Re: malicious software removal tool
- From: lopar <lopar@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Sep 2009 01:39:01 -0700
Thanks ever so much for this very comprehensive reply. I am however somewhat
concencered by it, to say the least !
this seems to be a very drastic set of steps to take, which, if i understand
you correctly will disable a lot of stuff on my computer (even if it is
subsequently reenabled). For example
why would uninstall my browser (IE8)
why would i download MSRT maually when that is the thing i am trying to get
rid of
why defrag
why check drivers
all i am trying to do is remove the MSRT - everything else works fine.
I do have superantispyware and run it regularly, doesn't find anything
though (apart from the odd cookie)
i don't know how to save to the root of the C drive.....
the other post says i can simply delete the .exe file - i will try that first.
thanks again.
"Shenan Stanley" wrote:
lopar wrote:.
Every month, around the 15th, my profile settings are corrupted and
I have to do a system restore to get them back. The system
generated restore point immediately before this happens is labelled
by the system 'Software Distribution Service 3.0'. On looking into
this it seems that at some point I have accepted an EULA to
download and run something called Malicious Software Reporting
Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the
month) and it would from then on automatically run a system check
in the background for malicious software. I checked on Google and
there was one reference to this potentially corrupting profile
settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic updates list, however this item is not listed on my
automatic updates (its not hidden either). I have therefore changed
my updates to notify me but not download or install. When the
program popped up a few days ago I did not therefore download it.
Yesterday however I did download a Windows Defender security update
(which I assumed was unrelated), however the system has now been
corrupted again.
Things I have done to try and fix this
1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually
delete them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with
Windows Genuine Advantage, so I tried to remove that aswell as in 1
and 2 above - I did find some files but couldn't delete the main
one.
4. did a registry search to try and find these files and deleted a
few entries to at least cause the program to fall over (I hoped),
but evidently that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious
software tool - no effect (couldn't find Software Distribution
Service in ZA so couldn't block that)
6. tried to find either program in the applications tray to
disable it there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all
programs running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system kept telling me my settings weren't right to access that
service. I changed the settings exactly as they suggested but I
still kept getting that message
10. in desperation rang them to enquire about paid support but they
told me they would charge £60 (even if it were a 2 minute job!). I
am not prepared to pay that for what is after all a Microsoft's bug
!
The only other thing I can think of to do is to not download any
updates for Windows Defender either - assuming the 2 products are
related. However I won't know the outcome of that for another month
since it only happens once a month.
If it is still causing a problem then I can only assume that the
software is already installed and will run once a month anyway
without an update. If that's the case I need to know how to get
into the system files to disable it - surely there must be a way ??
Any help you can think of to give me would be very much appreciated
- I am certainly trying to fix it myself without asking anyone and
have spent many hours doing so, but I am at a dead end!
For info I am running Windows XP Home, SP3, with AVG and ZA.
Many thanks for your help.
IMO: Drop ZA, use the Windows Firewall. More than enough for most and
doesn't come with the problems ZA users have been plagued with over the last
year or so.
Beyond that - cleanup and update your updating system. After you do this -
perhaps your system will be more stable and you won't have to be so
concerned.
Fix your file/registry permissions...
Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - if not - you can
do that *later* - it is not necessary to continue with the cleanup.)
Reboot and ...
Search your registry for %fystem and replace the "f" with an "s". May be
three or four matches, may be none. You may even have to take ownership
(even after doing the above) of the keys in order to make the change.
Reboot and ...
Download/install this:
http://support.microsoft.com/kb/290301
After installing, do the following:
Start button --> RUN --> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)
Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):
SuperAntiSpyware
http://www.superantispyware.com/
MalwareBytes
http://www.malwarebytes.com/
After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.
Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
Reboot.
CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot
Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time
Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.
Installing the latest updates may have you rebooting several times,
which is fine - but after you are sure you are done - still...
Reboot.
Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en
Reboot.
and...
Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:
Close all Internet Explorer windows and other applications.
Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.
(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...
Reboot.
Then follow the instructions here:
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058
Reboot.
Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...
Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.
Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.
Reboot again.
If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.
The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.
Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.
In any case - no matter what - when you are done doing whatever you decide
to do - please - come back here and let everyone know what you did and
how things turned out.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
- References:
- malicious software removal tool
- From: lopar
- Re: malicious software removal tool
- From: Shenan Stanley
- malicious software removal tool
- Prev by Date: Re: malicious software removal tool
- Next by Date: Re: malicious software removal tool
- Previous by thread: Re: malicious software removal tool
- Next by thread: Re: malicious software removal tool
- Index(es):
Relevant Pages
|
