Microsoft Releases Malicious Software Removal Tool

DaHat writes "Hot on the heels of their release last week of Microsoft AntiSpyware, Microsoft today released their very own Malicious Software Removal Tool with the claim that it will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier, and Zindos from your Windows 2000, XP or 2003 machine. Microsoft also promises to release an updated version of the tool on the second Tuesday of each month."

obPost

[ackthpt]

Microsoft Windows XP successfully uninstalled

Dag! It works!

Re:obPost

[mynickwastaken]

Common guys. This thread need to be called just:

Microsoft Releases Malicious Software

I think would be enough!

Re:obPost

[FyRE666]

Not only that but did you see this part?

will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier...

It removes Sassier too! It's a lot like Sasser, but with more attitude...

Re:obPost

[Ismilar]

Actually, I first thought "Microsoft Releases Malicious Software Removal Tool" meant that Microsoft released a software removal tool that is malicious (as opposed to a tool to remove malicious software)! Of course, that wouldn't really be front page news... :)

We've been waiting a long time for this...

[Lindsay+Lohan]

Microsoft today released their very own Malicious Software Removal Tool

Finally, an IE un-installer.

Re:We've been waiting a long time for this...

[rob_squared]

No, silly! They're obviously introducing a new version of fdisk.

I know the vendors will moan

[Timesprout]

and some already are but lets face it, to currently reach the masses this sort of stuff needs to be pushed out through windows update.

what a process!

[ack154]

So I installed this via Windows Update a little while ago today... Here's what I had to do just now to scan:

1. Install via Windows Update
2. Go to tool website
3. Go to website again in IE, cause it doesn't like firefox
4. Temporarily allow popups from SP2
5. Go to website again to allow the popup for the scan tool to open
6. Accept the license agreement
7. Go to website again after I accepted agreement
8. Open the tool and have IE block the ActiveX control
9. Allow the ActiveX control
10. Go to website AGAIN to install the ActiveX control
11. Allow it to scan and tell me nothing is infected...

I sure hope it wasn't this difficult for anyone else. Did I miss something? I thought it was going to be a program on my PC to run and scan, but I can't find it.

Re:what a process!

[Rolan]

Uhm....I'm not sure what you're talking about. I installed it from Windows Update and had no issues.

Yes, you have to use IE for the Active X. You had ActiveX blocked? Have you ever run Windows Update before? You went back somewhere and had it scan? There's no UI (at least that anyone else has found) for this program....

Yes, I think you missed something.

Re:what a process!

[ackthpt]

Did I miss something?

You appear to have left out the following key steps:

Draw pentagram

Light candles

Sacrifice a goat

...

Prophet!!!

Re:what a process!

[Nixoloco]

If you don't want to use IE/ActiveX, you can download the tool directly from http://www.microsoft.com/downloads/details.aspx?Fa milyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displa ylang=en

Hey it Deleted my Netscape....

[Evil+W1zard]

And all other software made by vendors that have sued MS.... It also comes with a custom icon that portrays Bill Gates as Baby Jesus.

So far so good with both

[EvilAlien]

I'm fairly impressed with my tests of the AntiSpyware product. Its pretty slick, seems much more well-rounded than Adware Pro as a comparison. The depth is there too, its not just a mindless GUI app. The configurability and insight into the various bits of registry fiddling that spyware gets up to is cool... and good for a mostly-Windows Ignorant like me.

The malware removal tool is pretty simple. It installs, scans, gives you a clean bill of health or tells you what a dirty infected whore your PC is.

The auto-update features in both applications is nice to see too... Grandma and Grandpa Internet need something to spoonfeed them like this, and if Microsoft keeps them free then grrreat. Now if only we could get them to fix IE so it isn't such a steaming pile...

Re:Cant stand compition?

[ackthpt]

Will it remove firefox also?

That's sched'd for a future release, to cast aspersions on the non-standard apps you have on your system.

todo list:
remove any known worm/virus scan disk for 'BSoD' references or slashdot cookie, if found, format drive sneakily install microsoft DRM verify windows registration key and log ip address corrupt iTunes (1 chance in 10, so it's less suspicious) report all applications back to microsoft next time connecting to net under request [Get latest update?] ... Profit!!!

Re:MS isn't going to do so well at this...

[DaHat]

The reason that they are only going to be doing it once a month has little to do with home users and more to do with corporate ones. Most IT people I know do not have time to search out threats to their network each day and make sure everything is up to date and properly patched... instead, they do so on a schedule. In order to facilitate that, Microsoft has done the same thing. Notice that new security bulletins came out today? Mark your calendar for a month from now and you'll see a similar thing.

Yes, such a system is potentially flawed where if a major exploit is found in the wild and is running loose, taking out systems right and left, the day after Microsoft issues their advisories/patches, things could be bad. However in such a case I have little doubt they would make a special exception for those big ones.

A what now?

[sammy+baby]

"What's this? It says it's a malicious software remover."

"I dunno. Try running it?"

"Okay." (click-click.)

"PLEASE WAIT."

"What's it doing?"

"Dunno... oh, here."

"PROGRAM COMPLETE. FIFTEEN PROGRAMS REMOVED. HAVE FUN FIGURING OUT WHICH ONES, BITCHES."

"Dammit."

Re:I just installed it, and will be rebooting

[drinkypoo]

I have rebooted. My initial impression is that there is no immediately obvious way to run the removal program. KB890830 points out the web version of the Malicious Software Removal Tool and says that "When you download the tool from Windows Update or from Automatic Updates, the tool always runs in quiet mode." The KB also has a url to download the tool. Whee.

Re:Webbaesd?

[Tezkah]

From the page:

Note: If you have difficulty running the tool from this page, it may be due to your browser's security settings. If you have any problems, try downloading the tool directly from the Microsoft.com Download Center and then running it manually.

Didn't even need to start up IE.

Re:Anyone else read that as...

[Chris+Burke]

Yeah, it took me an extra second to parse as well. The funny part is that the editors could have gotten rid of one funny and twenty redundant posts simply by adding one word to the title and saying: "Microsoft Releases Tool to Remove Malicious Software"

No, wait, the funny part is I thought "editing", much less "clarifying confusing sentence structure", was something the editors here did.

Line 'em up

[Swamii]

A summary of the next 100 Slashdot posts:

1. Finally, a Windows XP uninstaller!
2. Finally, an IE uninstaller!
3. Jokes about the malicious/software wordplay -- is it a malicious tool to remove software or a malicious software removal tool? har har har
4. Does it run on Linux?
5. Imagine a beowulf cluster of these.
6. In Soviet Russia, software tools malice YOU!
7. In Korea, only old people run malicious tools.
8. Tin foil cap-sporting nerds complaining about WinVNC rumors.
9. ???
10. Profit!
11. Declare bankruptcy.
12. Bitch about MS.
13. Spell MS with a dollar sign.
14. Tin foil cap-sporting nerds complaining about how this is a MS chokehold attempt on the market.
15. Anonymous posters claiming they had sex with your mother.
16. Mindless slashbotting.
17. 53 offtopic posts.
18. /. owners modding down anything disagreeing with the Slashbot secular, pro-Linux, uniformity.
19. Some posts by the GNAA and/or Roland Piquepalle (one and the same)
20. One really long list of post summaries, to get modded down by angry Slashbots.

<accepting no karma bonus for this crap>

Re:mal.icio.us ?

[Zocalo]

But it might be considered somewhat capr.icio.us and not very jud.icio.us to create mal.icio.us just after Microsoft tries to get of to an ausp.icio.us start in its attempts to help us remove susp.icio.us software that is pern.icio.us in its efforts to remain on our PCs though.

Yup. You're right. Lot's of subdomain possibilities there!

...and other grammatical anomalies

[mblase]

When I read that headline, I thought it meant Microsoft released a malicious tool for removing (non-MS) software. I don't know if that's a result of my own prejudices or just the kind of thing I've come to expect from Slashdot headlines....

Re:...and other grammatical anomalies

[lawpoop]

Actually, this might be seriously unfunny in the near future. If MS takes a hardline against open source or GPL licensed stuff, or make they claim that any particular app in using infringing code, a lot of slashdotters might be saying "I told you so".

Re:...and other grammatical anomalies

[TheLoneIguana]

Hmmm..

MS=Microsoft
and
MS=Malicious Software

Coincidence?

Re:...and other grammatical anomalies

[jc42]

Actually, this might be seriously unfunny in the near future.

Actually, it has been seriously unfunny for several years.

If you dig around for the earliest reviews of Windows Media Player, you'll find a number of reports that, after installing and testing it on their machine, the reviewers found that most or all of their other audio software was no longer working and had to be reinstalled. They also noted that, if they accidentally ran any of the pieces of WMP, the same thing would happen. And WMP couldn't be fully uninstalled.

I have a number of friends that are developing audio and/or video software. They have been getting more and more depressed about the situation on Windows. It seems that, if you want your softwsare to be usable, you have to "license" it (i.e., sign over all rights) to Microsoft. Then they'll add it to WMP's list of Good Guys, and when WMP triggers its search-and-destroy routine, your app will be spared.

This is really what DRM is all about. The intent is that you will only have the right to run approved software. If you have some silly idea that you can write and market your own software, well, just forget that. Hackers like you can't be trusted, y'know.

XP Activation cracks.

[salvorHardin]

I wonder if cracks for their software would be considered malicious. I can just imagine hundreds of people running this, and then finding out that Office doesn't work anymore and they only have another 28 days in which to activate Windows XP before it'll only boot in safe mode. Don't have a cracked machine to try it on, unfortunately, but I think maybe MS missed their chance by allowing everyone to bypass windows validation before downloading the anti-spyware. Perhaps this is another chance to rid the world of a few 1,000 pirates. Or perhaps I should get more sleep and/or consider Occam's Razor a little more..

Re:Nobody's saying it

[bhsx]

I did hear it doesn't tell ya what it removed, and THAT is NOT good.
You heard wrong. It also doesn't stop you from using any other spyware tool. How you got modded insightful is beyond me. (note: I'm not trying to insult you, that's more a smack at the mods than anything else)

Disabling reporting

[jjgm]

This tool reports to MS when it cleans. The reporting is anonymous, it says in the EULA.

Those of you who detest automatic vendor notifications can disable this function. I just followed a tortuous string of buried references from MS to find out how, so to save you all the hassle, here's the thing:

Using regedit, create registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT \DontReportInfectionInformation as a DWORD, and set the value to 1.