Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malicious Software Removal Tool 5.45 released

23 Feb 2017   #1
Brink

64-bit Windows 10 Pro
 
 
Malicious Software Removal Tool 5.45 released

Quote:
In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection Center (MMPC) uses for identifying unwanted software. Installing software without your permission, interaction, or consent is considered unwanted behavior because that can take away the choice you should have in determining what applications to install on your computer.

By October 2016, MSRT detected and removed most of the malware families in this suite:
  • Sasquor, which changes browser search and homepage settings to circumvent the browser’s supported methods and bypass your consent, and can install other malware like Xadupi and Suweezy
  • SupTab, which also changes browser search and homepage settings, and installs services and scheduled tasks that regularly install additional malware
  • Suweezy, which attempts to modify settings for various antivirus software, including Windows Defender, creating a significant danger to your computer’s overall security
  • Xadupi, which registers a service that regularly installs other apps, including Ghokswa and SupTab, and is ostensibly an update service for an app that has some user-facing functionality: CornerSunshine displays weather information on the taskbar, WinZipper can open and extract archive files, and QKSee can be used to view image files
  • Ghokswa, which installs a customized version of Chrome or Firefox browsers, modifying the home page and search engine front-end or stopping processes and replacing shortcuts and associations for the legitimate browser with ones pointing to its own version
This month, we’re adding Chuckenit, the last remaining malware in this group, to MSRT, helping make sure the whole suite is detected and removed from your computer and doesn’t interfere with your computing experience.

Chuckenit is an application called “Uncheckit”, whose main purpose is to uncheck checkboxes in installation dialogue boxes, effectively messing with choices without your knowledge during installation.

Chuckenit is installed together with Suptab and Ghokswa when Xadupi downloads and installs updates. Xadupi, meanwhile is installed by Sasquor, although it may also be installed directly by software bundlers.



Figure 1. Chuckenit is installed silently by Xadupi, which is installed by Sasquor.



Figure 2. Xadupi may also be installed directly by software bundlers, such as ICLoader.

Similar to the other malware in this suite, as part of its installation, Chuckenit adds several Scheduled Tasks and registers a couple of services to automatically download updates, which may come with other applications or malware.

Since May 2016, Windows Defender has encountered this threat in over 418,000 computers, of which 12% are in Brazil, 7% are in India, and 7% are in Russia.



Figure 3. Geographic distribution of Chuckenit encounters

Prevention, detection, and recovery

Chuckenit is part of an infection chain that involves malware and software bundlers silently installing other applications. You need security solutions that detect and remove all components of this type of infection.

Ensure you get the latest protection from Microsoft. Keep your Windows operating system and antivirus up-to-date and, if you haven’t already, upgrade to Windows 10.

Ensure your antimalware protection, such as Windows Defender and Microsoft Malicious Software Removal Tool, is up-to-date. In Windows Defender, you can check your exclusion settings to see whether the malware added some entries in an attempt to exclude folders from being scanned. To check and remove excluded items in Windows Defender: Navigate to Settings > Update & security > Windows Defender > Add an exclusion. Go through the lists under Files and File locations, select the excluded item that you want to remove, and click Remove. Click OK to confirm.

Use cloud protection to get protection against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10. Go to Settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.

Use the Settings app to reset to Microsoft recommended defaults that may have been changed by the malware in this suite. Launch the Settings app. Navigate to the Default apps page. From Home go to System > Default apps, then click Reset.

For enterprises, use Device Guard, which can lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run.

Use Windows Defender Advanced Threat Protection to get alerts about suspicious activities, including the download of malware, so you can detect, investigate, and respond to attacks in enterprise networks. Evaluate Windows Defender Advanced Threat Protection for free.

James Patrick Dee

MMPC


Source: https://blogs.technet.microsoft.com/...malware-suite/


See also:


My System SpecsSystem Spec
.
24 Feb 2017   #2
Roderunner

Win7 H.Prem. 32bit+SP1
 
 

Hi Shawn, I just installed this but it gives no part number.

Malicious Software Removal Tool 5.45 released-capture.png


My System SpecsSystem Spec
24 Feb 2017   #3
Brink

64-bit Windows 10 Pro
 
 

Hello George,

That would be the correct update for this. If you like you could run MSRT to confirm.

Malicious Software Removal Tool
My System SpecsSystem Spec
.

24 Feb 2017   #4
Roderunner

Win7 H.Prem. 32bit+SP1
 
 

Hi Shawn, your instruction yielded only the version as Feb. 2017
My System SpecsSystem Spec
24 Feb 2017   #5
Brink

64-bit Windows 10 Pro
 
 

That would be for this version though.
My System SpecsSystem Spec
24 Feb 2017   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

My simple thoughts.

Microsoft MRT is offered every month through Windows 7 Updates. It is a updated version every month.
I personally download it and use it every month.

Once the update is downloaded all one has to do is go to Start orb and type (MRT) and you will find it.
Tick on it and select it. Follow the on screen instruction. I always do Full Scans.
You will get a report at the end of the scan.

One can use (MRT) as many times as one cares to.
Every month a updated version will be offered through Windows 7 Updates and you can just download it and use it until the next offering. You don't have to remove the older version. (MRT) takes care of that when the new (MRT) is installed.
(MRT) is a user (On Demand program). It does not monitor your systems as a active Anti Virus program does.

Using (MRT) has never caused my systems a problem.
(MRT) is free from Microsoft, easy to install, easy to use. Just another layer of security to be added to the war chest against the bad guys.

Jack
My System SpecsSystem Spec
24 Feb 2017   #7
Brink

64-bit Windows 10 Pro
 
 

My System SpecsSystem Spec
24 Feb 2017   #8
Sky Ranch

Windows 7 Home 64-bit
 
 

When you say part number do you mean the build number?

That can be found in your log file after MSRT is run through either Windows Update or manually as mentioned. C:\Windows\Debug\mrt.log


Attached Images
Malicious Software Removal Tool 5.45 released-mrt-log.png 
My System SpecsSystem Spec
25 Feb 2017   #9
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Yep never used it and I doubt I ever will
My System SpecsSystem Spec
25 Feb 2017   #10
Seffrid

Windows 7 Home Premium 64
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
My simple thoughts.

Microsoft MRT is offered every month through Windows 7 Updates. It is a updated version every month.
I personally download it and use it every month.

Once the update is downloaded all one has to do is go to Start orb and type (MRT) and you will find it.
Tick on it and select it. Follow the on screen instruction. I always do Full Scans.
You will get a report at the end of the scan.

One can use (MRT) as many times as one cares to.
Every month a updated version will be offered through Windows 7 Updates and you can just download it and use it until the next offering. You don't have to remove the older version. (MRT) takes care of that when the new (MRT) is installed.
(MRT) is a user (On Demand program). It does not monitor your systems as a active Anti Virus program does.

Using (MRT) has never caused my systems a problem.
(MRT) is free from Microsoft, easy to install, easy to use. Just another layer of security to be added to the war chest against the bad guys.

Jack
When you say "MRT" do you mean "MSRT"?

I believe your manual method of scanning is only required for the full scan, and that a quick scan is automatically run in the background when you download/install the update with a message only appearing if it finds something - is that correct?
My System SpecsSystem Spec
Reply

 Malicious Software Removal Tool 5.45 released




Thread Tools




Similar help and support threads
Thread Forum
Malicious Software Removal Tool 5.43 released
Source: MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking Microsoft Malware Protection Center See also: Download Malicious Software Removal Tool from Official Microsoft Download Center Malicious Software Removal Tool - Use in Windows - Windows 10...
News
Malicious Software Removal Tool?
Hi All. In a recent thread I got a pretty good lesson on Windows Defender. I just did a Windows Update and it had an update for Malicious Software Removal Tool, which I installed. I've never run this, nor have I known it to run. I looked in Control Panel and didn't find it. Where is it? ...
System Security
Malicious Software Removal Tool
Every time I log in recently the system asks me whether I want to install the Malicious Software Removal Tool. I do not want to do so. Where is this message coming from and how can I get rid of this message?
System Security
Malicious software removal tool ?
Malicious software removal tool x64 how does someone run it manually ?
System Security
Malicious Software Removal Tool
How to Download and Use Microsoft Windows Malicious Software Removal Tool This will show you how to open and use the Malicious Software Removal Tool (MSRT) to manually run scans for and automatically remove malicious software in XP, Vista, Windows 7, and Windows 8. For more information and...
Tutorials


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:21.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App