Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Malicious Software Removal Tool

Posted by michael on from the now-everything's-all-better dept.

DaHat writes "Hot on the heels of their release last week of Microsoft AntiSpyware, Microsoft today released their very own Malicious Software Removal Tool with the claim that it will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier, and Zindos from your Windows 2000, XP or 2003 machine. Microsoft also promises to release an updated version of the tool on the second Tuesday of each month."

13 of 337 comments (clear)

  1. what a process! by ack154 · · Score: 3, Informative

    So I installed this via Windows Update a little while ago today... Here's what I had to do just now to scan:

    1. Install via Windows Update
    2. Go to tool website
    3. Go to website again in IE, cause it doesn't like firefox
    4. Temporarily allow popups from SP2
    5. Go to website again to allow the popup for the scan tool to open
    6. Accept the license agreement
    7. Go to website again after I accepted agreement
    8. Open the tool and have IE block the ActiveX control
    9. Allow the ActiveX control
    10. Go to website AGAIN to install the ActiveX control
    11. Allow it to scan and tell me nothing is infected...

    I sure hope it wasn't this difficult for anyone else. Did I miss something? I thought it was going to be a program on my PC to run and scan, but I can't find it.

    1. Re:what a process! by Rolan · · Score: 3, Informative

      Uhm....I'm not sure what you're talking about. I installed it from Windows Update and had no issues.

      Yes, you have to use IE for the Active X. You had ActiveX blocked? Have you ever run Windows Update before? You went back somewhere and had it scan? There's no UI (at least that anyone else has found) for this program....

      Yes, I think you missed something.

      --
      - AMW
    2. Re:what a process! by ack154 · · Score: 2, Informative

      I installed it from Windows Update, but it did nothing. At all (except that my updates completed). The tool did absolutely nothing. ActiveX controls are "blocked" by IE in SP2 - the little yellow information bar appeared at the top saying I may need to install blah blah blah. So I allowed that and then had to go back and it actually prompted to install the control.

      Um... I've run WU plenty of times... I went to the link in the article where it says "check my pc for infection" ... that's where the popup came from and torture ensued from there.

    3. Re:what a process! by Anonymous Coward · · Score: 1, Informative

      Yeah, try the version where you don't act like you have never used Windows before:

      1. Go to 'Windows Update' in either the Start Menu or Start->All Programs.
      2. Click Express or Custom Install
      3. Click Download (or whatever it says).
      4. Click yes or ok a coupla times.

      Total time that required my input: about 10 sec.

      Or just enable the Auto Update thingy and you would have only had 2 steps. Click balloon in corner, click ok a coupla times.

    4. Re:what a process! by Nixoloco · · Score: 4, Informative


      If you don't want to use IE/ActiveX, you can download the tool directly from http://www.microsoft.com/downloads/details.aspx?Fa milyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displa ylang=en

    5. Re:what a process! by Deviate_X · · Score: 2, Informative

      You can install and run this: Microsoft Baseline Security Analyzer instead of doing what you did. It also tests your system against security best practices for windows systems.

  2. Re:MS isn't going to do so well at this... by EvilAlien · · Score: 2, Informative
    This isn't an AV app, its a REMOVAL TOOL. They've been very clear about its purpose, and that users should continue to use an up-to-date AV product:
    This tool will help to remove specific, prevalent malicious software from infected systems. Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. In addition to using this tool, you should use an up-to-date antivirus product to help protect your computer from other malicious software. For more information, see Protect Your PC.
    (ganked from Microsoft® Windows® Malicious Software Removal Tool (KB890830))

    Their AntiSpyware Beta app updates daily by default. This malware remover is the more grown up very of the cleaners they deployed via autoupdate last year.

    --
    perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
  3. Re:I just installed it, and will be rebooting by drinkypoo · · Score: 4, Informative

    I have rebooted. My initial impression is that there is no immediately obvious way to run the removal program. KB890830 points out the web version of the Malicious Software Removal Tool and says that "When you download the tool from Windows Update or from Automatic Updates, the tool always runs in quiet mode." The KB also has a url to download the tool. Whee.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Webbaesd? by Tezkah · · Score: 3, Informative
    From the page:
    Note: If you have difficulty running the tool from this page, it may be due to your browser's security settings. If you have any problems, try downloading the tool directly from the Microsoft.com Download Center and then running it manually.
    Didn't even need to start up IE.
  5. Re:Is this how they fight Firefox? by MrP-(at+work) · · Score: 2, Informative

    i downloaded it without needing activex.. theres 3 ways to get it, windowsupdate (requires IE), the activex (requires IE) button, or the download link (works in any browser)

    --
    [an error occurred while processing this directive]
  6. Re:Nobody's saying it by bhsx · · Score: 3, Informative

    I did hear it doesn't tell ya what it removed, and THAT is NOT good.
    You heard wrong. It also doesn't stop you from using any other spyware tool. How you got modded insightful is beyond me. (note: I'm not trying to insult you, that's more a smack at the mods than anything else)

    --
    put the what in the where?
  7. Re:...and other grammatical anomalies by jc42 · · Score: 3, Informative

    Actually, this might be seriously unfunny in the near future.

    Actually, it has been seriously unfunny for several years.

    If you dig around for the earliest reviews of Windows Media Player, you'll find a number of reports that, after installing and testing it on their machine, the reviewers found that most or all of their other audio software was no longer working and had to be reinstalled. They also noted that, if they accidentally ran any of the pieces of WMP, the same thing would happen. And WMP couldn't be fully uninstalled.

    I have a number of friends that are developing audio and/or video software. They have been getting more and more depressed about the situation on Windows. It seems that, if you want your softwsare to be usable, you have to "license" it (i.e., sign over all rights) to Microsoft. Then they'll add it to WMP's list of Good Guys, and when WMP triggers its search-and-destroy routine, your app will be spared.

    This is really what DRM is all about. The intent is that you will only have the right to run approved software. If you have some silly idea that you can write and market your own software, well, just forget that. Hackers like you can't be trusted, y'know.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  8. Disabling reporting by jjgm · · Score: 4, Informative

    This tool reports to MS when it cleans. The reporting is anonymous, it says in the EULA.

    Those of you who detest automatic vendor notifications can disable this function. I just followed a tortuous string of buried references from MS to find out how, so to save you all the hassle, here's the thing:

    Using regedit, create registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT \DontReportInfectionInformation as a DWORD, and set the value to 1.