• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

MS removal tool

Hi all,

I work in a school in Denmark that has a lot of pcs, netbooks, stationary machines. We have been plagued lately by the arrival of MS removal tool. Is there a (free) application that can uninstall it. Norton as of yet doesn't seem to be able to catch the thing. Hopefully they are working on it - if Norton have a fix is there anyone that can direct me to it. We have SYmantec as our primary anti-virus application,

thanks

Tim

Replies

Kudos1 Stats

Re: MS removal tool

Hi Tim,

Norton Power Eraser should be able to identify and remove that FakeAV. Be careful though since it can also list other legit programs. Take some time to check the files it shows before letting it remove anything.

www.norton.com/virushelp

You also have the instruction on Bleeping Computer regarding that threat.

http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Edit: Also check if you have the newest version of Norton installed since the 2011/v5 should be able to detect/block that threat. (I know you said that you have Symantec, but since you also mentioned Norton).

http://updatecenter.norton.com/

Regards

jAW

Kudos0

Re: MS removal tool

Hello

Norton Power Eraser should only be used as a last ditch effort under the guidance of an expert who can say if the files it finds are legit files. If you are going to use this tool, you should post the findings in this thread  and see if someone can tell you if the files are legit or malware.

I would recommend a visit to one of the free removal sites as they have the expert knowledge and can tell you what tools to use. Rogue antivirus programs are continuously changing and sites like these can usually keep up with the new variations. Please register at one of the sites and put the name of the malware and describe what you have done and your symptoms.

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

Please come back and let us know how you made out.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos0

Re: MS removal tool

Norton Power Eraser is actually offered from Symantec as a free "do it yourself" option to all Norton customers and there is a direct link to the DIY page from the Norton GUI. It is intended to be used by "anyone".

Of course you need to know what you are doing when using it, but that more or less goes for all manual tools. Even Malwarebytes.

Regards

jAW

Kudos1 Stats

Re: MS removal tool

Malwarebytes is safer then Norton Power Eraser, as I found out on purpose.

Quads

Kudos1 Stats

Re: MS removal tool

Hello

As copied from the link given for the Norton Power Eraser, here is what it says about the tool.


Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options

 


It is not meant as a first tool to be used to clean a computer. You should try other options first. This is taken from

http://us.norton.com/support/DIY/index.jsp.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos1 Stats

Re: MS removal tool

I had this thing on my PC last week (that's the reason I was not online last week), and I removed it using Power eraser. I find this here:

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100914184709EN

But if Gurus are telling you to try Malwarebytes, please do that.

CyberLife :)
Kudos1 Stats

Re: MS removal tool

The problem with the Power Eraser is that critical system files can become infected, but are still necessary to be able to run the machine.  If the operator does not know what to fix and what not to fix, the machine can, and has on at least 3 occasions, become unbootable.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: MS removal tool

The problem with the Power Eraser is that critical system files can become infected, but are still necessary to be able to run the machine.  If the operator does not know what to fix and what not to fix, the machine can, and has on at least 3 occasions, become unbootable.

 

I can not thing of a better argument to support that the Norton Bootable Recovery Tool be expanded to allow Win Explorer access to  hard drives along with limited desktop fuctionality so that a user could execute PowerEraser out of WIN PE and use the undo feature in Power Eraser to replace whatever it originally removed. 

Kudos0

Re: MS removal tool

I've just been helping out a friend who managed to acquire the MS Removal Tool malware. Since I was unable to do much on his machine, I removed the hard drive and connected it via a USB gizmo to one of my machines (making sure of course to take a backup with Acronis beforehand - just in case). On neither machine (his or mine) was the latest NIS 2011 with all updates applied able to find anything - nor could Spybot. Anyway, I downloaded NPE.exe and plonked it on his drive ready for execution and put the hard drive back into his machine.

Well! Lo and behold the problem appears to have vanished and I haven't really done anything. It bothers me that I don't know why. I don't know (and can't find out) how this particular malware works but I wonder whether its possible that moving the drive from one machine to another overwrites the boot block (or similar) and thus deactivates the nasty code.

If someone could shed any light on this I'd appreciate an answer.

Thanks

Kudos0

Re: MS removal tool

A Rogue (FakeAV) is a Rogue one of the easiest pieces of Malware to remove, it is visable etc.

I have infected my PC with MS removal tool and easily broken it then removed the dormant files,  The Bleeping Computer instructions work, and my slightly different way. But the point is, there was no removal of the Hard Drive or reformatting involved.

Quads

Kudos0

Re: MS removal tool

Thank you for your reply Quads but you haven't answered my question. What mechanism within the malware is broken by moving the drive from one machine to another?

Kudos0

Re: MS removal tool

I'm not going to answer that question as tou are a Malware removalist for people including pulling parts out of a PC, so should as a PC repairer for people know the answer to that.

Quads

Kudos0

Re: MS removal tool

Here's the detail instructions on how to remove this from Bleeping: http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Oops! Someone already posted this. Oh, well ...................

Kudos0

Re: MS removal tool


floplot wrote:

Hello

As copied from the link given for the Norton Power Eraser, here is what it says about the tool.


Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options


It is not meant as a first tool to be used to clean a computer. You should try other options first. This is taken from

http://us.norton.com/support/DIY/index.jsp.


Yes, but that does not contradict what I said about the tool being offered to endusers as a free option. It is offered from the norton scan result under "do you still belive that you are infected.."

Regards

jAW

Kudos1 Stats

Re: MS removal tool


donziehm wrote:

The problem with the Power Eraser is that critical system files can become infected, but are still necessary to be able to run the machine.  If the operator does not know what to fix and what not to fix, the machine can, and has on at least 3 occasions, become unbootable.

 

I can not thing of a better argument to support that the Norton Bootable Recovery Tool be expanded to allow Win Explorer access to  hard drives along with limited desktop fuctionality so that a user could execute PowerEraser out of WIN PE and use the undo feature in Power Eraser to replace whatever it originally removed. 


Power Eraser will be integrated into the Norton Bootable Recovery tool making scans from Win PE possible. If it will be possible to restore sessions prevoiusly run from normal boot I cannot say atm. I belive this will be released together with the 2012 products.

Regards

jAW

This thread is closed from further comment. Please visit the forum to start a new thread.