Help
Hello,
My father's computer has been taken over by this thing called MS Removal Tool.
First, a warning window that says:
Warning: Your computer is infected
Windows has detected spyware infection!
Click the message to install the last update of windows security software.
Then, even if you do not click on this, another large window pops up.
This looks like the operations page of a virus protection program.
It is titled MS Removal Tool,
has a list of viruses under what looks like a System Scan
There are even links on the left side for things labeled:
System Scan
Protection
Privacy
Update
Settings
Then another window comes up if you try to access the internet that says the MS Removal Tool has activated a firewall.
The problem is that I cannot access the internet to get help from Bleeping Computer on the infected computer.
Is it possible to download a fix to my computer, save it to disk and transfer the fix to the infected computer?
If this is not possible, is there an application that I can purchase on disk that will fix this?
I will appreciate any assistance.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Request help with something called MS Removal Tool This is a phony Virus protection on a Windows XP system
Back to top
#2
- Forum Addict
-
- Group: Malware Response Team
- Posts: 3,642
- Joined: 31-July 06
- Gender:Male
- Location:North Carolina, USA
Posted 15 July 2011 - 09:18 AM
Hi,
Welcome to Bleeping Computer.
My name is Shannon and I will be working with you to remove the malware that is on your machine.
I apologize for the delay in replying to your post, but this forum is extremely busy.
Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.
Do Not make any changes on your own to the infected computer.
Since your father has the MS Removal infection, you need to follow the removal instructions located here. When you have completed those steps return here and do the following.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Now, let's look more thoroughly at the infected computer -
We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE
Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Welcome to Bleeping Computer.
My name is Shannon and I will be working with you to remove the malware that is on your machine.
I apologize for the delay in replying to your post, but this forum is extremely busy.
Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.
Do Not make any changes on your own to the infected computer.
Since your father has the MS Removal infection, you need to follow the removal instructions located here. When you have completed those steps return here and do the following.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Now, let's look more thoroughly at the infected computer -
We need to see some information about what is happening in your machine. Please perform the following scan:
- We need to create an OTL Report
- Please download OTL from here:
- Main Mirror
- Save it to your desktop.
- Double click on the
icon on your desktop. - Click the "Scan All Users" checkbox.
- Change the "Extra Registry" option to "Use SafeList"
- Push the
button. - Two reports will open, copy and paste them into your reply:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Information on A/V control HERE
Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
- Double-click on RKUnhookerLE.exe to start the program.
- Click the Report tab, then click Scan.
- Check Drivers, Stealth, and uncheck the rest.
- Click OK.
- Wait until it's finished and then go to File > Save Report.
- Save the report to your Desktop.
- Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon
#3
- New Member
-
- Group: Members
- Posts: 2
- Joined: 03-July 11
Posted 15 July 2011 - 07:11 PM
You're suggestions have fixed the problem. Thank you so much for your help. This is a wonderful service.
#4
- Forum Addict
-
- Group: Malware Response Team
- Posts: 3,642
- Joined: 31-July 06
- Gender:Male
- Location:North Carolina, USA
Posted 17 July 2011 - 04:23 PM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Shannon
Share this topic:
Page 1 of 1
- You cannot start a new topic
-
This topic is locked