Removing ms removal tool virus

Forums › Microsoft Windows › Removing ms removal tool virus

JMatt94

225 posts

Master Geek
+1 received by user: 1

Topic # 82199 23-Apr-2011 20:32

How do I remove Ms Removal tool?

Tried Malware Bytes

Tried Malware Bytes in Safe-mode

I'm unable to open Task manager.

Help. D: Running windows 7

billgates

3829 posts

Uber Geek
+1 received by user: 233

Trusted

Reply # 461869 23-Apr-2011 20:38

Download Microsoft security essentials and run a scan in safe mode. There is a download link in my signature.

Do whatever you want to do man.

JMatt94

225 posts

Master Geek
+1 received by user: 1

Reply # 461874 23-Apr-2011 20:53

unable to install in normal mode, application cannot be executed due to this @$%@$#$#% virus and it says the application cannot be installed in safe mode.

JMatt94

225 posts

Master Geek
+1 received by user: 1

Reply # 461879 23-Apr-2011 21:03

any other ideas?

dontpanic42

1574 posts

Uber Geek
+1 received by user: 11

Reply # 461880 23-Apr-2011 21:12

http://www.avg.com/us-en/avg-rescue-cd

Burn the AVG rescue CD and then boot from it.
Run a full scan and hope for the best.
:)

gible

51 posts

Master Geek

Reply # 461881 23-Apr-2011 21:17

Microsoft safety scanner?

ClamWin Portable?

trig42

Banana?
4331 posts

Uber Geek
+1 received by user: 1016

Subscriber

Reply # 461907 24-Apr-2011 08:49

Try ComboFix http://www.bleepingcomputer.com/download/anti-virus/combofix
It can be a bit dangerous, but I have used it lots and never had a PC not start afterwards. Use at your own risk however.

You could try SuperAntiSpyware, or download something that hunts out Rootkits. I would say however that ComboFix will do the trick.

Are you sure that you updated MBAM? Unusual for it not to get rid of most of these sorts of malware.

richrdh18

148 posts

Master Geek
+1 received by user: 36

Reply # 461908 24-Apr-2011 09:02

Here's a fix a fix i use:

Start the pc up in safe mode with networking

Download CCleaner and install.

Open  CCleaner, go to the Tools, Startup. You'll see that there are some unusual, things in the startup listing, what you are looking for is something like c:\documents and settings\applications\temp\ ndeehemdkwkw.exe (some random letters.exe)

Delete this entry and anyothers that look like they are starting up from a Docsand settings or User Temp location.

This will remove the entry.

Download Malwarebytes in safe mode, the restart nomally and run another scan.

Normally fixed in under 15mins.

JMatt94

225 posts

Master Geek
+1 received by user: 1

Reply # 461923 24-Apr-2011 09:52

Thanks guys, finally managed to remove it

trig42

Banana?
4331 posts

Uber Geek
+1 received by user: 1016

Subscriber

Reply # 461924 24-Apr-2011 09:55

What did you use?

JMatt94

225 posts

Master Geek
+1 received by user: 1

Reply # 462005 24-Apr-2011 19:11

I ran Microsoft safety scanner and Clamwin portable in safemode which seemed to remove it, but also ran Microsoft security essential afterwards in normal mode which picked up two more infected files.

Ragnor

8025 posts

Uber Geek
+1 received by user: 387

Trusted

Subscriber

Reply # 462216 25-Apr-2011 16:55

I would recommend you (or get a tech) do a backup of all your personal files and data then do a format and a clean install, just in case.

heretohelp

360 posts

Ultimate Geek

Reply # 472173 22-May-2011 11:04

Hi. Microsoft security scan / Avg etc wont get rid of it

do the following in safe mode with networking

Use Malwarebytes.

you may have to run this script sometimes it screws with the exe and wont let you run exe files. it will say not compltly updated or somthing to that effect but will work. make sure you update it. http://filext.com/WinXP_EXE_Fix.reg

Admitdly this is not going to get rid of all of this virus but will get rid of most if it.

also run ccleaner as well.

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

b0untypure1

1414 posts

Uber Geek
+1 received by user: 11

Reply # 476087 31-May-2011 09:11

one of my friends had this virus, i download a process blocker in safe mode and blocked the process from running. just an idea for others reading this thread. then backup data and clean installed windows. now running Microsoft Security Essentials and all going well