MS Removal Tool

I just spoke with the experts on www.pcninja.com and they say this threat is starting to hit hard.  This is a great virus removal service so if you need a true pro to remove MS Removal Tool for you, they are the ones to speek to.

Follow the free quide first then scan in the end with SpyHunter

This MS Removal Tool removal guide includes 2 virus removal videos as well as a guide to help you fully remove the MS Removal Tool threat.

What is MS Removal Tool?

MS Removal Tools is a false security client. This rogue application acts similar to a legitimate anti-virus client but it’s nothing more than a scam. Fake security clients like MS Removal Tool is nothing new. In fact this exact threat has come out before under the names of System Tool , Security Tool , Total Security and System Progressive Protection. While being infected is bad we are here to help you fully remove this threat. Be sure tyo read the full guide before starting. Watch the full videos as they will help you big time.

 How Did I get infected with MS Removal Tool?

It’s anyone’s guess exactly how you got infected. If you were infected with a trojan virus you could of been infected weeks ago and just now the trojan went out and downloaded MS Removal Tool. It’s not uncommon for those who use free anti-virus clients or no antivirus clients to get infected as well. Free clients do not offer enough protection in today’s cyber world. You need active live upfront protection that can detect and stop potential threats. Another way users become infected is from false programs that pretend to be a video or software update. Once you isntall the so called update you actually just installed a virus on your computer.

What is MS Removal Tool Doing to My Computer Right Now?

The scan results found by this bogus security client are all fake.  The warning messages shown are also fake. Normally MS Removal Tool hijacks the users desktop on XP systems and shows the following message:

“Warning!

Your’re in Danger!

Your Computer is infected with Spyware!

All you do with your computer is stored forever in your hard disk. When you visit sites, send emails… All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics, and in some cases

For your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs – ARE STILL THERE and could break your life!

Secure yourself right now!

Removal all spyware from your PC!”

It will also block security clients from running and installing as well as all other executables except firefox.exe and iexplorer.exe and a few others. This threat can be hard for many to remove. It is recommended that once you are done following this manual guide you upgrade your anti-virus software so you do not get infected again.

Here are some examples of FALSE messages that MS Removal Tool puts out.

MS Removal Tool Warning

Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

Click here to activate protection.

MS Removal Tool Warning

Intercepting programs that may compromise your private and harm your system have been detected on your PC.

Click here to remove them immediately with MS Removal Tool.

Warning: Your computer is infected

Windows has detected spyware infection!

Click this message to install the last update of Windows security software…

MS Removal Tool

» Download MS Removal Tool Removal Software

You need to remove MS Removal Tool as soon as you can. In many cases users have other hidden trojans installed on their computer as well. This is why it’s so important to run a full virus scan even if you follow the manual removal guide below.

MS Tool Removal Video for Windows 7 / Windows Vista

This text will be replaced

XP Guide for System Tool However the same process should work for MS Removal Tool.

Remove System Tool 2011 XP

HELP US:  We took the time to make this video and help you.  Please take a quick second and hit the facebook like button on the top right for us or write about our website somewere online to help us grow our user base.

Don’t forget.  If it’s too hard for you to remove yourself or things just aren’t working for you then a cheap route for repair is www.pcninja.com.

Remove Proxy Setting so You Can Connect to the Internet Again.

Proxy Settings

MS Removal Tool Manual Removal Procedures

The first step you must take in order to remove MS Removal Tool is to stop the following process. Watch the video for guidance.

  • [random].exe ( Example is eAaEmPkGdEd01804.exe ) Your file trace will be named different.

To Stop this process you can

A. Browse to the file location shown below and re-name the file first and then restart your computer. Then browse to that file location again and delete the file.

B.  Boot into Safe Mode and delete the file

C:  Use this process explorer tool http://www.removevirus.org/process-killing-software-654  to find the location of the file and re-name it then delete after re-boot.

D:  Log-into another users account and see if you can delete the file.

E:  Start the Task Manager the very second you login and terminate the process that way.

The next step in MS Removal Tool removal is to delete the following file:

Windows XP:

  • C:\Documents and Settings\All Users\Application Data\[random]\[random].exe
  • New Path C:\Documents and Settings\USER NAME\Local Settings\Application Data

Windows Vista/7:

  • C:\ProgramData\[random characters ]\[random characters].exe
  • New Path C:\Users\USER NAME\AppData\Local
  • New Path C:\ProgramData\[random characters]\[random characters].exe (Please NOTE  ProgramData is a hidden folder

MS Removal Tool Registry Removal Procedures

Once you have deleted the above MS Removal Tool file trace you will also want to remove the infected registry item. This is not a requirement as you already deleted the main executable.:

  • KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce “[random]”

You should now run a full security scan to ensure no other threats are installed on your computer. We recommend you download a copy of Spyware Doctor with Antivirus.

MS Removal Tool Directories:

XP

  • C:\Documents and Settings\All Users\Application Data\[random]
  • New Path C:\Documents and Settings\USER NAME\Local Settings\Application Data

Windows 7 / Windows Vista

  • C:\ProgramData\[random characters ]\[random characters].exe
  • New Path C:\Users\USER NAME\AppData\Local
  • C:\ProgramData\[random characters]\

Outside Resources:

http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

http://support.microsoft.com/kb/2540100?wa=wsignin1.0

Comments

  1. Bay Area says

    Thank you, I did a search on youtube and found your video. Being someone who knows his ways around computers, it was really frustrating when I couldn’t open my Task manager. I knew then it was a scam virus. I hate to think of how many older people have gotten money stolen from their accounts. I find it strange that microsoft does not update your computer against something like this.

    Thanks again, Very clear and detailed video.
    Cheers.

  2. Anonymous says

    Hello,

    I recently had my PC infected with the MS Removal Tool. I followed your guide and deleted the file from my program data folder (running win 7) in safe mode.

    I then went to the registry to try and delete what was at the following:

    KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce “[random]”

    However, when I go into this, all I see is a file titled “Default”. Should I delete this? From looking at the registry I can’t seem to find anything random that could be this MS Removal Tool. Any idea’s?

    Also, at the time of infection I was running the Microsoft Security Essentials, I have updated to Zone Alarms Extreme Security and run 2 scans and no further infections/virus’ have been found.

    Cheers

  3. Honestly the registry keep listed won’t do any harm if the main executable has been deleted like you already did. I would expect the Zone Alarm Extreme Security client to pick the registry traces some time in the the future and remove it. That or a decent registry cleaner should clear it out.

    It’s not doing any harm because the value it points to has been removed. If you recall the name of your executable you may be able to search the registry for that file name and then delete it that way. Personally I would run a full scan with your client and call it a day.

  4. Michael K says

    After sending the previous comment, I watched your removal video and was able to stop the fake antivirus program using CTL Shift Escape at logon. The program started with “oak” and was located in a temp folder, not in programdata. I am running a full scan now. Thanks again.

  5. There really is no way for Microsoft to block threats like these. From what they see, it’s a program that you allowed to be installed on the account.

    The only real way aorund this is
    1. Purchase and anti-virus client.
    2. Create a limited account and use that as your main account. If you ever need a program or update installed you would have to log out of the limited account and log-in under an account with admin rights. This is create to use for children.

  6. Question says

    My sister-in-law has encountered this Ms Removal Toll just today, they do not currently have any protection on their computer, so I am working out a way to help them. My question though is I have Trend Micro Titanium Max Security, on my computer, I have no idea if I have encountered this or not, but I couldn’t find anything when I searched the report files, but i was wondering if in fact Trend Micro would detect this if I ever did encounter this? I read all the comments above but did see where anyone else had this program, if anyone knows I would greatly appreciate a heads up. Thanks again.

  7. I pride myself on being able to fix these things – this one kicked my butt. YOU saved me. Thank you!!!

  8. Right On. Thanks for the kind words

  9. Will Trend Micro Titanium Max Security remove this? No not at this time

    Will Trend Micro Titanium Max Security block this? Yes it should block the install of this threat or at the very least warn of it and recommend against the install.

    Do I know the above to be fact? No but I would bet some major bucks on it.

  10. Anonymous says

    The video was extremely helpful when removing the MS Removal Tool virus!! The video walked me through each step and even predicted the problems that may arise as I tried to remove the virus. Thank you very much!

  11. Thank you so much. Your video was excellent to get me through this.
    Made it simple and many thanks again

  12. Anonymous says

    THANK YOU!!!!!! I did everything just like you said and it worked perfectly. It’s good to know that you can get such good information out there. Much appreciated!

  13. Your instructions were spot on and I had no problem getting rid of this virus many thanks and I will not hesitate to recommend you in the future

  14. Danilo M. says

    Thank you very much!!! With your help i could remove this garbage!!! God bless you!!!

  15. my computer has been infected with this virus, and I was killing it as your guide, thank you

  16. Anonymous says

    Thanks,,, my computer is free from MS Removal tool…

  17. Happy in NC says

    Thanks very much! Getting rid of the files seemed to have fixed the problems.

  18. Just wanted to say THANK YOU for assisting me to remove the virus. You are very precise with instructions and it worked like magic. You are indeed a life saver. A huge shout out to people like you who help out the “infected”.

  19. Anonymous says

    Your video was extremely helpful and helped me fix the problem within 10 minutes. I really appreciate it thanks again!

  20. Anonymous says

    Yours is the easiest and most common-sense virus removal guide there is. I got infected with this virus despite having Avira antivirus running. I will definitely load up on some serious antivirus protection from here on out.

  21. After working for 3 hours and trying to follow directions from countless other websites, I was able to finally remove this junk in 15 minutes with the help of your video. I’m clicking on the PC Doctor link right now to buy it! That’s just my little way of saying thank you for all you do!

  22. Anonymous says

    Thanks! I already had spyware doctor but it was disabled for hell knows why… It would have taken me days to fix this without this website, (Warning not for children ages 13-) REMOVED REST OF COMMENT. TOO VIOLENT

  23. The guide works. Simple as that. It’s the exact method I have used to remove the threat on our test computers.

  24. Anonymous says

    im still fixing mine. hope it works 🙂

  25. It’s really just a matter of preference as to what security client is the best client. Some people will see my recommendations of Spyware Doctor and Stopzilla and blak and swear by Kaspersky or Norton.

    I know the guys behind Stopzilla really work hard to bring users the latest updates as fast as they can and they are based in the United States. I would simply install them both. Play with each for 5 minutes and keep the one I like the best. There is a 30 day refund policy on both clients so worst case in a few weeks you call and get your money back and go with a different client.

  26. Family member had laptop infected by this insidious, infectious, disgusting piece of garbage. Your instructions were implemented, and though it took a little more hunting to find the file inside the ‘App Data’ folder, it was duly found, renamed, and laptop restarted without the virus popping up. Task Manager was once again accessible, and anti-virus software was pressed into service.

    The infected object was found with the updated anti-virus software in 1 min., 30 seconds. We await the final scan, quarantine and final removal of this nasty infection, but we’re in a much better mood this hour about it.

    Many thanks.

  27. Thanks for the video. Great Step by Step detaIL on how to remove this VIRUS:) I do have one tiny question…. I was able to end the process by logging on right away. However, before opening the file location I ended the process. I dont have a file folder called Program Data. Could this folder be called something else? If so, where can I find it so I can delete this MS Tool Virus.

  28. Jacob,
    Thank you so much for the help on the removal of MS tool. If anyone has a problem just follow the You Tube video and you will be fine. Also, which Antivirus is better, the Stopzilla or the Spyware Doctor? Again, Thank you for all your help.

  29. For Vista and Windows 7 you will have the mentioned folder in the guide. It’s a hidden folder as stated in the guide. Watch the video for more details on how to show a hidden folder.

    We also have the XP video and guide listed on this website http://www.removemsremovaltool.com

  30. Anonymous says

    I’m glad to see that Stopzilla and others are working to remove this terrible virus. How I ended up with it on my brand new notebook is beyond me, but I was luckily able to terminate the process and remove it. Unfortunately, I wasn’t able to find assistance such as this webpage, since I currently do not have Firefox installed and so MS Removal Tools refused to allow my browser to run. Be careful if you want to remove it manually- the virus will deny the infected account permissions to modify, delete, or even open the folder. Good luck to anyone infected with this!

  31. i am having trouble showing the hidden program. i am using vista. i have typed where you shoow to type hidden it does not appear theere.

  32. thanks a lot dude.
    very helpful. and guys please do not click on ads that tell you to
    Shoot Romans
    Shoot Ipods
    Shoot Iphones
    and anything else that you think is too good to be true.

    I got the virus by shooting the romans
    Cheers.

  33. Thanks man, it really works. I have also used the RKill program that kills the MS removal tool process. It’s just easier to install and run the antispyware program. You should also mention checking the hosts file in Windows/system32/drivers/etc/
    Sometimes the MS removal tool may alter the configuration of the file and change the file permission settings, so you won’t be able to delete it or change to a default.

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.