Prev: Remote Desktop Connection Will Not Launch in Windows XP
Next: Running a Program in Windows 98 Compatibility Mode
From: Gary Brown on 24 May 2010 12:41
Hi,

My wife's computer got infected with the "Virus Protecter"
virus. I removed it with MalwareBytes. Now we get a screen
claiming to be MS's Malicious Software Removal Tool telling us
there is an infection. Having been burned once how do we tell
if it is legitimate or another part of the scam?

Thanks,
Gary


From: Unknown on 24 May 2010 13:14
AFAIK this program does not start on its own. You must initialize it.
Therefore what you see is a scam.
The removal tool is KB890830 version is 3.7.
"Gary Brown" <garyjbrown(a)charter.net> wrote in message
news:eZx%238%231%23KHA.5808(a)TK2MSFTNGP02.phx.gbl...
> Hi,
>
> My wife's computer got infected with the "Virus Protecter" virus. I
> removed it with MalwareBytes. Now we get a screen claiming to be MS's
> Malicious Software Removal Tool telling us there is an infection. Having
> been burned once how do we tell if it is legitimate or another part of the
> scam?
>
> Thanks,
> Gary
>
>


From: Daave on 24 May 2010 13:14
Gary Brown wrote:
> Hi,
>
> My wife's computer got infected with the "Virus Protecter"
> virus. I removed it with MalwareBytes. Now we get a screen
> claiming to be MS's Malicious Software Removal Tool telling us
> there is an infection. Having been burned once how do we tell
> if it is legitimate or another part of the scam?

Assume you are still infected. This page should help:

http://www.bleepingcomputer.com/virus-removal/remove-virus-protector


From: David H. Lipman on 24 May 2010 13:32
From: "Gary Brown" <garyjbrown(a)charter.net>

| Hi,

| My wife's computer got infected with the "Virus Protecter"
| virus. I removed it with MalwareBytes. Now we get a screen
| claiming to be MS's Malicious Software Removal Tool telling us
| there is an infection. Having been burned once how do we tell
| if it is legitimate or another part of the scam?

| Thanks,
| Gary


Gary "Virus Protector" is indeed a fake but it is not classified as a "virus". It is
classified as a trojan.

There are only two ways that the MS's Malicious Software Removal Tool (MRT) is invoked.

1. Manually. That is you have to perform an "On Demand" scan with it
(%windir%\system32\MRT.exe)

2. Automatically. That is once a month a new version of the MRT is produced and performs
a scan of your PC when you get that month's updates through Automatic Updates.

Since I doubt that you initiated a MRT "On Demand" scan, based upon this post, did you
just get new updates via the Windows Automatic Update service ?

One sure way to tell if the MRT is truly indicating there is an infection is to hit;
Ctrl-Alt-Del, and invoke the Task Manager and sort the list by name and see if MRT.EXE is
listed while the window showing there is an infection is still on the screen

Additionally, you did NOT mention what "infection" was found, supposedly by MRT. That is
an important fact you left out so please provide that information.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: PA Bear [MS MVP] on 24 May 2010 16:15
You have much more work to do!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the real MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to, e.g., SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

I can recommend the expert assistance offered in these forums:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php, and
http://aumha.net/viewforum.php?f=30

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Gary Brown wrote:
> My wife's computer got infected with the "Virus Protecter"
> virus. I removed it with MalwareBytes. Now we get a screen
> claiming to be MS's Malicious Software Removal Tool telling us
> there is an infection. Having been burned once how do we tell
> if it is legitimate or another part of the scam?
>
> Thanks,
> Gary

 |  Next  |  Last
Pages: 1 2
Prev: Remote Desktop Connection Will Not Launch in Windows XP
Next: Running a Program in Windows 98 Compatibility Mode