hard drive was failing. Afterwards, I started getting popups for MS Removal Tool (fake antivirus). I got on the bleeping computer page and followed all the directions to remove this specific malware. After following all the directions and rebooting I still have major issues. Only a couple of my programs are showing from the Start Menu. I don't know where they all went. Mozilla Firefox is also completely gone from my computer. I am still getting the bubble popup message in the bottom right that says some temporary files is having a "write" issue.. (i forget what it says exactly).Here is a copy of my most recent HiJack this log. Please help! Thanks in advance.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:51:48 PM, on 5/13/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless... Read more

Answer:Infected w/ MS Tool Removal Virus & Others

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

84 more replies
Relevance 100.86%

I am infected with the MS Removal Tool. When I boot up in regular mode, the program is open, and appears to be running. it has changed my background, and it will not allow me to open any applications.
I followed the directions on the following link, and everything appeaed to be successful, but when I rebooted the virus was still there.
http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Now I am trying to follow these instructions, but I am stuck at the point where I get the GMER scan. I downloaded the pogram and opened it successfully. Then it starts to scan. Then i get the blue screen that says something bad has happened and windows is shutting down my computer to protect it. I tried to scan 2 more times, both ending the same way, so i am unable to complete the GMER scan.

Below is my DDS report.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Rae at 9:06:47.64 on Mon 04/11/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3573.2699 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32... Read more

Answer:Infected with MS Removal Tool Virus

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 99.63%

Hello - My pc has been taken over by some kind of software-removal-tool.com virus.

It started by throwing a bunch of false errors saying my hd was failing, system was corrupt, etc.

Then it displayed and advertisement for some bogus software to remove all the problems.

I obviously didnt click or buy that software.

Now I managed to get rid of the popups, warnings, and all that using Malwares, Ad-aware, superAntiSpyware, SpybotSearch and Destroy.

As for Antivirus software - I have run MSE and AVG.

AVG didn't pick up a thing - and MSE picked up a trojan:JS/Hiloti.F. - andI quarantined and removed it.

I also managed to get the files unhidden.

Now the problems that remain are a bunch of system folders are getting a 'System Denied' error when I try to open them, the desktop theme is pure black, and when I try to open Firefox.exe I get a popup that it is already running and it closes.

I tried uninstalling and reinstalling firefox - but still get the same issue.

If you could point me in a direction of how to resolve this, I would deeply appreciate it.

Thanks.

Answer:Win 7 64 Bit - infected by Software-Removal-Tool.com virus?

Lets make sure if the system is clean before solving other issuesDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

20 more replies
Relevance 98.4%

Unfortunately, I have no idea what to call it. But, I was googling, and ran across a website. It installed something apparently, because immediately, I started getting pop ups saying I was infected. Figuring that it was virus, I immediately closed everything. Then, all of a sudden icons in the bottom right tray of the desktop populated, looking like Windows Security Center, and notifying that there are viruses. Then, no matter what I tried to execute, explorer, windows explorer, Firefox, word, anything, it would not start, and a pop up in the tray came from the aforementioned icon, indicating that the virus was preventing the exe from running. Then, the desktop disappeared, and some sort of obviously fake virus remover popped up, asking for credit card information etc.

I am able to boot into "Safe Mode"

Running GMER now, will attach once it is done (Been running about an hour now)

Here is my DDS log
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 20:01:14.77 on Mon 02/28/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.987 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware�... Read more

Answer:Infected-Can't run any application--makes believe it is a Virus Removal Tool

Hi,

We're so sorry about the delay, do you still need help?

2 more replies
Relevance 97.99%

I realize this is not really a question of security but more one of annoyance.

I have been trying for a long time to remove this BHO(AA58ED58-01DD-4d91-8333-CF10577473F7) from my system. I know it is benign according to BHO Demon but I want it gone.
I uninstalled the Google Toolbar a long time ago.

I have used both BHO Demon and Hijack This and also removed it from the registry manually and evertime I reboot it is back. I have also searched for it in all my files.

Any suggestions.
 

Answer:Removal Of BHO Related To Googletoolbar

Does Win98SE have System Restore ? If so, it could be hiding in that ?
 

2 more replies
Relevance 97.99%

Lately my internet browsers (both IE and Firefox) have both been having problems with the search engines. It will search fine, but when you click on a link it redirects you through goingonearth.com or thewebtimes.net to somewhere completely different from where I wanted to go. I have tried scanning for whatever's causing it with Norton Internet Security and with Spybot S&D, but no luck. I have included the latest HijackThis log. Help!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:23:15 AM, on 5/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\... Read more

Answer:Need help with goingonearth.com related removal!

Hi timedrifter, and welcome to Bleeping Computer.Please follow our Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, and post the logs requested! Post the DDS.txt and Attach.txt logs + GMER logfile...

2 more replies
Relevance 97.99%

I am planning on giving a laptop for Christmas. I plan on setting it up prior to giving it so I would like to know what Malware/Antivirus/System tools and other software you would recommend. I would like to make it easy to keep things running clean and fast. My plan is to add the software before ever connecting online from a thumb drive. My current thought is to use the tools I have been using, Avast anti virus, Zone Alarm firewall, Bitdefender, and 10bit defragger running in the background. Advanced Windows Care and Spybot S&D to run on demand. And of course HJT just in case.

The main use will be IM'ing friends, email, music (itunes+ipod) photo's, myspace, Internet, word for college papers. She is not really a gamer.

Is the list above sufficient or are there other tools/software you would recommend? Thanks in advance.
 

Answer:Not Malware removal but related

Personally I recommend AVG AntiVirus, ZoneAlarm Firewall and Spy Sweeper. Those are the best applications for protection IMO.
 

1 more replies
Relevance 97.58%

Hello,

I just got infected with two nasty programs that want me to disable or uninstall Avast and keep pestering me to do alot of different things. I tried to run a scan with Avast and managed to put in quarantine one infection from the Temprary Internet File, but it did not seem to fix the problem. I would take a picture to show how the virus icons look like, but I can't do that anymore since I have been infected. help.

More replies
Relevance 96.76%

Any help at all will be greatly appreciated.

(Reports removed, problem solved.)
 

Answer:Another Obrana-related removal request

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
You need to exit MalwareBytes in your tray area. Right click and select Exit.
Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been fou... Read more

5 more replies
Relevance 95.12%

Hello:
I 'm not playing word games here. A month or two ago, I downloaded and ran the "Kaspersky virus removal tool". It found problems the other programs were missing. I followed directions and let it remove the problems. My big mistake was in keeping the program on the desktop to try again sometime. At some point WinUtilities, or Ashampoo Winoptimizer removed the Uninstall made by Kaspersky for this tool. The virus removal tool is not listed as a program, on Revo, Advanced Removal tool, or windows. It won't click to delete, but I feel it's a program, so maybe it shouldn't. It contains 321 MB,& 4890 files. Looking in permissions(security) of this "program", I seem to be lacking "Special Permission" . I'm afraid to tinker with permissions.
I would appreciate sincere , simple, step by step, help. I tried reinstalling a new Kas.virus removal tool, and then uninstalling it. Got rid of the new one , didn't touch the problem.
Thanks.

Answer:Virus Removal Tool Program removal

Try this tool at your discretion*. The utility should pick up on any remaining traces of the program and display it on its list for removal.* The Windows Installer CleanUp Utility is provided "as is" to help resolve installation problems for programs that use Microsoft Windows Installer. If you use this utility, you may have to reinstall other programs. Caution is advised.

4 more replies
Relevance 94.71%

I have been working a computer that was infected with multipe trojan viruses, such as mal/JavaJar-b, Keybar 1.8 toolbar, search conduit etc. I ran Windows, Defender, Malwarebytes, Sophos, TDS Killer and MSE. That seemed to correct the redirect problem but I still could not get Windows Firewall to run. I finally ran ComboFix which I have used in the past. It fixed the Firewall problem. I would just like to get a second option from some experts that I have gotten everything. I am uploading the ComboFix log. I would appreciate any help you can give. I have not used this forum in the past but look forward to your help.

Answer:Verification of removal of Keybar 1.8 Toolbar and related infections

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (N... Read more

2 more replies
Relevance 94.71%

Hi there,May I start with thanking whomever works with me on this!Yesterday morning I did all my normal daily scans/virus etc.and everything was clean. I know exactly where and when I got this host of trojans, and I know there are many. I was going to watch a tv show off a steaming site and I knew instantly I was in trouble. (Wisevid) I was able to run superantispyware for a few minutes before it closed iteself and rebooted system, then everything did not work. I did notice the following trojans all pop up in the display just as it closed. wmdtc.exe, win32agent, mundo of some sort, there we more but I couldn't read them fast enough. This has also disabled win defender, catalyst and a couple other programs I didn't catch as it was so fast. It also seems to have rolled my system back in some areas. I also see the "a.exe" trojan in my task manager. I can end this but it comes right back.All of my normal programs will not work. I run Avast, malwarebytes, superantispyware, ccleaner and spybot. All of which give me: "Windows cannot access the specified file or path. You may not have the appropriate permissions to access this file". In addition, any sites that have online scanners, related to removal, MS etc will not work. I have tried combofix and I get the error that I have an infected copy etc. I can not get hijackthis to run - same thing. I have tried doing everything in safe mode etc. The one thing I have been able to get is a log from GMER. This is du... Read more

Answer:Antivirus/tojan removal/exe/related sites don't work

Hi Khlyra,Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please update me on the current condition of your computer in case the issue is not solved.

3 more replies
Relevance 94.71%

Hey there,

So, I'm not sure what exactly my problem is. Recently I had become infected with some malware (TDSS.sys and UACd.sys) and I took measures to remove them as best as I could. Further scans don't seem to find anything else, but I can't be certain I've gotten everything as I'm still having some strange behavior.

Initially, I noticed that I had something because my google seaches were being redirected when I would click on any search result (windowsclick.com, I believe) and in investigating and trying to fix that I found the TDSS rootkit and then later UACd. Spybot S&D would catch the TDSS infections and remove them, but they would come right back after opening a new browser, so I found Malwarebytes Anti-Malware and scanned my computer and seemed to successfully remove the TDSS and windowsclick problems.

Just the other day though I got a BSOD while browsing the internet (unfortunately, I didn't get a chance to read/copy it) and ever since then programs are constantly crashing on me. Internet explorer, AIM, iTunes, windows media player, winamp, to name a few, will crash immediately after they load. Always the same programs.

So, to make sure I didn't have anything else, I also downloaded GMER and scanned with that and found UACd.sys. After some searching I found out that ComboFix could remove the UACd rootkit and so I downloaded and ran that and seemingly took care of UACd, yet my problem still persists.

My only conclusions are t... Read more

Answer:Programs keep crashing, not sure if it's related to previous malware removal

Usually with UAC, you're better off reinstalling the OSSince you have done everything in your post, I'd suggest posting in our HJT forum for more in-depth helpPlease read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as... Read more

3 more replies
Relevance 94.3%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 93.89%

What is Palladium Pro Malware

Palladium Pro Malware is a fake system software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2.Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Double-click Malwarebytes Anti-Malware-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download and install the latest ... Read more

More replies
Relevance 87.33%

This trick might be useful try it

Manually Update AVP Tool Kaspersky Virus Removal Tool Signature Databases ? Raymond.CC
 

More replies
Relevance 86.92%

Hi,

I am hoping you can help, as I can't seem to shake this virus on my own. My laptop recently became infected with the MS Removal Tool virus. I was able to "remove" it with MalwareBytes and Super Anti Spyware (AVG didn't even see it), but I have a feeling it isn't all the way gone as the proxy settings on both IE and Firefox keep getting set to 127.0.0.1 port 57677 every time I restart the browser. I also have a sneaking suspicion that it may be on one of my external HD's so any help in locating it on that would be appreciated as well.

One other thing. I live in Hawaii and work away from home during normal business hours M-F so my responses may be somewhat delayed.

Hope you can help.

----------------------------
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Matt at 17:04:29 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.913 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServic... Read more

Answer:Infected with MS Removal Tool (?)

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 86.92%

Good day this system has been infected with "MS Removal Tool". It also shows the following message shortly after booting :

"Appliation canoot be exectued the file tfswcrtl.exe is infected"

I was only able to run the prescribed utilities and get log outputs after using "Rkill" (The rkill log is also attached for review)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aaron Stein at 9:28:32.39 on Wed 05/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1333 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

As of 5/11 19:50 ET I deleted the file and folder identified in the "Rkill" log..the system seems quite but not sure if it's free of pests..Please inspect to see if I need more help..Thanks
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intern... Read more

Answer:Infected with MS Removal Tool

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

5 more replies
Relevance 86.92%

.DDS (Ver_11-03-05.01) - NTFSx86 Run by 100403428 at 0:51:27.47 on Mon 04/11/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3066.2335 [GMT -4:00].AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRest... Read more

Answer:infected with ms removal tool

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 86.92%

Just today I had a "MS removal tool" pop up on my screen that automatically made it look like a program was scanning my computer. Then at the bottom might it would pop up with a red x that AVG might be out of date.

I just would like to know what the next steps are. My computer has been running AWEFULLY slow for some time now, and I figured something was going on, but today finally this crap showed up!

Thanks so much in advance!

Answer:Am I infected? MS removal tool/AVG pop ups

Help?

6 more replies
Relevance 86.92%

I somehow grew to become infected using a virus that comes up declaring it truly is referred to as "MS Removal Tool two.20." It runs fake program scans and says that We've numerous defects on my difficult generate and RAM errors, and many others. It's got concealed a lot of files and shortcuts and makes it difficult to make use of my personal computer. Please offer any help to remove this. I'm working a total Malicious Computer software Elimination scan right now, but I do not understand that that can resolve registry issues, and so forth. Support,plz.Thanks a lot!

Answer:My PC Infected MS Removal Tool

For the bogus MS Removal Tool program removal, try the following:?Reboot your computer Start tapping the F8 key on your keyboard until you reach the boot options screenUsing the arrow keys on your keyboard, select Safe Mode with Networking and press Enter In Safe Mode, log in as the same user you are in normal Windows modeNext, download Rkill:http://www.bleepingcomputer.com/dow...Click on the Download Now button labeled: iExplore.exe download linkDouble-click on the iExplore.exe icon to runDo not reboot your computer after running RKill as the malware program will start again!!Download Malwarebytes' Anti-Malware (MBAM): http://www.majorgeeks.com/Malwareby...Save the program to the DesktopOn the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts If an update is found, MBAM will download and install the latest. At the main program window Make sure the following is checked: Perform Quick ScanClick: Scan (The scan may take some time to finish, so please be patient.) When the scan completes, a message box appears, click OK At the main Scanner screen: Click on: Show Results A screen displaying the malware found shows Make sure everything found is checked, and click: Remove Selected When the disinfection is complete, you may be prompted to Restart the computer. Please do so. When MBAM finishes removing malware, a log opens in Notepad The log is automatically saved and can be viewed by clicking the Logs tab. Please provide the contents of the MBAM ... Read more

3 more replies
Relevance 86.92%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by 100403428 at 0:51:27.47 on Mon 04/11/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3066.2335 [GMT -4:00]
.
AV: F-Secure Client Security 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe... Read more

Answer:INFECTED WITH MS removal tool

and no boot cd available or any other system cd

3 more replies
Relevance 86.1%

Hi Bleeping Computer people,About three weeks ago I started having a problem with Firefox. Every now and again (about every 30 minutes) Firefox would open a new browser (or sometimes a new tab of an already open window) and direct itself to websites like "bizrumour.com.au" and "mainstories.com". I often leave my laptop on overnight and in the mornings I would find an open firefox browswer window with 5-6 tabs of the above websites. (example URL: http://www.mainstories.com/index.php/remedies)I am running Vista with windows firewall enabled. I have AVG anti virus and ad-aware - both updated. AVG doesnt pick up any viruses and Ad-Aware picks up tracking cookies but nothing too out of the ordinary. This is my first time posting to bleeping computer so hope you are all doing well,cheersWPOSTED DDS REPORT:DDS (Ver_09-10-13.01) - NTFSx86 Run by John at 13:34:29.59 on Sun 18/10/2009Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.61.1033.18.2549.1395 [GMT 11:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\win... Read more

Answer:Infected with Unknown Trojan/Virus (firefox related)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Relevance 85.69%

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jim at 20:55:39 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.999.442 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\W... Read more

Answer:Infected with ms removal tool malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Relevance 85.69%

Hey there,

Got a p.c with the Sality.aa virus, its apparently a polymorphic type...grrr.

Can some one verify a removal tool / app for this that doesnt damage the exisiting files.

Thanks in advance:wave
 

Answer:Infected by Sality.AA - removal tool?

There a no guarantees that any removal tool can remove all of this. Nor are there guarantees that it can be removed safely. In most cases, the only suggested thing to do is reinstall since a PC could become quite unreliable if you don't. The choice is yours. If you wish to try a tool, then search for them an give them a run but you best backup personal data first and don't backup anything that is a executable.

One example is: http://support.kaspersky.com/faq/?qid=208279889
 

5 more replies
Relevance 85.28%

hi good day,
 
as per instruct ago, i have been doing the dds scanning on my pc. right now im still infected where all my picture in jpeg format become hidden and sometimes there is a flashing winrar coming through my desktop, and keeps flashing unstoppable for a very long time.  this is the dds log that i have save earlier;
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by [email protected] at 11:41:05 on 2013-06-10
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1013.297 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Update\GoogleU... Read more

Answer:infected by virus worm possibly related to jview.exe and shimgvw.exe..

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Press the Windows- and the R-key simultanously.Within the textbox, write appwiz.cpl, click OK.Search for and remove the following programsDelta toolbarBrowserDefenderclose the window.   Scan with adwCleanerPlease download AdwCleaner to your deskto... Read more

12 more replies
Relevance 85.28%

Hello,
NAV 2003 just discovered two files infected with backdoor.agent.b.
Symantec says you can either use the removal tool or follow the manual instructions how to manually remove the problem.
Does anyone know if the removal tool does exactly as the manual instructions state? For instance, will the removal tool edit the registry?
Or should I just let NAV try to repait/fix/ or whatever?
I realize I can try it, but I'm not at all familiar with the registry, and would rather check here first.
Also, should I disable System Restore before running the removal tool? Symantec doesn't mention that but it seems to make sense to me.
Thanks in advance,
patmac

XP Home SP1
 

Answer:NAV Removal Tool Question

16 more replies
Relevance 84.87%

My PC is infected. A program "MS Removal Tool" pops up when I boot and scans my computer and then asks if I want to remove the threats. It has blocked my viris software from running. I followed the Bleepingcomputer Forum preparation guide and ran DDS.txt and have attched attach.txx and ark.txt Logs to this topic. I am posting them here. Please help.Thank you.DDS.DDS (Ver_11-03-05.01) - NTFSx86 Run by Robert at 18:02:41.05 on Sun 04/24/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3574.2324 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Netw... Read more

Answer:Infected with "MS Removal Tool" Popup "scans PC"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

16 more replies
Relevance 84.87%

MS Removal Tool, saying I have infections and virus'. CLicked to see the problem and 'scans' my computer saying I have 38 infections. I click remove, comes up with a payment option asking for Credit Card details.

Have tried going through steps 6 and 7. Download links to desktop, try to open them. Warning sign from MS Removal Tool : 'Warning Application can not be excicuted. The file dds.scr is infected. Please activate your antivirus software'.
Not sure what to do now because steps 6 and 7 are the ones that are most imporant.

Other message bubbles keep appearing.
'Warning windows had dected spyware infection! Click this message to update'
'Intercepting programmes that may comprimise your privacy and harm your system have been detected on your PC. Click here to remove them imediatley with MS Removal Tool'

Answer:infected with MS Removal Tool (antivirus software)

Hey - it's your bro!The program MS Removal Tool is what's known as a rogue Anti-Virus. It installs on your PC and will identify problems which may not exist but ask you to pay to remove them. More details can be found here.Please download OTH.scr to your desktop.Now download OTL to your desktop.Double click the OTH file and select Kill All Processes, your desktop will go blank

Then select Start OTL, - OTL will now run:Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedCasey

12 more replies
Relevance 84.87%

Hi there,

I was running Firefox the other day and for some reason, my Windows 7 Professional laptop got infected with the MS Removal Tool malware. I am prevented from opening any programs, including my browsers. The MS Removal Tool then launches and scans my PC, tells me that I am infected with 38 forms of malware, and then proceeds to fish for my credit card info.

Could you help me please?

Regards,
Nick

Answer:Windows 7 Laptop Infected: MS Removal Tool

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

9 more replies
Relevance 84.87%

Yesterday, I picked up a virus that kept telling me that my system was having serious, critical issues. I figured it was some kind of attack, so I ran Malwarebytes right away. Of course it found several objects, and I deleted them. I ran it again, and it found more objects, and I deleted them (sorry, I didn't save any logs). After that, I recieved no more messages. I restarted my computer. Everything was gone! I have no icons on the desktop, and no files in explorer. Somehow, I found my way to my drive properties, and noticed that the drive space had not changed, so I figured out that all the files had just been hidden. So, that's when I really began doing some research about what had gone wrong with my computer. I tried using system restore twice, and each time, I ran out of hard drive space (not sure if this was part of the virus). So I stopped trying that.I then decided to try Rkill. I first ran my old version that was installed. It opened three windows stating "Installation Failed", then proceeded to run, but ultimately came back with "Access Denied". Now it seems, that I also was infected with the MS Removal Tool malware. I understand how to fix that from the BleepinComputer forums, but I cannot run Rkill. I am on a Vista 64 bit machine. Here are my logs:---Rkill---This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Antho... Read more

Answer:Infected with MS Removal Tool, AND other that hides all files

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

8 more replies
Relevance 84.87%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 84.46%

Please advise on how to remove the system tool virus to a not very computer literate person.

Answer:system tool virus removal tool

Hi, You will need to download a couple of things.Rkill at this linkhttp://download.cnet.com/RKill/3000...Malwarebytes at this linkhttp://www.malwarebytes.org/ update and run a full scan.Malwarebytes should remove it.

4 more replies
Relevance 84.46%

Norton AntiVirus has suddenly begun shutting down because of an e-mail scanning error. When I try to scan folders with it to find the problem, it stalls when scanning files in the following folder: C:\Documents and Settings\Owner\Local Settings\Temp. When it stalls, it gives a message saying that the scanning module must shut down. Occasionally it says that NAV files are missing and I need to uninstall and reinstall NAV.
I have deleted one file in the folder that it stalled on which was left over from an old previously uninstalled application. The scan then proceeded to another file in the folder and stalled on it. Would it be safe from a Windows standpoint to delete all of the files in this TEMP folder?
 

Answer:[Resolved] Windows-related Anti-Virus Question

12 more replies
Relevance 84.05%

I'm currently running in Windows 98 SE, My excel 2000 is currently infected by the Toraja.Gen virus, which can easily be cleaned by any Anti Virus software, but afterwards I'm unable to open any Excel related files.

A Brief Description of the Toraja.Gen Virus taken from the Symantec Web Site:
O97M.Toraja.Gen is a macro virus, which infects Microsoft Word and Microsoft Excel documents. In Word it infects the Normal.dot template, and in Excel it contaminates the \XLStart folder with an infected Excel workbook. Many standard menu functions are overridden, making them inaccessible.
It infects the Normal.dot file (Microsoft Word) or inserts a copy of the infected workbook in the \XLStart folder with the file name Start12.xls.

I already tried cleaning with McAfee Anti-Virus (Updated everyday) 3 times just in case, I also already tried uninstalling, reboot, then re-installing my Microsoft Office, but to no avail. The Excel program keeps asking me that the Start12.xls is not found everytime I tried opening a file. The only way I could open a file is by infecting my computer with the virus again. Could anybody help me out?
 

Answer:Infected by Toraja.Gen Virus: unable to open any Excel related files

After cleaning the virus, did you rename the normal.dot template normal.old or anything to force a new one to be created.

And if you run regedit navigate to this key:

HKEY_USERS\S-1-5-21-3341562259-4036164967-2552189465-1006\Software\Microsoft\Office\10.0\Common\General

do you see in the Right hand pand the Value name: Xlstart

And the Value Data: XLSTART

http://securityresponse.symantec.com/avcenter/venc/data/o97m.toraja.gen.html

Did you delete Start12.xls from the xlstart folder? You might also want to search the registry for any references to Start12.xls and substitute XLSTART

If no luck, I'll move you to the Business Applications forum; I'm not really familiar with Excel and you might get better help there
 

2 more replies
Relevance 84.05%

We purchased a new laptop for my wife (Win 7 Pro 64-bit). It came with preloaded software of course and one that I want off is Nortons. It's not "installed" but rather sitting ilde on her PC. Everytime we boot it up, Nortons flash screen comes up, etc etc. It even shows it running in Task Manager when we have yet to install it. I've tried uninstalling thru Win programs, but to no avail.

My question is, should I try the Norton removal tool? Wouold it work on a program that is not fully installed?

Thanks!

Answer:Norton Removal Tool Question

What do you mean, it's not installed, but it's running?
Is it listed in "Programs & Features"?
What happened, when you tried to uninstall it.
Surely, you can use Norton Removal Tool, if you want to get rid of Norton.

8 more replies
Relevance 84.05%

Hi there,
Just a quick question for you regarding MS Removal Tool if you've got a minute.

Booted into Safe Mode with Netorking.
Ran full scan with MBAM and the log stated 1 registry key and 3 files were infected ...... removed selected.
The infected PC has been running perfectly ever since (4 days).

Would I still need to follow the rest of the clean up procedure listed in the Spyware removal section of the forum or is it possible that MBAM got it all ?

Thanks.

Answer:Question re: MBAM and MS Removal Tool

I'd carry on with the instructions here just to be sure it's all gone Casey

2 more replies
Relevance 84.05%

I have followed your instructions for removing system tool from my computer. I believe it was successful. There are now 4 icons on my desktop from the removal process. do I just leave these there or should i delete them and the programs?

Answer:after system tool removal- question

Hello.

What icons are they, exactly?

1 more replies
Relevance 84.05%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 84.05%

Yesterday my Dell laptop running XP home edition was infected with MS Removal Tool. I followed directions found here: http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool but when Malwarebytes' attempts to update I get the following message:

"An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)"

I am unable to access the internet in safe mode with networking, presumably because of the proxy server. When I open a web browser (Internet Explorer or Firefox) and go through the steps to reconfigure proxy settings (steps 3-6 in the directions), the "use proxy server" box is already unchecked. However I still cannot access the internet or update Malwarebytes'. I ran the scan anyway, and it turned up a few items. But when I rebooted the virus returned.

I have now loaded an update manually with an executable file (the database is now 23 days old), but it still doesn't find the virus. At this point Malwarebytes' scans come back clean, but when I reboot, the virus returns about the time my wireless connection usually connects.

Lastly (not sure this is relevant), there is a folder in C: called "0aa427f77eeb9403e9f5ac" that contains two identical folders (one of which is named i386) both contain the following files:
filterpipelineprintproc.dll
msxpsdrv.cat
msxpsdrv.inf
msxpsinc.gpd
msxpsinc.ppd
mxdwdrv.dll
xpssvcs.dll

I cannot delete this folder or ... Read more

More replies
Relevance 83.23%

After downloading and installing this tool from the Windows updates site, I could not find anywhere in the Start menu where it could be manually activated and run.

I did a "search" for MRT.EXE and MRT.LOG and was only able to find the log file. This is its contents:

----------------------------------------------------------------

Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Wed Jan 12 06:12:15 2005

Removal Tool Results:
No infection found.

Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 06:12:18 2005

----------------------------------------------------------------

Does the MRT.EXE file automatically delete itself after it runs?
 

Answer:A Question About The Microsoft Malicious Removal Tool

6 more replies
Relevance 83.23%

I couldn't seem to find the answer on any of the pages on the MS Site, so I'm wondering is anyone knows:

If I'm already running MS Security Essentials, do I need to d/l & run the Malicious Software Removal Tool? I'm guessing not, but it never hurts to ask.

And I'm guessing since I don't have MS Office I don't need the Sec Update for that. The only thing I have related to that is the MS PP Viewer

Thanks

Answer:Question about Malicious Software removal tool

  
Quote: Originally Posted by Borg 386


I couldn't seem to find the answer on any of the pages on the MS Site, so I'm wondering is anyone knows:

If I'm already running MS Security Essentials, do I need to d/l & run the Malicious Software Removal Tool? I'm guessing not, but it never hurts to ask.

And I'm guessing since I don't have MS Office I don't need the Sec Update for that. The only thing I have related to that is the MS PP Viewer

Thanks


Hello Borg, this thread would be best moved to the security section, but in answer to your question in my humble opinion, in addition to MSE I run Malaware Bytes in tandem.

7 more replies
Relevance 83.23%

Gauss is a project developed in 2011-2012 along the same lines as the Flame project. The malware has been actively distributed in the Middle East for at least the past 10 months. The largest number of Gauss infections has been recorded in Lebanon, in contrast to Flame, which spread primarily in Iran.
Functionally, Gauss is designed to collect as much information about infected systems as possible, as well as to steal credentials for various banking systems and social network, email and IM accounts. The Gauss code includes commands to intercept data required to work with several Lebanese banks - for instance, Bank of Beirut, Byblos Bank, and Fransabank.

Check online if your computer is infected with Gauss malware in a few seconds by going here. Download the Gauss Removal Tool by Kaspersky here.
CrySyS have also introduced a web-based method to check your system for Palida Narrow. Their test webpage is currently available here: http://gauss.crysys.hu.

Answer:Gauss malware: Check if your PC is infected - Download Removal Tool

Thank you for this great tweaker.

1 more replies
Relevance 83.23%

HelloI'm new to this website and in desperate need of help. This virus is actually giving me anxiety and I'm starting to have chest pains. I'm such an idiot! I downloaded a suppossed video codec from a link that was hosted by cnn (so I thought it was trusted) and it downloaded a file titled "install_player3913012" And ever since then a popup comes up and says: your system has been infected with a dangerous file ...download this spyware removal tool or malicious files will be lost. Obviously I don't ever download it.I followed preparation guidelines but it took forever! I don't believe Housecall was able to complete. And also my Norton Antivirus says it's unable to access the engine to complete a scan. I want to reinstall but I'm scared to do so without your input first.And worse off!! I just found out while writing this post that it must be messing with my keyboard because as i am trying to type, the cursor automatically goes back 1 space and places the letter there. I had to edit this post for it to be spelled correctly. I can't go on like this. To get a better idea of what I mean I'll show you what it does if I don't edit it:Helo Iam hving trouble wthm cmputerand I' aking bleeping copter.com to help m because i dot know wher else to turn .eneutmm oy ia lTHIS HAS NEVER HAPPENED BEFORE, I AM POSITIVE IT IS BECAUSE OF THAT DOWNLOADed virus.Please, kindly extend your help to me. I live on my computer and I am absolutely paralyzed in my professio... Read more

Answer:Popup: "your System Has Been Infected...download This Spyware Removal Tool"

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

5 more replies
Relevance 82.82%

i d/loaded this update last night but cant find it now, does it run automatically or does it need activating of some kind (if one can find it that is ;))johnny.

Answer:new xp virus removal tool

It runs from the Windows Update site but does not install on your PC.However, it leaves a log of the scan at Windows/Debug/mrt folder.

10 more replies
Relevance 82.82%

Avast! found W32:Trojan-gen. on my pc and I cannot remove it.

It was found here:

c:\_RESTORE\ARCHIVE\FS99.CAB1A0032296.CPY

twice.

I try to delete it, move it to the chest, repair it, and nothing. It says "Access is denied, cannot process."

Is there a removal tool I can use to get rid of this?

Please help.

Thanks in advance.

Also---when I run Adaware and Spybot it comes up clean.
 

Answer:Virus Removal Tool???

9 more replies
Relevance 82.82%

Does anyone know how to remove the MS Removal Tool Virus?ThanksEdit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Answer:MS Removal Tool Virus

Take a careful look, follow inssructions...exactly as written.Remove MS Removal Tool Malware, BC GuideIncluding those uner the "If you are still having problems" paragraph , good luck .Louis

1 more replies
Relevance 82.82%

Trying to opne my SAV 10 ANTI-VIRUS. MS REMOVAL TOOL VIRUS prevents me from opening the winzip to install the anti-virus. Any help for this problem? Please?

Answer:Cannot get rid of MS REMOVAL TOOL VIRUS to op

What do you mean

7 more replies
Relevance 82.82%

My computer has the MS Removal Tool Virus and the posted fix does not work for me.It will not access the internet but the proxy server box is not checked in Internet tools. MBAM cannot update due to that. The manual update for MBAM is 15 days old and does not find anything wrong. RKill stops the process but that's it.DDS WILL NOT WORK. I have used RKill, been in safe mode, etc, and DDS will not run for anything. I don't know what to do.I have attached the GMER log. Please help! I just got this computer and I am afraid it will be lost!MOD EDIT:: post you OTL and GMer logs and I'll clean this up.OTL logfile created on: 5/23/2011 1:56:40 PM - Run 3OTL by OldTimer - Version 3.2.23.0 Folder = E:\Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.36 Mb Total Physical Memory | 543.41 Mb Available Physical Memory | 53.52% Memory free1.64 Gb Paging File | 1.26 Gb Available in Paging File | 77.12% Paging File freePaging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.89 Gb Total Space | 10.51 Gb Free Space | 18.80% Space Free | Partition Type: NTFSDrive D: | 0.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 491.73 Mb Total Space | 484.91 M... Read more

Answer:MS Removal Tool Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

97 more replies
Relevance 82.82%
Question: virus removal tool

I have Microsoft Security Essentials running on my Windows xp and it keeps finding the following items:

Worm:Win32/Rorpian
Exploit:Win32/CplLnk.A
Wrom:Win32/Rorpian.E!lnk

It states they are being removed, but they keep appearing almost every half an hour...

These are being found in the Setup50045.fon, setup50045.lnk, myporno.avi.lnk, and pornmovs.lnk files.

here i m attaching log file as advised. Any help would be appreciated.


thanks!

Answer:virus removal tool

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Relevance 82.82%
Question: Virus removal tool

I just found out that I have the W32 Netsky [email protected] virus. I need help to remove it.
 

Answer:Virus removal tool

http://www.majorgeeks.com/download.php?det=4063
 

9 more replies
Relevance 82.82%

Hello,

My mom's laptop is infected with a crazy virus. Every time I start it up, MS Removal Tool pops up and starts running a scan. I tried downloading Malwarebytes but after downloading, I was unable to install it because a Warning message popped up in the lower right hand part of my screen saying it is infected. I then tried to downlaod Malwarebytes on a different computer, renamed it, and tried to install from a flash drive, but it still did not work. I seriously need help getting rid of this thing! Please Help!!!

-Jay

Answer:MS Removal Tool Virus?!

Have you tried running rkill before running malwarebytes jabidi see here

6 more replies
Relevance 82.82%
Question: VIRUS REMOVAL TOOL

Where we can find an effective Removal Tool for the Virus S.hklmm.com   The Malware effected all programs even private financial institutions websites. 

More replies
Relevance 82.82%

guys i have followed another thread on here about this virus and still cant get rid of it. i have run the dds and gmer logs and they are all attached.
your help will be much appreciated guys

Answer:ms removal tool virus

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 82.82%
Question: removal tool virus

I was infected by a "Removal Tool" virus. Any suggestions on how to remove it?

Answer:removal tool virus

Hello, I moved this to Am I Infected. Did you mean MS Removal Tool ?Please follow our Removal Guide here Remove MS Removal Tool (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 82.82%

Hello all. Hope someone can help. I find one of my computers infected with the MS Removal Tool virus and have tried all the steps found here http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool with no success.

After reboot, MS Removal Tool continues to be there. Have also tried running SuperAntiSpyware.

Here is the DDS Log. Looking forward to any/all replies. Thanks! ~Jack

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Administrator at 18:14:30.14 on Tue 04/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.277 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.yahoo.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&... Read more

Answer:MS Removal Tool Virus

Virus removed! Downloaded all renamed copies of Rkill (WiNlOgOn worked) and ran that and then everything else within the instructions.

Thanks!

~Jack

2 more replies
Relevance 82.82%

I have accidentally imported a virus called "ms removal tool" I havebeen advised by geekpolice this web site can help remove it

Answer:ms removal tool (virus)

Please follow this guide: How do I remove the MS Removal Tool Virus?

2 more replies
Relevance 82.82%

Anyone after a removal tool for these I-Worm/Mydoom.F and I-worm/Netsky - A to D variants Virus Removal Toolclick here

Answer:AVG Virus Removal Tool

do updates not detect this?

3 more replies
Relevance 82.82%
Question: Virus Removal Tool

Hi experts,

Is there any tool that is compact in size and is able to detect and remove nearly all kinds of viruses and malicious programs...???

Thank You.

Answer:Virus Removal Tool

There are several, but not all of them will clean everything.

4 more replies
Relevance 82.82%
Question: Virus removal tool

My Norton has stopped and quarantined a virus in my computer. It is called Worm.Automat.AHBDoes nayone know of a tool for getting rid of it from my computer.

Answer:Virus removal tool

It's also known as [email protected]Removal tool: [email protected]" title="http://securityresponse1.symantec.com/sarc/sarc.nsf/html/[email protected]" TARGET="_new">click here

8 more replies
Relevance 82.82%
Question: virus removal tool

Hello
I guess I'am in the right forum to ask this question but I was reading bout the Sophos virus removal tool on Cnet I think if my memory serves me right.  any how I was interested to know more bout the Sophos virus removal tool.  I read that was OK to run this tool along side anti virus protection on pc.   I don't think I have a virus but was wondering what anyones opinion was on the Sophos removal tool.
 
thanks for reading, Gina

Answer:virus removal tool

Sophos Virus Removal ToolNOTE: If you run the tool, click 'Help' in the lower left hand corner, it provides an FAQ.Many vendors create specialized removal tools to deal with various infections and have them available for download on their website. If you need such a tool, it is best to download directly from the vendor's site rather than using a third-party hosting site such as CNET.Free Malware Removal Tools by Anti-virus vendors:BitDefender Virus Removal ToolsKaspersky Virus Removal ToolsESET Stand-alone malware removal toolsAVG Removal ToolsPanda Cloud Cleaner - How to disinfect computer with Panda Cloud CleanerSymantec Virus/Trojan Removal ToolsSymantec Security Risk/Spyware Removal ToolsNorton Rescue Tools: Norton Power EraserF-Secure Legacy Tools

1 more replies
Relevance 82.82%

I had the ms removal tool virus. I downloaed and ran rkill. It worked. I downloaded and run the malaware program, it worked as described.
It said it needed to reboot the computer. It did, but now keeps going back to the safe startup screen selection and wont reboot to windows. What is wrong? Computer now worse than with virus.
Thanks.

Answer:MS Removal tool virus

Hello and to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in un-bootable computers respond to your topic.

Thank you.

17 more replies
Relevance 82.41%

What is MS Removal Tool?

MS Removal Tool is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download an... Read more

More replies
Relevance 82.41%

So I downloaded the Norton Removal Tool a number of months ago, but never got around to using it because I'm going to be getting a replacement laptop. However, the replacement will also come with some trial version of Norton (that's not fully installed, but you still need to remove it, which I will). So I'll probably need to run the Norton Removal Tool just to be safe, right?

So I noticed that the tool I already had downloaded is Version 2007.2.4.12 -- then when I went and downloaded it again (because I read there was some new version), I see that this is true and the new one says it's Version 2008.0.0.21.

So what's the difference?

I'm guess I should use the most recent one when I get my new laptop in the mail, but I just wanted to make sure there wasn't something weird and that the new version wasn't as good or something...

Thanks!

Answer:Probaby A Really Stupid Question About Norton Removal Tool :)

I have not heard anything bad about the latest version of the Norton Removal Tool. I would imagine that they update it from time to time to cover new Norton products and to fix any bugs that have been discovered. So if I were you I would go for the latest version.

2 more replies
Relevance 82%

I have a vbs virus that antivir detected and deleted. msconfig has strange services listed under startup. i can't read the start up item or command because they are in a strange script of boxes (squares and rectangles). the registry key is . . . software\microsoft\windows nt\currentversion\windows.

i am running an xp os and have noticed ramped memory. i only have 192 mb of mem and the system runs (or says it is running) up to 260.

spybot and adaware are not finding any exploits and hijack this looks normal.
thanks for the help in advance.
 

Answer:vbs/newlove.a virus (NEED REMOVAL TOOL)

Please post your HJT log.
 

2 more replies
Relevance 82%

Recently the most of the part of U.S and Western Europe was taken for a ride by the Zotob worm threat. Zotob virus attacks computers having Windows 2000 operating system and takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm has many variants that install malicious software, and then spread over the healthy computers leaving them infected. Get solutions to remove Zotob virus.

VengaBoyz

Answer:Zotob Virus Removal Tool

As I posted to Junth2, Symantec also has the tool
http://securityresponse.symantec.co...32.zotob.e.html

http://securityresponse.symantec.com is always a good place to check for removal tools and instructions.

TrendMicro is another spot to check for tools and removal instructions

Thank you for giving me another resource, VengaBoyz

3 more replies
Relevance 82%

Hello:

How do I remove

Alemod Virus ?

Thanks

Answer:Alemod Virus Removal Tool

Hi

We want all our members to perform the steps outlined in the link given below, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Relevance 82%

Hi, new here... Thanks for the help in advance.
I was trying to watch a movie from 10starmovies.com last night
and ended up with a virus. its called ms removal tool.
found the guide from this site to remove it and am trying to make my way thru the list.

helpful insight.... im on a hp laptop (virus infected) I have a desktop to work with also (not infected)

I have started it in safemode with networking
went to IE and went to tools, internet options, connections, LAN settings and proxy server box was NOT checked.

Next I log on internet still in safemode and try to download rkill and the laptop shuts off. restart and it shuts off again and again.
charger is plugged in and showing full battery. shuts off in random times. Also have tried to run malewarebytes that I already have on laptop
and it shuts off again and again.

Anyone know what to do?

More replies
Relevance 82%

This post is about how to get rid of a Rogue Virus in your computer. Before i get to that, i just want to say i am posting this because it will come in very handy for you guys in the future if you encounter these types of rogue virus (the list is shown in the picture below as an attachment.) I have encountered it once but it gotten worse to the point where i wasnt able to fix it untill i saw this website (link provided below). It really helps and i even got rid of one from my classmate's computer that was infected by one. So i thought i be generous to help you guys out and share the link and the description and how to delete, remove and recover your computer without wiping your hdd clean. I do not take any credit but to just post an interesting topic that is very useful and has important information.

P.S.- It would be nice to have this topic stickied.
[EDIT] Also, the downloadable files are for Windows XP, Vista, and 7.
Method #1: Reg File and MalwareBytesLINK===> How to remove XP Security Tool 2010, XP Defender Pro, and Vista Security Tool 2010 (Uninstall Guide)

Automated Removal Instructions for XP Security Tool 2010, XP Defender Pro, Vista Security Tool 2010, and Vista Defender Pro using Malwarebytes' Anti-Malware:



1. For the first part of this removal guide you will need to use a different computer than the infected one. This is also a tricky rogue to remove, so please follow the instructions carefully. If you are concerned about whether or not you can do this,... Read more

Answer:Rogue Virus Removal Tool

Good post

9 more replies
Relevance 82%

I unfortunately had the system tool virus on my PC. I have followed your removal tool with no problems until i try to save the new hosts file. It will not allow me to save it as "I don't have permission to save in this location". I have down loaded the_hosts-perm.bat Download Link . i have deleted the old hosts file. Please can you help me I am just an amateur following instructions !!!

Answer:System tool virus removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 82%

I got hit with the security tool spyware thing and I followed all the steps from this page
http://www.bleepingcomputer.com/virus-removal/remove-security-tool

I was downloading something and the download stops in the middle. Then a few minutes later a Security Tool scan pops up. I knew immediately it was a virus so I shut down the laptop. I used my another uninfected laptop and found the site I mentioned above went through all the steps in safe mode.

Using malware antivirus I was able to remove 3 infected files but after I restart the computer System Tool is still on my computer.
Every time I restart regularly(not under safe mode)there is a prompt:
####################################################################
User Account Control
Do you want to allow the following program to make changes to this computer?
Program name: malwarebytes' Anti-Malware
Verified publisher: Malwarebytes Corporation
File origin: Hard drive on this computer
Yes No
##################################################################
I restarted a few times and tried yes and no, same thing happens.
My background changed to "Warning? you're in danger! Your computer is infected with sypware...."
and system tool scan pops up.

What should I do now?

I have Windows7.

Answer:System Tool Virus removal Help

Here's another guide, both are rather complicated, I would ty to follow them exactly if possible?

http://forums.malwarebytes.org/index.php?showtopic=66064&pid=334861&st=0&#entry334861

8 more replies
Relevance 82%

Security Tool virus has taken over my computer. I can't run task manager, regedit, msconfig, How do I remove this from my computer, please?

Answer:security tool virus removal

Hello and welcome... Iam moving this from Vista to the Am I Infected forum.You need to do all the steps ..Please follow our Removal Guide here How to remove XP Security ToolYou will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

25 more replies
Relevance 82%

YAC Virus Removal software do?

YAC is exactly that: an efficient little program makes fast work of outdated registry entries, cookies, and temporary files. YAC also helps protect your browser from malicious plug-ins. Via clear out of cache/browser history,emptying the recycle bin,old Windows logs,memory dumps and other "unseen" objects to speeds up slow computers, helps save disk space and keep computer running smoothly.

- Scans a computer system at lightning fast speed, with a single button clean up and optimize the computer system
- Automatically clears cache/browser history and emptying the recycle bin
- Protect the browser from malicious plug-ins
- Software manager is used to remove processes which are currently running
- Disable or Start-up Delay some software that don't need to start along with the computer boot.
- YAC's Boosting ball, accelerates computer's running speed and keep computer running smoothly by one click.

Home Page

Note: I did not fully tested this tool just perform scan. I find some suggestion and hundreds of MB of junk . I hope some one tested this software thoroughly let us know the usefulness of this software as compare to other in this category .
Thanks
 

Answer:YAC Virus Removal Tool and Cleaner.

be careful webroot detected as malware and remove it quickly but online armor missed it hmmm got me thinking about online armor firewall any suggestions
 

5 more replies
Relevance 82%

hi all,

i got a link in yahoo messenger saying "watch my vacation snaps" from my friend and when i clicked the link,auto generated messages were sent from yahoo and the "run" menu is not there in the startmenu . also the taskmanager also is disabled if the click ctrl +alt+del
when i scanned the computer
the following viruses were shown

trojan.adclicker
[email protected]
w32.sality.u
downloader

please help me to remove these viruses as direct removal tool is not available.

regards,
sunshine
 

Answer:virus removal tool needed

Welcome,

The best way is to post a HijackThis log and let an Log Expert to look at it for you.
Download HijackThis to your desktop

Double click on HijackThis on your Desktop
Then click on Unzip
It will install to Program files by default
Then Click Start>>>Run type C:\Program Files click OK
Look for a folder called HijackThis
Double click on it
On the right you will see a Icon of Dynamite with plunger
Double click on the Icon
Click on Icon and choose "scan system and save a logfile" usually in notepad
Copy and Paste the logfile in your next post
Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.

 

2 more replies
Relevance 82%

Kaspersky? Virus Removal Tool is an utility designed to remove all types of infections from your computer. Kaspersky? Virus Removal Tool implies effective algorithms of detection used by Kaspersky Anti-Virus and AVZ Antiviral Toolkit.

Attention
Kaspersky? Virus Removal Tool is not capable for real-time protection of your computer. As soon as your computer is cleaned you are supposed to remove the tool and install a full version of antivirus software.

Further reading -

Kaspersky Virus Removal Tool

More replies
Relevance 82%

I've attached, MBAM log, the DSS logs, and GMER log.I got hit with the security tool spyware thing and I followed all the steps from this pagehttp://www.bleepingcomputer.com/virus-removal/remove-security-toolI was downloading something and the download stops in the middle. Then a few minutes later a Security Tool scan pops up. I knew immediately it was a virus so I shut down the laptop. I used my another uninfected laptop and found the site I mentioned above went through all the steps in safe mode.Using malware antivirus I was able to remove 3 infected files but after I restart the computer System Tool is still on my computer.Every time I restart regularly(not under safe mode)there is a prompt:####################################################################User Account ControlDo you want to allow the following program to make changes to this computer?Program name: malwarebytes' Anti-MalwareVerified publisher: Malwarebytes CorporationFile origin: Hard drive on this computerYes No##################################################################I restarted a few times and tried yes and no, same thing happens.My background changed to "Warning? you're in danger! Your computer is infected with sypware...."and system tool scan pops up.What should I do now?I have Windows7.Here's another guide, both are rather complicated, I would ty to follow them exactly if possible?http://forums.malwarebytes.org/index.php?showtopic=66064&pid=334861&st=0&am... Read more

Answer:System Tool Virus removal Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

3 more replies
Relevance 82%

Hi All

I think I have the MS Removal Tool Virus on 2 pc's - my main pc runs Vista.

I've tried almost everything including:

> Rkill - which now doesn't find anything - although it did initially.
> Malwarebites - which now doesn't find anything - although it did initially.
> CCleaner, Adaware, Spybot & Avast - don't find anything
> I've tried to delete the taskmanager

I can access the internet in safe mode with networking and to a degree in normal start up, but the pc is still infected and not running particularly well.

I also tried running combofix and it generated the report below.

I'm desperate to fix this and really need somebody to talk me through it step by step as I'm not particularly pc literate and been trying to fix this for the past week almost constantly.

Please help!

Thanks

Jon

ComboFix 11-04-12.02 - Jon 13/04/2011 18:28:50.1.2 - x86 NETWORK
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.1789.1321 [GMT 1:00]
Running from: c:\users\Jon\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF... Read more

More replies
Relevance 82%

Hi Everyone:

Does anyone know if Sophos Virus Removal Tool is any good to use as a secondary scanner??

Tony
 

Answer:Sophos Virus Removal Tool

yeah it is awesome I've used it
 

3 more replies
Relevance 82%

Hi All

I think I have the MS Removal Tool Virus on 2 pc's - my main pc runs Vista.

I've tried almost everything including:

> Rkill - which now doesn't find anything - although it did initially.
> Malwarebites - which now doesn't find anything - although it did initially.
> CCleaner, Adaware, Spybot & Avast - don't find anything
> I've tried to delete the taskmanager

I can access the internet in safe mode with networking and to a degree in normal start up, but the pc is still infected and not running particularly well.

I also tried running combofix and it generated the report below.

I'm desperate to fix this and really need somebody to talk me through it step by step as I'm not particularly pc literate and been trying to fix this for the past week almost constantly.

Please help!

Thanks

Jon

ComboFix 11-04-12.02 - Jon 13/04/2011 18:28:50.1.2 - x86 NETWORK
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.1789.1321 [GMT 1:00]
Running from: c:\users\Jon\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF... Read more

More replies
Relevance 82%

http://nakedsecurity.sophos.com/2012/04/11/free-virus-removal-tool-for-download-from-sophos/
 

Answer:Free Virus Removal Tool

Free virus detection and removal


Removes viruses, spyware, rootkits and fake antivirus
100% free! Totally, absolutely, completely
Supports Windows XP, Vista and 7
Works alongside your existing antivirus
How-To and Download

[hr]

I wonder how effective this is?
 

3 more replies
Relevance 82%

Hi:

I am running WIndowsME and I have a virus on my machine. [email protected] The Infected file is called WINAD CLIENT\WINAD.EXE

Don't know if I need the file, but i went to the symantec virus removal site and that virus isn't listed.

Anyone know where else I can look.

Trying Desperately to clean machine but seems like I am playing 2 steps forward one step back.

Thanks
 

Answer:Can't find a Removal tool for virus

Download Hijackthis http://www.s92400163.onlinehome.us/hijackthis.zip

Extract..open...scan...and save log. Copy and paste here. Do NOT check off or fix anything yet.
 

2 more replies
Relevance 82%

Kaspersky? Virus Removal Tool is an utility designed to remove all types of infections from your computer. Kaspersky? Virus Removal Tool implies effective algorithms of detection used by Kaspersky Anti-Virus and AVZ Antiviral Toolkit.

****Note that Kaspersky? Virus Removal Tool is not capable for real-time protection of your computer.****


Read more below -

Kaspersky Virus Removal Tool

More replies
Relevance 82%

Hi, i know your only supposed to use only one anti virus program. I run ESETS NOD32 can i also have the Sophos Virus Removal Tool installed for rootkits? Thanks.
 

Answer:Sophos Virus Removal Tool

Hello, Chala

Yes, it can be used along your anti-virus - however pay attention to this quote from the Sophos knowledgebase page.




Note:
You should always use the latest copy of the tool.
As the tool cannot self-update or be manually updated you must re-download the tool to receive the latest protection.
Click to expand...

It should be re-downloaded for each new use.

dr.m
 

5 more replies
Relevance 81.59%

I don't really "use" Windows Malicious Software per se, but I've always downloaded the "Removal Tool" as part of my Windows Updates each month. Is WMS a separate program? And what is this tool?

I thought this thing was something you download and it runs once (supposedly), though I've never noticed anything running when I've downloaded this update in the past.

Would there be a WMS program on my computer? Or is this update an .exe in of itself that just runs once like it says? I guess I'm not really clear as to what this is and what it does (though I've always downloaded it).

Does everyone usually download this update each month? Any reason not too?

I see that it's like 7.7 Megs this time, which seems pretty darn big...

(However, when I go to the link for more info on it, it says it's 6.6 Megs... why is that?)

Thanks for the help!

Answer:Question About Windows Malicious Software Removal Tool Update

Malicious Software Removal Tool

46 more replies
Relevance 81.59%

What good is this tool? Every so often Microsoft installs a newer version of it into my computer but I have never seen it find any viruses or Trojans. My other security software like AVG has found such pests but never, to my knowledge, has this Malicious Software Tool found anything.
 

Answer:Solved: Question about Windows Malicious Software removal tool

bellisimo said:


What good is this tool? Every so often Microsoft installs a newer version of it into my computer but I have never seen it find any viruses or Trojans. My other security software like AVG has found such pests but never, to my knowledge, has this Malicious Software Tool found anything.Click to expand...

Never use it myself. I have my windows update set to notify me when updates are available. Then I decide what to download and install using the "Custom" button on the update site.

Raybro
 

3 more replies
Relevance 81.18%

UVK - Ultra Virus Killer - virus removal and system repair tool topic here ..
UVK is a powerful free tool for manual virus removal and system repair I use! Sure, stable, actively developed! Features, screenshot and download (by Carifred.com) here: http://www.carifred.com/uvk/

Quote:
'With simple and intuitive interface, UVK allows users to detect and delete trojans, rootkits, malware and spyware from infected systems. It also includes lots of tools to repair Windows PC after the disinfection.'

Features (they are described in the Home page):

Process manager
Memory modules manager - NEW!
Startup entries and scheduled tasks
Windows services and drivers
Alternate Streams manager - NEW!
Delete or replace file or folder
Scan & create log
Run UVK Scripts
UVK tools
UVK System repair
System Info
UVK immunization is described in the link below, on the version 3.0.0.0 changelog.

EDIT:
'Yes, the UVK immunization is always active once you enable it, even if UVK is not running, or even if you uninstall UVK.' - Here: Error when downloading Malwarebytes Anti-Malware: http://www.carifred.com/uvk/forum/viewtopic.php?f=4&t=165&p=415#p415 - Post 8. Thank you!

Changelog link: http://www.carifred.com/uvk/changelog.htm
NEW version 4.1.0.0 changelog:

General internal debugging and improvement.
Improved the list creation feature in the Startup entries and scheduled tasks, and Windows services and drivers sections. Now the lists are immediately displayed,... Read more

Answer:Ultra Virus Killer - virus removal and system repair tool

The new UVK version was born. Version v2.4.2.0.
Changelog:
* General internal debugging.
* Replaced several WMI functions by windows api calls. This resulted in a big performance and stability improvement.
* Added context menus to search for files and MD5 hashes in ThreatExpert.com to the Process manager, Startup entries and Drivers/Tasks, sections, and also the Log analyzer.
* Added BIOS information to the System Info section.
PS.
Rootkit removal with UVK - posted by UVK developer on carifred.com forum: http://www.carifred.com/uvk/forum/viewtopic.php?f=6&t=56

Google (and other) redirects caused by malware - UVK Tutorial: http://www.carifred.com/uvk/forum/viewtopic.php?f=6&t=42

Thanks!
 

71 more replies
Relevance 81.18%

Hey guys,

here is a virus removal tool i have found very useful...

here is a list of virus's that it detects and heals/deletes

Agent.A-AN
BackDoor.Agent.A-Z, AA-BG
Downloader.Agent.AS
I-Worm/Atak.A-I
Bagle.DA-IU
I-Worm/Bagle.A-Z, AA-JD
I-Worm/Bugbear.D
I-Worm/Mytob.A-GC
I-Worm/Netsky.A-Z, AA-AD
I-Worm/Sasser.A-F
I-Worm/Zafi.A-E
PSW.Bispy.A-E
Win32/Gaelicum
Win32/Hidrag

and you can download it from here !!

http://www.grisoft.com/doc/112/lng/us/tpl/tpl01

its free and its from the makers of AVG

Answer:Free Virus Removal Tool !!! (not spam)

i had somethin very similar which gto rid of more but i havnt ben able to rmeebr the name for about a year waqs a small exe and was free i think was sweedish very handy

9 more replies
Relevance 81.18%

I have tried to go into Safe Mode. My computer restarts and as it does I hit F8...doesn't work! How can I get into Safe mode to do the help things for Malware etc? Thank you!!
 

Answer:MS Removal Tool list LOADS of virus!! HELP!

I did this after reading about it on an XP Forum...
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_M... Read more

1 more replies
Relevance 81.18%

http://nakedsecurity.sophos.com/2012/10/11/virus-removal-tool/

"The top three issues readers highlighted were:

Speed up scanning time
Improve malware clean-up
Incorporate auto-update capabilities"

http://downloads.sophos.com/tools/withides/Sophos%20Virus%20Removal%20Tool.exe
 

Answer:Virus Removal Tool From Sophos Updated

Thanks for the update, I'm trying it now to see how well it does.

Good day.
 

2 more replies