Ms Removal Tool removed but how did I pick it up

cloa513

New member
Member
Local time
6:36 PM
Messages
37
We had the dreaded Ms Removal Tool which blocked Internet access and constant problems. Eventually my wife (her computer doesn't let me change anything although she's a PC novice) used Safe Mode with Networking and Malwarebyte Anti-malware and removed it. But I don't know how we picked it up in the first place since it definitely wasn't there a few days ago (surreptious anti-malware scan by me) and I didn't install anything I am pretty sure. Can out of date Java let it in? Update 20 only partly due to nuisance update failure and wife wouldn't let it be fixed another way at my urging.
By the way have Win7 (japanese) with security software.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 32 ビット 7601 ...Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz4.00 GB(1) CyberLink Mirror Driver (2) Intel(R) HD G...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Fujitsu
OS
Microsoft Windows 7 Home Premium 32 ビット 7601 Multiprocessor Free Service Pack
CPU
Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Motherboard
FUJITSU FJNB037
Memory
4.00 GB
Graphics Card(s)
(1) CyberLink Mirror Driver (2) Intel(R) HD Graphics
Sound Card
Realtek High Definition Audio
Screen Resolution
1600 x 900 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
ST350041 8AS SCSI Disk Device
Keyboard
Fujitsu
Internet Speed
High Speed
Antivirus
McAfee, Avast
Browser
chrome
This infection is categorized as a rogue anti-spyware program. It pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission.

Source

Is it possible that Java 6u20 let it in? Yes. Most Java updates fix security holes. But it's also possible that you visited a website running Flash advertisements and one of those ads was the source of infection. Especially if you have an outdated Adobe Flash Player.

It's really a good idea to keep Java and Adobe updated. You can go into Control Panel > Programs and Features to uninstall the old Java before installing the latest version. Or you could use JavaRa as an alternative. If you need to uninstall Adobe Flash, use their official uninstaller to make sure all of the old Flash is removed. And if you install the latest Flash, make sure to UNcheck the free Google toolbar before installation (unless you want the toolbar.)
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
Excellent information and advice, marsmimar!

cloa513,

Java
It is important to be sure that old versions of Java are not lurking on the computer as, surprisingly, even if you are using the most recent version, old versions can indeed be called up.

You may have better luck with the off-line installation of Java. Java SE Runtime Environment (JRE) 6 Update 24 is available for download from Java SE Runtime Environment 6u24. Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Adobe Flash Player
As to Adobe Flash Player, it is important to note that it needs to be updated for not only IE but also if alternate browsers are used.

Direct download for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

After install, verify Flash Player version for each browser installed at About Flash Player page.

Adobe Reader
As to Adobe products, I would add that another source of infection is Adobe Reader. If you use Adobe Reader, get the latest version from PDF reader, protected mode | Adobe Reader X
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Thanks for the kinds words, Corrine. I've been using Nitro Reader for a long time and forgot about Adobe Reader. :o Appreciate the reminder and additional information.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
It was almost two years ago when I stopped using Adobe Reader, in favor of Sumatra PDF. I don't care for the dark yellow background but like the ability to use <Ctrl> + Left Mouse to select text or image and copy to clipboard.

Nitro Reader looks like an excellent substitute also, although it appears to be limited to 32-bit.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
It was almost two years ago when I stopped using Adobe Reader, in favor of Sumatra PDF. I don't care for the dark yellow background but like the ability to use <Ctrl> + Left Mouse to select text or image and copy to clipboard.

Nitro Reader looks like an excellent substitute also, although it appears to be limited to 32-bit.

Not to hijack this thread ... :)

Nitro works great with 64-bit.

About Reader 1.4
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
This infection is categorized as a rogue anti-spyware program. It pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission.

Source

Is it possible that Java 6u20 let it in? Yes. Most Java updates fix security holes. But it's also possible that you visited a website running Flash advertisements and one of those ads was the source of infection. Especially if you have an outdated Adobe Flash Player.

It's really a good idea to keep Java and Adobe updated. You can go into Control Panel > Programs and Features to uninstall the old Java before installing the latest version. Or you could use JavaRa as an alternative. If you need to uninstall Adobe Flash, use their official uninstaller to make sure all of the old Flash is removed. And if you install the latest Flash, make sure to UNcheck the free Google toolbar before installation (unless you want the toolbar.)

We fixed Java and I just did the flashplayer. Thanks all.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 32 ビット 7601 ...Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz4.00 GB(1) CyberLink Mirror Driver (2) Intel(R) HD G...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Fujitsu
OS
Microsoft Windows 7 Home Premium 32 ビット 7601 Multiprocessor Free Service Pack
CPU
Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Motherboard
FUJITSU FJNB037
Memory
4.00 GB
Graphics Card(s)
(1) CyberLink Mirror Driver (2) Intel(R) HD Graphics
Sound Card
Realtek High Definition Audio
Screen Resolution
1600 x 900 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
ST350041 8AS SCSI Disk Device
Keyboard
Fujitsu
Internet Speed
High Speed
Antivirus
McAfee, Avast
Browser
chrome

My Computer My Computer

At a glance

Windows 10 Pro (x64)Intel Core i7-3930K (3.2GHz - 4.5GHz)4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)Nvidia Geforce GTX 690
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
logicearth

Good follow up for readers. ;) :D

Mike
 

My Computer My Computer

At a glance

Windows7 Pro 64bit SP-1; Windows XP Pro 32bitIntel Core i7-870 Lynnfield 2.93GHz LGA 1156 ...8GB@1400MHz Crucial Ballistix DDR3-1600 4x2GBASUS ENGTX460 DirectCU/2DI/1GD5 1GB 256-bit G...
Computer Manufacturer/Model Number
Hopalong/ Godzilla
OS
Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
CPU
Intel Core i7-870 Lynnfield 2.93GHz LGA 1156 95W Quad-Core
Motherboard
ASUS P7P55D-E PRO
Memory
8GB@1400MHz Crucial Ballistix DDR3-1600 4x2GB
Graphics Card(s)
ASUS ENGTX460 DirectCU/2DI/1GD5 1GB 256-bit GDDR5
Sound Card
VIA Onboard
Monitor(s) Displays
Asus VS248H-P 24"; Samsung SyncMaster 941BW 19"ws
Screen Resolution
1920x1080; 1440x900
Hard Drives
Samsung 830 120GB SSD
Intel 320 120GB SSD
Western Digital Caviar Black WD7501AALS 750GB 7200 RPM SATA 3.0Gb/s
Western Digital Caviar Black WD6401AALS 640GB 7200 RPM SATA 3.0Gb/s
PSU
COOLER MASTER Silent Pro RS850-AMBAJ3-US 850W Modular
Case
COOLER MASTER HAF 932 RC-932-KKN5-GP Black
Cooling
Scythe "Mugen-2 Rev.B" (2 ScytheKaze-Jyuni PWM fans)
Keyboard
Logitech K-320
Mouse
Kensington
Antivirus
Avast Inernet Suite
Browser
IE 9 ; Chrome
Back
Top