Re: How to run "Malicious Software Removal Tool" ?
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 07/20/05
- Next message: David H. Lipman: "Re: A new startup process SlowDowncpu.exe gets added"
- Previous message: S. Pidgorny
: "Re: Any IDS Recommendations?" - In reply to: Rob Stow: "Re: How to run "Malicious Software Removal Tool" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Jul 2005 09:26:55 -0400
From: "Rob Stow" <rob.stow@shaw.ca>
| Bruce Chambers wrote:
>> Rob Stow wrote:
>>
>>> I just have downloaded and installed this thing and now I can't find the
>>> damned thing so I can run it.
>>>
>>> It did not add any entries anywhere in my start menu and there are no
>>> new folders anywhere on my C: drive. Amazingly enough there was not
>>> even one of the $NTUninstall folders created for this tool.
>>
>> The tool is updated the second Tuesday of each month, appears as a
>> "Critical Update" on the Windows Update site, and runs only when
>> "downloaded."
|
| I downloaded the file Windows2000-KB896422-x86-ENU.EXE to my hard
| drive. Simple download and save operation. WindowsUpdate was
| never the least bit involved.
|
| Next, I ran that .exe file and got the usual "Software
| Installation Wizard".
|
| At no point during the installation process did I see anything
| that gave me the slightest reason to believe that whatever was
| installed was itself executed. At the link you provided below
| (which I had read much earlier today), four possible results are
| listed for reporting the results of a scan by that tool - none of
| happened.
|
>> Nothing is installed; there's nothing to run at a later
>> date;
|
| If that is the case, then why does the link you provided talk
| about the command line switches you can use with it ?
|
>> there's nothing to ever uninstall.
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;890830
>>
That's Microsoft. Those are "Standard" Command line switches to be used in an Enterprise
environment.
Please don't make a mountain out of a mole hill. This tool is a "run in the background"
tool for detecting mostly Internet worms. It has a limited target list and the URL yopu
provided lists the targeted infectors and this scanner is better than nothing for the
clueless PC user. It is also most likely a direct result of the RAV acquisition by
Microsoft.
The only result of the invisible background scan is a log file; %WINDIR%\debug\mrt.log .
Attached is the log file from my Win2K PC...
If you want a more comprehensive scanning tool I have one that provides scanners from;
Trend, Sophos and McAfee that have a very broad spectrum malware coverage.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related files.
* * * Please report back your results * * *
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm begin 666 mrt.log M__X-``H`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T` M+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T` M#0`*``T`"@!-`&D`8P!R`&\`<P!O`&8`= `@`%<`:0!N`&0`;P!W`',`( !- M`&$`; !I`&,`:0!O`'4`<P`@`%,`;P!F`'0`=P!A`'(`90`@`%(`90!M`&\` M=@!A`&P`( !4`&\`;P!L`" `=@`Q`"X`-0`L`" `2@!U`&X`90`@`#(`, `P M`#4`#0`*`%,`= !A`'(`= !E`&0`( !/`&X`( !7`&4`9 `@`$H`=0!N`" ` M,0`U`" `, `Y`#H`,P`R`#H`,0`W`" `,@`P`# `-0`-``H`#0`*`%(`90!S M`'4`; !T`',`( !3`'4`;0!M`&$`<@!Y`#H`#0`*`"T`+0`M`"T`+0`M`"T` M+0`M`"T`+0`M`"T`+0`M`"T`#0`*`$X`;P`@`&D`;@!F`&4`8P!T`&D`;P!N M`" `9@!O`'4`;@!D`"X`#0`*``T`"@!2`&4`= !U`'(`;@`@`&,`;P!D`&4` M.@`@`# `#0`*`$T`:0!C`'(`;P!S`&\`9@!T`" `5P!I`&X`9 !O`'<`<P`@ M`$T`80!L`&D`8P!I`&\`=0!S`" `4P!O`&8`= !W`&$`<@!E`" `4@!E`&T` M;P!V`&$`; `@`%0`;P!O`&P`( !&`&D`;@!I`',`: !E`&0`( !/`&X`( !7 M`&4`9 `@`$H`=0!N`" `,0`U`" `, `Y`#H`,P`R`#H`,P`Y`" `,@`P`# ` M-0`-``H`#0`*``T`"@`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T` M+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T` M+0`M`"T`+0`-``H`#0`*`$T`:0!C`'(`;P!S`&\`9@!T`" `5P!I`&X`9 !O M`'<`<P`@`$T`80!L`&D`8P!I`&\`=0!S`" `4P!O`&8`= !W`&$`<@!E`" ` M4@!E`&T`;P!V`&$`; `@`%0`;P!O`&P`( !V`#$`+@`V`"P`( !*`'4`; !Y M`" `,@`P`# `-0`-``H`4P!T`&$`<@!T`&4`9 `@`$\`;@`@`%<`90!D`" ` M2@!U`&P`( `Q`#,`( `P`#D`.@`Q`#$`.@`R`#8`( `R`# `, `U``T`"@`- M``H`4@!E`',`=0!L`'0`<P`@`%,`=0!M`&T`80!R`'D`.@`-``H`+0`M`"T` M+0`M`"T`+0`M`"T`+0`M`"T`+0`M`"T`+0`-``H`3@!O`" `:0!N`&8`90!C M`'0`:0!O`&X`( !F`&\`=0!N`&0`+@`-``H`#0`*`%(`90!T`'4`<@!N`" ` M8P!O`&0`90`Z`" `, `-``H`30!I`&,`<@!O`',`;P!F`'0`( !7`&D`;@!D M`&\`=P!S`" `30!A`&P`:0!C`&D`;P!U`',`( !3`&\`9@!T`'<`80!R`&4` M( !2`&4`;0!O`'8`80!L`" `5 !O`&\`; `@`$8`:0!N`&D`<P!H`&4`9 `@ M`$\`;@`@`%<`90!D`" `2@!U`&P`( `Q`#,`( `P`#D`.@`Q`#$`.@`T`#@` 2( `R`# `, `U``T`"@`-``H` ` end
- Next message: David H. Lipman: "Re: A new startup process SlowDowncpu.exe gets added"
- Previous message: S. Pidgorny
: "Re: Any IDS Recommendations?" - In reply to: Rob Stow: "Re: How to run "Malicious Software Removal Tool" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
