PC Tools Help Center

Protection Software: MS Removal Tool - Manual Removal Instructions

Article Number: 220 | Last Updated: Mon, Oct 24, 2011 3:45 AM


Discuss this article on the PC Tools Community Forum

“MS Removal Tool” is the latest variant in the Security Tool/System Tool family of rogue-antispyware applications. Similar to previous variants, this infection is currently quite widespread.




As with all rogue-antivirus/anti-spyware infections, the purpose of “MS Removal Tool” is to dupe the user into believing their computer is infected and to purchase a license.

To remove this infection from your computer, ensure that you have completed a Smart Update of Spyware Doctor/PC Tools Internet Security, and perform a full scan.

If you are unable to run Spyware Doctor/PC Tools Internet Security, please download and run PC Tools Threat Removal Tool in normal mode.

Alternately, MS Removal Tool can be manually removed from your computer by completing the following procedure.

Clear Proxy Hijack:

  1. Open Internet Explorer
  2. Click on ‘Tools’
  3.  Select ‘Internet Options’
  4. Select the ’Connections’ tab
  5. Click on the ‘Lan Settings’ button
  6. Under ‘Proxy Server’, uncheck this option, then click ‘Ok’
  7. Close the Internet Options menu by clicking ‘Ok’
  8. Close Internet Explorer.

Remove MS Removal Tool Files:

  1. Open My Computer (‘Computer’ on Vista/Windows 7)
  2. Navigate to either of the following locations:
Windows XP:

C:Documents and SettingsAll UsersApplication Data<random MS removal tool characters>

Vista/Windows 7:

C:ProgramData<random MS removal tool characters>
These folders may be hidden through the ‘Hidden’ attribute or set to be System Folders. To enable the viewing of Hidden/System Files, complete the following:
  • Open the Control Panel
  • Open the ‘Folder Options’ menu
  • Select the ‘View’ Tab, and add the following settings:
o    Check ‘Show Hidden files and folders’
o    Uncheck ‘Hide Protected Operating System Files’
o    Uncheck ‘Hide extensions for known file types’
  • Click on ’Apply’ then ’Ok’ to apply these settings.
      3.    A sub-folder named <random MS removal tool value2> should be present. Open this folder
      4.    Delete the file named <random MS removal tool characters value2>.exe
   5.    Close the current window, and then reset your folder options to default by undoing the changes above

Remove MS Removal Tool Registry Keys:
  1. Click on the Start Menu (‘Windows’ button on Vista/Windows 7)
  2. Select the ‘Run’ menu (Windows XP only)
  3. Type regedit and click ‘Ok’
  4. Navigate to the following key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce

     5. In the right hand pane, a value with the name <random MS removal tool characters value2> should appear.
     6. Right-click on this value and select ‘Delete’, then close the Registry Editor.

In place of completing these procedures through Computer/My Computer and the Windows Registry Editor, PC Tools File and Registry Tool can be used to remove the MS Removal Tool files and registry value.

Detailed information regarding the use of the File and Registry Tool can be found in our Malware FAQs forum here.

 

Posted - Thu, Apr 7, 2011 7:27 AM.
Filed Under: 1.7 Malware Related
Did this Article Answer your Question?
Yes No
Attachments Attachments
There are no attachments for this article.

Related Articles

  • Icon PrinterPrint Article
  • Icon EmailEmail Article to Friend
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word