Re: malicious software removal tool
- From: lopar <lopar@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Sep 2009 01:51:08 -0700
"1PW" wrote:
lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?
yes i do mean Removal sorry
what is this link for please?
<http://www.microsoft.com/security/malwareremove/default.aspx>
yes it wasI checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.
The security update you downloaded was probably a "Definitions" update.
i will definitely try this, but will it simply recreate itself when its dueThings I have done to try and fix this
1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.
to run next time ?
ok i will keep downloading updates then2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
See above.
3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
See above. Not good!
5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
Once MRT.exe is deleted it can't be executed.
6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".
7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to inquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !
The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...
Keeping your system from being updated is "Cutting off your nose to
spite your face".
its the free versionHowever I won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.
If that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??
Surely there must be a *better* way!
Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!
Only temporarily...
For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.
it started an few months ago and happens once a month around 15th. no otherMany thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?
changes that i am aware of.
Do you have any other antimalware applications?
yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.
thanks for your help.
--.
1PW
- Follow-Ups:
- Re: malicious software removal tool
- From: 1PW
- Re: malicious software removal tool
- References:
- malicious software removal tool
- From: lopar
- Re: malicious software removal tool
- From: 1PW
- malicious software removal tool
- Prev by Date: Re: malicious software removal tool
- Next by Date: Re: malicious software removal tool
- Previous by thread: Re: malicious software removal tool
- Next by thread: Re: malicious software removal tool
- Index(es):
Relevant Pages
|
