MS Removal Tool
March 27, 2011
What is MS Removal Tool?
MS Removal Tool is dangerous rogue spyware or “scareware”. It is designed to overwhelm you with simulated scans and fake warnings that your computer is infected with various malware. The reason for this is to scare you into buying bogus software by making you believe that only the full version of MS Removal Tool can remove these infections, when in fact, MS Removal Tool IS the infection.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
MS Removal Tool is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
MS Removal Tool comes from the same family of rogues that include Security Tool.
What it Does:
MS Removal Tool will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as MS Removal Tool is not legitimate software and is actually a spyare infection. MS Removal Tool can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that MS Removal Tool poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created MS Removal Tool will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional MS Removal Tool Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of MS Removal Tool unless you are a trained computer professional. MS Removal Tool is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
<random>.exe
2. Delete Following Files and Directories:
%UserProfile%\Application Data\<random>
%UserProfile%\Application Data\<random>\<random>.bat
%UserProfile%\Application Data\<random>\<random>.cfg
%UserProfile%\Application Data\<random>\<random>.exe
%UserProfile%\Desktop\MS Removal Tool.lnk
%UserProfile%\Start Menu\Programs\MS Removal Tool.lnk
3. Delete the Following Registry Keys:
HKEY_CURRENT_USER\Software\MS Removal Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that MS Removal Tool will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that MS Removal Tool is completely removed from your computer.
Antivira AV
March 22, 2011
What is Antivira AV?
Antivira AV is the latest release of rogue antispyware programs – which are fraudulent programs that pose as legitimate security software in order to scam you out of money.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
Antivira AV is typically installed via a Trojan and usually from somewhat questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Antivira AV is the latest in a long list of rogue antispyware that come from the same family and has previously been known as Antivirus.net
What it Does:
Antivira AV will bombard your computer with all sorts of fake alerts and spyware scans in an attempt to scam you into purchasing the full version, which is nothing more than a hoax as Antivira AV is not legitimate software and is actually a spyware infection. Antivira AV also has the ability to take over your web browser and redirect your search results to other malware laden web pages, where you will likely be hit with more fake alerts and system messages.
Of much greater concern however, is that Antivira AV can also download and install other extremely malicious malware that has the abiltity to log your keystrokes, websites visited, browsing habits, etc. and can then send that information over the internet to a remote server where the hackers that created Antivira AV can then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – which can ultimately lead to identity theft.
Optional Antivira AV Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend against attempting manual removal of Antivira AV unless are a trained computer professional. Antivira AV is a highly complex and dynamic spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
%Temp%\random\random.exe
2. Delete Following Files and Directories
Windows XP
%Temp%\random\random.exe
Windows 7 and Windows Vista
%Temp%\random\random.exe
3. Delete the following Registry keys
HKEY_CURRENT_USER\Software\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ‘http=127.0.0.1:18810′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’1′
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivira AV will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivira AV is completely removed from your computer.
-
Editor’s Choice Winner
"Spyware Doctor also set a new record in the malware blocking test, scoring 9.7 out of 10 possible points"
-www.pcmag.com, October 15, 2009