Ms Removal Tool removed but how did I pick it up

We had the dreaded Ms Removal Tool which blocked Internet access and constant problems. Eventually my wife (her computer doesn't let me change anything although she's a PC novice) used Safe Mode with Networking and Malwarebyte Anti-malware and removed it. But I don't know how we picked it up in the first place since it definitely wasn't there a few days ago (surreptious anti-malware scan by me) and I didn't install anything I am pretty sure. Can out of date Java let it in? Update 20 only partly due to nuisance update failure and wife wouldn't let it be fixed another way at my urging.
By the way have Win7 (japanese) with security software.

This infection is categorized as a rogue anti-spyware program. It pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission.

Source

Is it possible that Java 6u20 let it in? Yes. Most Java updates fix security holes. But it's also possible that you visited a website running Flash advertisements and one of those ads was the source of infection. Especially if you have an outdated Adobe Flash Player.

It's really a good idea to keep Java and Adobe updated. You can go into Control Panel > Programs and Features to uninstall the old Java before installing the latest version. Or you could use JavaRa as an alternative. If you need to uninstall Adobe Flash, use their official uninstaller to make sure all of the old Flash is removed. And if you install the latest Flash, make sure to UNcheck the free Google toolbar before installation (unless you want the toolbar.)

Excellent information and advice, marsmimar!

cloa513,

Java
It is important to be sure that old versions of Java are not lurking on the computer as, surprisingly, even if you are using the most recent version, old versions can indeed be called up.

You may have better luck with the off-line installation of Java. Java SE Runtime Environment (JRE) 6 Update 24 is available for download from Java SE Runtime Environment 6u24. Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Adobe Flash Player
As to Adobe Flash Player, it is important to note that it needs to be updated for not only IE but also if alternate browsers are used.

Direct download for IE: http://fpdownload.adobe.com/get/flas..._player_ax.exe
Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flas...ash_player.exe

After install, verify Flash Player version for each browser installed at About Flash Player page.

Adobe Reader
As to Adobe products, I would add that another source of infection is Adobe Reader. If you use Adobe Reader, get the latest version from PDF reader, protected mode | Adobe Reader X

Thanks for the kinds words, Corrine. I've been using Nitro Reader for a long time and forgot about Adobe Reader. Appreciate the reminder and additional information.

It was almost two years ago when I stopped using Adobe Reader, in favor of Sumatra PDF. I don't care for the dark yellow background but like the ability to use <Ctrl> + Left Mouse to select text or image and copy to clipboard.

Nitro Reader looks like an excellent substitute also, although it appears to be limited to 32-bit.

Corrine said:

It was almost two years ago when I stopped using Adobe Reader, in favor of Sumatra PDF. I don't care for the dark yellow background but like the ability to use <Ctrl> + Left Mouse to select text or image and copy to clipboard.

Nitro Reader looks like an excellent substitute also, although it appears to be limited to 32-bit.

Not to hijack this thread ... :)

Nitro works great with 64-bit.

About Reader 1.4

marsmimar said:

This infection is categorized as a rogue anti-spyware program. It pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission.

Source

Is it possible that Java 6u20 let it in? Yes. Most Java updates fix security holes. But it's also possible that you visited a website running Flash advertisements and one of those ads was the source of infection. Especially if you have an outdated Adobe Flash Player.

It's really a good idea to keep Java and Adobe updated. You can go into Control Panel > Programs and Features to uninstall the old Java before installing the latest version. Or you could use JavaRa as an alternative. If you need to uninstall Adobe Flash, use their official uninstaller to make sure all of the old Flash is removed. And if you install the latest Flash, make sure to UNcheck the free Google toolbar before installation (unless you want the toolbar.)

We fixed Java and I just did the flashplayer. Thanks all.

Excellent! Be prepared to update Flash Player again soon. A new critical advisory was just released today. Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat