PDA

View Full Version : Loads of machines with ms removal tool


Galdorf
04-18-2011, 03:59 PM
Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.

iisjman07
04-18-2011, 06:27 PM
Is it a simple kill and delete process or has it rooted the system?

activeits
04-18-2011, 11:09 PM
Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.

If i see a fake virus/scareware advert, I purposely download it (not install it) and upload it to www.virustotal.com and often noone recognises it yet.

This is why I always show customers a test of their security software with www.eicar.com, therefore hopefully they remember that the fake virus/scareware advert looks nothing like their own security software and do not install whatever it advises.


Thanks

PC Ops
04-18-2011, 11:52 PM
Lots of those here in The Netherlands as well. Had several come in the last couple of weeks.

Looks like infections come from popular sites (ads) indeed. Especially holiday related sites were visited by the majority of my clients.

Not up to date Java seems to be the problem.

TechLoopPC
04-19-2011, 05:28 AM
Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.

Fixedathome.com
04-19-2011, 12:25 PM
I had a couple of E-Set 2011 the other day which had an AVG Icon!

bytebuster
04-19-2011, 01:59 PM
Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.

Can it be deleted manually? Where does it live at?

tpcg
04-19-2011, 05:55 PM
The machine I cleaned this morning had the folder in c:\programdata/some random folder name\several different .exe files.