Fraud alert: MS Removal Tool

Discussion in 'malware problems & news' started by siljaline, May 7, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Further reading

    The real Malicious Software Removal Tool may be obtained here
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Thanks for the alert
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Unless there is another rouge called MS Removal Tool its been around for a few months, seen at kernelmode.info in March, regular repack fooling av. Not the 'strongest' rouge on the list from the same family as System Tool, very easy to stop and remove - nothing special.
     
    Last edited: May 7, 2011
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome, the Cybercrooks have no shame :ouch:

     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If this had been the case, MS or someone would have reported the issue, I'm quite sure - unless you could present evidence to the contrary.

     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well, what do you think I'm going to post - a lie :)

    So unless there is another called MS Removal Tool (which could be the case - there wasn't much information or screen shot with your link) its been around for a few months - here.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Your link has been sent to interested parties. I have no other comment at this time.
     
  8. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you for the link, stapp
     
  10. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks siljaline for alert :)
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    No matter when others knew about this I appreciate the heads up!:thumb:


    I had not heard of it so thanks!
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    @Boyfriend & @Escalader, you are both welcome, thanks for the hat tip :thumb:
     
  13. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Cool. There's some good places that keep on top of these fakesav's, fraud software etc.

    The Microsoft theme I suppose is an obvious one to go for though when trying to fool a user, the same or similar name and or look of a Microsoft tool - and there's been many. Unfortunately through new rouges or a repack mean we are always playing catch up.
     
    Last edited: May 9, 2011
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    It would seem to be open season on everyone these days Meriadoc, the folks I submitted the information to should take some action. As to what exactly, I am not privvy to.

    Thanks.
     
  15. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Just removed "MS Removal Tool" from a club members PC. From another thread the comment was made

    "Well, for a start, most AV's fail to remove or even detect rogues. So running rescue discs is pointless."

    I agree that rescue discs are useless against Rogues, so why (speculate) are they not addressed by AVs'? This lack of protection by AV's gives users a false sense of protection. How about this use a Free AV it fails to detect a rogue, then why would the user opt for the paid version. After the infection the user, would naturally fell his/her AV failed, seems like AV's are shooting themselves in the foot.
     
  16. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well they are repacked often to fool av scan string technology, 'signature.' AV can only detect a known malware or perhaps similar leaving heuristic, looking for certain commands and malicious functionality in a program.
     
  17. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Okay! Then why does MBAM effortlessly remove the rogues, why not add some of the definitions found in MBAM into AVs? Perhaps that's there inducement so you pony up for the AV suite
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    MBAM is a specialty tool, they use to have a program called Rogue Remover that they integrated into MBAM! But MBAM is not enough to run on it's own (Paid Version) and should be used in conjunction with and AV or Suite or run On-Demand weekly or when necessary! A Good older article here: http://www.thetechherald.com/articl...ue-anti-Virus-earns-almost-34-million-a-month

    TH
     
    Last edited: May 14, 2011
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Why would anyone help the competition and endanger their own business?
     
  20. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Well, MBAM is certainly in a league of it's own, regarding certain malware. According to their forum, they have removed 2.5 billion infections.(for free) Thats some going.They seem to have a very strong team, shame they don't or can't produce a rescue disc
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Or a portable version.
     
  22. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Triple Helix - post #18 great link! * You can't be & AV company & just ignore the fastest growing threat on the planet
     
    Last edited by a moderator: May 15, 2011
  23. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I agree with you but it's up to the AV companies to step up to the plate! But the layered approach is always the best way to go and I always say it is up-to the user to use some common sense and not be Happy Clickers. ;)

    http://en.wikipedia.org/wiki/Rogueware

    TH
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Can't resist it!

    You must mean hapless clickers:D
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
Loading...
Thread Status:
Not open for further replies.