Re: malicious software removal tool

OK thanks but its defintielty not there, caps or not. now i'm stuck

"Jim" wrote:

On my system, the file MRT.exe is located in c:\windows\system32. It is not
a hidden, system file.
As Windows is not case sensitive, mrt.exe and MRT.exe are just two ways to
spell the name of the malicious software removal tool.
Jim
"lopar" <lopar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4FB2826-6025-402B-A0B4-14EFEE0E51B9@xxxxxxxxxxxxxxxx
OK, i have tried to find the mrt.exe file using search inc hidden files
and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the
first
time i have ever posted anything anywhere, you say the file might be
located
in /is/ - is that a file location, or a piece of jargon or soemthing
else - i
genuinely don't know what that means (or am i being too literal and you
just
mean is !))

i am beginning to think its not mrt after all but somehting else. however
what could possibly delete my settings every 15th of the month ?

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

i can't say for sure about having installed any applications or
utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

"1PW" wrote:

lopar wrote:

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I
have to
do a system restore to get them back. The system generated restore
point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some
point I
have accepted an EULA to download and run something called Malicious
Software
Reporting Tool, and recently (a few months ago) Microsoft announced
that they
would update this program each month (the second Tuesday of the
month) and it
would from then on automatically run a system check in the background
for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry
<http://www.microsoft.com/security/malwareremove/default.aspx>

what is this link for please?

It was there to validate the name I gave you.


I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic
updates list, however this item is not listed on my automatic updates
(its
not hidden either). I have therefore changed my updates to notify me
but not
download or install. When the program popped up a few days ago I did
not
therefore download it. Yesterday however I did download a Windows
Defender
security update (which I assumed was unrelated), however the system
has now
been corrupted again.
The security update you downloaded was probably a "Definitions"
update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its
due
to run next time ?

No. However, I sincerely believe this is a move in the wrong
direction. If your goal is to temporarily delete MRT.exe to see what
happens, OK. I would reinstall it afterward though.

2. searched for the individual files in the directory to manually
delete
them - they seemed to be system files and it wouldn't let me
See above.

3. I found a reference to this tool working in conjunction with
Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2
above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a
few
entries to at least cause the program to fall over (I hoped), but
evidently
that didn't work either.
See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious
software tool
- no effect (couldn't find Software Distribution Service in ZA so
couldn't
block that)
Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable
it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all
programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system
kept telling me my settings weren't right to access that service. I
changed
the settings exactly as they suggested but I still kept getting that
message
10. in desperation rang them to inquire about paid support but they
told me
they would charge £60 (even if it were a 2 minute job!). I am not
prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any
updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then

Excellent.

However I won't know the outcome of that for another month since it
only happens once a
month.
If it is still causing a problem then I can only assume that the
software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.

If that's the case I need to know how to get into the system files to
disable it
- surely there must be a way ??
Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated -
I am
certainly trying to fix it myself without asking anyone and have
spent many
hours doing so, but I am at a dead end!
Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.

its the free version

I'm afraid that's not very precise of you! You are not giving away
security secrets about yourself. Precisely what version is it?

Many thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no
other
changes that i am aware of.

Had you recently installed any applications or utilities?

Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time
because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

You may wish to add MBAM to your lineup:

<http://www.malwarebytes.org/>


thanks for your help.
--
1PW


Shenan has passed you a very good method for doing a comprehensive
clean-up of your system.

All though we read many posts that extol the virtues of IE8, we also
see many anecdotal stories of falling back to IE7 because of slowness
or obscure troubles.

Downloading MSRT again assures you that your copy is corruption free.

--
1PW





.

Relevant Pages

  • Re: Downloading all updates after SP2
    ... > Is it possible to down load ALL the updates after SP2 in one hit. ... > there was an awful lot of updates to install (I stopped counting at ... > Where can i go to download all of the updates (i have a list from ... > Windows Update that i printed off before i abandoned the update on ...
    (microsoft.public.windowsupdate)
  • Re: Scary & disturbing re updates to XP (& Win2k) - spoofs, pop-ups, etc.
    ... stage of the Windows install, that's right, it was infected before XP was ... If you DO download them with the infected system make sure to ... from downloading antivirus apps, updates, or firewalls; ...
    (microsoft.public.windowsupdate)
  • Re: Are security updates available for saving to CD
    ... > Is it possible to get the post sp2 service updates downloaded so I ... better informed about your options when it comes to the Windows Updates. ... Direct Download of Service Pack 2 for Windows XP ... Empty your Temporary Internet Files and shrink the size it stores to a ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Windows xp (Home Edition) updates. Yes or no???
    ... >> downloading rhese updates. ... >And then going another level and explain the specific "additions" to Windows ... > Why you should use a computer firewall.. ... >and some you can only download if you are registered - but it is best ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: XP update question
    ... - Check your hardware vendors web sites for updated drivers ... Are you ready to download Windows XP Service Pack 2? ... Patches and Updates! ...
    (microsoft.public.windowsxp.help_and_support)