Windows Malicious Software Removal Tool?

  • Thread starter Thread starter (PeteCresswell)
  • Start date Start date
P

(PeteCresswell)

As in my other post - is this something I want to install to look
for 'bots?

Seems to me like any decent anti virus sb doing this already.

Avast in my case.

?
 
As in my other post - is this something I want to install to look
for 'bots?
Click to expand...

This is certainly not my specialty, but...

I don't know that these malicious software removal tools are
especially designed to look for bots, but otoh, are you only concerned
about bots, or other malware too. Since MS went to the trouble to
write them, it seems like they would be worth using.

But aiui, each of these programs only runs once, the next time you
boot windows, so "install" doesn't seem like quite the right word.
Seems to me like any decent anti virus sb doing this already.
Click to expand...

Just guessing, it's called a removal tool, so it's meant for malware
that has installed itself already. And AIUI, it runs before Windows
starts, when any file can be deleted.
Avast in my case.
Click to expand...

As to assuming Avast or any other software will catch every virus,
don't AV companies depend on people P sending in viruses when they
find them on their computer? And then the AV company has to
distinguish the virus from the rest of the file it is occupying. It
has to find a unique string for the AV program to check for, has to
test that this works in practice, has to make this available as an
update to virus defs, and then it has to be dl'd by every user. Now
how can all that happen in less time than it takes you to get the same
virus that P got in the first place? Indeed some people probably have
the virus even before the first step above, before anyone has sent a
sample to an AV company.

Isn't there bound to be more than one person infected with a virus
before any AV company has protection against it?

In my ex-gf's case, afaict she got a virus last Thursday evening, when
she went to www.letmewatchthis.com , I think the name is, and tried to
dl a tv show, something she has done before with no problem, at the
same website. Instead she got a screen that said she needed a virus
check, and she was suspicious, but not suspicious enough, and she
started it, but stopped it soon after. After that pretty much nothing
in her computer worked.

So the next evening we booted with the newest version of BitDefender
and ran that, and then she could for some reason run the computer but
not use her web browsers, so we updated AVG and ran it, and this time
it found and removed a trojan (and a registry reference to it), even
though it didn't find the virus the previous day.

Doesn't that likely mean that the def for that virus was in the last
definition update we did? One day after she got the virus. Is there
any reason that couldn't be the case?

Her virus may or may not have been fully removed by AVG, and for sure
its removal didn't undo every change it had made.

AIUI, MS doesn't write a malware removal tool for every virus, only a
small fraction of them. I'm guessing it's only those that are
especially hard to remove, or especially destructive, or something.
Am I right about that?

I always use the ones they send me.
 
Per mm:
know that these malicious software removal tools are
especially designed to look for bots, but otoh, are you only concerned
about bots, or other malware too. Since MS went to the trouble to
write them, it seems like they would be worth using.
Click to expand...

I got off on this tangent after somebody told me that the 'bot
situation is getting out of hand - as in an estimated 60% of PC's
infected - and MS was finally acknowledging it as a problem that
they need to recognize and help mitigate.


Same guy presented an interesting spiel about
denial-of-service-based extortion.

- The head of XYZ company's IT gets an email: "Deposit $50,000
into such-and-so numbered bank account or we will bring down your
systems."

- Head of XYZ ignores the message.

- Next day, he gets a followup message: "Deposit $50,000
into..... or we will bring down your systems for a period of 10
minutes at 1400 today."

- Head of XYZ ignores the message.

- At 1400 that day, there is a denial-of-service attack on the
company's internet-exposed computers and the place grinds to a
halt.

- Head of XYZ either deposits the $50k or calls in somebody who
knows how to defend against such an attack.


He didn't say it, but I assume such attacks can be mounted via a
collection of many, many 'bots across the world. The
extortionist broadcasts a message to all the 'bots with a start
time, stop time, and target address and they start sending some
sort of traffic to that address - whose server(s) become
overwhelmed.


So... that's how I got spun up on the idea of detecting 'bots.

From context, you can probably tell I'm pretty much clueless on
the subject - but "Malicious software Removal" seemed like it
might apply. OTOH, I trust MS about as far as I could throw
them... so didn't want to go and install something that would
give me cause to re-image my PC...
 
Per mm:

I got off on this tangent after somebody told me that the 'bot
situation is getting out of hand - as in an estimated 60% of PC's
infected - and MS was finally acknowledging it as a problem that
they need to recognize and help mitigate.
Click to expand...

Well, I've heard a little about this too.
Same guy presented an interesting spiel about
denial-of-service-based extortion.

- The head of XYZ company's IT gets an email: "Deposit $50,000
into such-and-so numbered bank account or we will bring down your
systems."

- Head of XYZ ignores the message.

- Next day, he gets a followup message: "Deposit $50,000
into..... or we will bring down your systems for a period of 10
minutes at 1400 today."
Click to expand...

Hey, I got one of those messages, but mine came from a crown prince of
Syria who also said I had won the Syrian lottery, so I ignored it.
- Head of XYZ ignores the message.

- At 1400 that day, there is a denial-of-service attack on the
company's internet-exposed computers and the place grinds to a
halt.

- Head of XYZ either deposits the $50k or calls in somebody who
knows how to defend against such an attack.


He didn't say it, but I assume such attacks can be mounted via a
collection of many, many 'bots across the world. The
extortionist broadcasts a message to all the 'bots with a start
time, stop time, and target address and they start sending some
sort of traffic to that address - whose server(s) become
overwhelmed.


So... that's how I got spun up on the idea of detecting 'bots.
Click to expand...

I get it.
From context, you can probably tell I'm pretty much clueless on
the subject - but "Malicious software Removal" seemed like it
might apply. OTOH, I trust MS about as far as I could throw
them...
Click to expand...

That's an expression I used a lot when I was little, then for a few
decades people would say "I trust yyyy as far as I can throw
[something heavy]", and in the last 3 or 4 years I think our version
is making a comeback.

Just like, perhaps, when I was little, criminals on tv and in movies
often used "automatic"** pistols with silencers, but then for a few
decades they used pillows, but in the last few years silencers are
makign a comeback.

**They were called automatics then, even though they are
semi-automatic, perhaps because truly automatic pistols didnt' exist
until after the 60's.
so didn't want to go and install something that would
give me cause to re-image my PC...
Click to expand...

Well, aiui, every time I get the chance to dl one, I do, and then the
next time I boot windows (which doesn't come coming out of
hibernation) the remover runs, but it's never sent me any message of
any sort, I presume becuase I didn't have what it was designed to
remove. Then I figure it deletes itself. So I don't actually know it
has ever run. I don't even know if displays messages when it does
find something, but I'll bet it does. So the odds are, I've never
had what it was designed to remove.

Either I haven't kept track of, or maybe it never shows, the actual
file name, or where it is stored (temporarily, I assume) so I can't
verify that it's deleted, but someone here probably knows.
 
From: "(PeteCresswell)" <[email protected]>

| As in my other post - is this something I want to install to look
| for 'bots?

| Seems to me like any decent anti virus sb doing this already.

| Avast in my case.

There is nothing to install. It is downloaded each month with Windows Updates and
performs a scan automatically.

MS Malicious Software Removal Tool (MS MRT) uses the SAME engine as Windows Defender, Live
OneCare and Microsoft Security essentials.

To view the MRT log...
%windir%\Debug\mrt.log

Running the following command line will launch a full scan and clean malware automatically
without user intervention.
%windir%\system32\MRT.exe /f:y
 
Per David H. Lipman:
To view the MRT log...
%windir%\Debug\mrt.log

Running the following command line will launch a full scan and clean malware automatically
without user intervention.
%windir%\system32\MRT.exe /f:y
Click to expand...

Thanks!

That cuts right to the chase.

Interesting, too - in that it seems to confirm what I thought
about it removing 'bots... as in:

BagelZip:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Baglezip

"Win32/Baglezip is the ZIP archive that may be used by the
greater Win32/Bagle family when spreading. Win32/Bagle is a
family of mass-mailing worms. The worm spreads primarily through
e-mail, though some variants also spread through peer-to-peer
file sharing networks. The worm may also act as a backdoor,
allowing an attacker access and control of a compromised
computer."

Having the command line available will help me bc I'd want to do
a scan before taking an image back of what I hope to be a "good"
version of my system.
 
Back
Top