Loads of machines with ms removal tool

[Galdorf]

Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.

[iisjman07]

Is it a simple kill and delete process or has it rooted the system?

[activeits]

Quote:

Originally Posted by Galdorf

Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.

If i see a fake virus/scareware advert, I purposely download it (not install it) and upload it to www.virustotal.com and often noone recognises it yet.

This is why I always show customers a test of their security software with www.eicar.com, therefore hopefully they remember that the fake virus/scareware advert looks nothing like their own security software and do not install whatever it advises.


Thanks

[PC Ops]

Lots of those here in The Netherlands as well. Had several come in the last couple of weeks.

Looks like infections come from popular sites (ads) indeed. Especially holiday related sites were visited by the majority of my clients.

Not up to date Java seems to be the problem.

[TechLoopPC]

Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.

[Fixedathome.com]

I had a couple of E-Set 2011 the other day which had an AVG Icon!

[bytebuster]

Quote:

Originally Posted by TechLoopPC

Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.

Can it be deleted manually? Where does it live at?

[tpcg]

The machine I cleaned this morning had the folder in c:\programdata/some random folder name\several different .exe files.