Results 1 to 5 of 5
  1. #1
    Star Lounger
    Join Date
    Feb 2009
    Location
    Evanston, Illinois, USA
    Posts
    85
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Manually Deleting the MS Removal Tool Virus

    Could anyone give me a step by step set of actions to entirely delete the following Virus:

    MS Removal Took

    Thank you for any help ...

    Theodore...

    I am running under Vista Home Premium

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    I'd use Process Explorer and Autoruns to trace, suspend/kill and block it from starting. Then reboot and run A/V and Mbam to clear out any remnants. How 'manual' do you want to be?

    Malwarebytes has some details on how it works, as do many other security websites.

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts

  4. #4
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Moderator Note: This thread was moved to the appropriate Forum, Security & Backups.
    Deadeye81
    Forum Moderator Staff

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Sequim, WA USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile re: Manually Deleting the MS Removal Tool Virus

    I just manually removed the MS Removal Tool Malware manually. The following link has the procedure for XP and Vista. There are also downloadable fixes to run, but I chose the manual method. I booted into Safe Mode, with network connections. I used regedit to delete the registry files that the malware installed. I downloaded unhide.exe and ran it from a the command prompt utility. (go to Start, Run and type cmd). I imagine Malwarebytes and SuperAntiSpyware would take care of the rogue registry entries as well. Check this site out for specific instruction.

    http://www.pcrisk.com/removal-guides...ista-recovery-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •