I’ve been busy the last couple of days fixing client’s computers that have been infected with the latest Trojan. It is the newest in a line of extortion Trojans to infect computers. Yes, this is another Windows Trojan. Read on to learn what it is, how to recognize it, protect your computer and how to remove the MS Removal Tool Trojan.
Extortion Trojans are the ones that tell you how horribly infected your computer is, usually reporting dozens of virus. They then promise to remove them, if you pay some money to buy their software. If you don’t pay, you basically can’t use your computer. The problem is you computer is infected with their Trojan. Paying them is like paying a blackmailer, never ending and ineffective.
The best protection is keeping your computer updated. Windows Update should be set to automatically update your computer. Press the Windows key or click START and type Security Center, or enough of it to get it to appear in the Programs List. Once you enter the Center you should see all items in green. If not, fix whatever is showing as a problem. The Center will handle all of the Microsoft Windows updates and make sure your firewall and anti-virus are active.
Having Windows up to date and secure is the first step. Microsoft is slow plugging holes. So, more protection is need. A virus can take advantage of a hole in Windows before Microsoft gets the holes closed. Anti-virus and anti-malware programs are needed to cover that weakness, unless you seldom browse the net and avoid email.
As new viruses are developed, anti-virus companies have to update their products. That takes some time and there is a window between a virus being released and your anti-virus getting the update to protect you from it. So, your anti-virus should be updating automatically. Even then you are at some risk.
Malware is the category that Trojans fall in. A virus is a virus and one can recognize one as such. A Trojan pretends to be something else. In the case of MS Removal Tool, it pretends to be helping you when it is actually the problem.
Anti-Virus programs have problems with Trojans. This is an inherent weakness in all anti-virus programs. An anti-virus program does not stop you from clicking on a program and choosing to run it. If they did, your computer would be useless. Trojan makers get around anti-virus software by tricking YOU into running them. Since you ran it the anti-virus thinks you know what you are doing and allows it.
Anti-Malware software tries to identify which programs YOU should be allowed to run and how to remove your mistakes. So, it is a good idea to have an Anti-Malware and an Anti-Virus program. There are good free programs.
Microsoft Security Essentials is Microsoft’s free anti-virus and anti-malware software. Windows Defender is the firewall and malicious software removal tool, which the MS Removal Tool Trojan is named after to confuse you.
Malwarebytes is one of the top anti-malware and malware removal tools available. It is available in free and pay-for versions. The free version is an excellent removal tool but provides little preventative protection. It is the tool of choice for removing MS Removal Tool.
SuperAntiSpyware is another of the top anti-malware and malware removal tools.
Spybot Search & Destroy is yet another of the top anti-malware and malware removal tools.
Updating Other Programs
There are a number of programs that are exploited to get Trojans and viruses into your computer. The problem is keeping all those programs updated and even more confounding, knowing which programs are a possible problem.
Those problems are solved by Secunia Personal Software Inspector, another free program. This one scans your computer looking for programs that use the Internet in such a way that they could be used to let in viruses and Trojans. If they are out of date and in need of updating the program lists them. This can be set to run at each computer start or only when you trigger it.
Removing MS Removal Tool Trojan
It is unlikely you are reading this if you have the Trojan. What you need to remember is that it can be easily removed and there is no need to wipe the computer and re-install.
Know that it can spread through your local network. So, turn off all computers not yet infected. Once you have cleaned up your infected computer, turn them on one at a time to be sure they weren’t infected. Once the virus is in them they need a reboot to spread and display symptoms. If you have a number of computers, start them and check, shut them down, and move to the next. Once they have all been individually checked and found safe then the group can be powered up.
The simple solution to remove the Trojan is to start the computer in Safe Mode with Networking. In Vista and Win7 this means tapping F8 as the computer starts. Be sure to select Safe Mode with Networking. This will let you use most of the computer to get on the Internet. The steps for removing the Trojan can be found in many places. Here are two that I think can be trusted and that I personally refer to:
BleepingComputer.com – MS Removal Tool – Removal Instructions
MajorGeeks.com – MS Removal Tool – Removal Instructions
Good Luck removing and avoiding the Trojan.