Having to deal with pop up messages is just something we have to do every day when we are online. Normally, these messages are annoying at best, but if the site you are visiting has been compromised then that pop up could be something more. But you won't know it until you run into it and even then they are designed to be very deceptive, pretending to be other things in an attempt to get on your computer. MS removal tool is malware that is a perfect example of what I am talking about.
When you visit the web site that has been compromised by the MS removal tool you will be told via pop up that looks just like it comes from your operating system that there has been an unknown trojan detected on your computer and a full scan should be run.
Even the scan itself, while it looks convincing enough is just another part of the trap.Once the scan finishes you will be told that there is malware on your computer and that the only way for you to clean it up before it causes any permanent damage to your PC is to download and install the full version of this malware. To stop all this you need to get rid of the MS removal tool. Once downloaded and installed your system will automatically reboot to finish installing the malware on your computer.
You will see warnings like this:
MS removal tool warning.
Your PC is infected with viruses. Activate your antivirus now to prevent data loss theft of your credit card details.
Security monitor.
Your system detected a TrojanSPM/LX on your computer. Your private information and PC safety are at risk.
Your computer is infected
Windows has detected spyware
MS removal tool. Malware that compromise your system have been detected on your PC.
Worst of all, normal operation of your computer will not be allowed. Every time you try and open a program you will be given a warning message saying that the "current action cannot be completed due to an infected file.
At this point you will be prompted to purchase a copy of the software when really you need to get rid of the MS removal tool.
Here is how to remove it.
#1- Start task manager by pressing CTRL-ALT-DEL AND stop the following process. oGcMaMjAlJj07003.exe The name may be slightly different. If it will not stop you need to start your computer in safe mode to stop it.
#2- To start your computer in safe mode restart your computer and then press F8 before windows starts. You might have to do this several times. When you see a menu appear select safe mode with networking.
#3- Find and delete the following files.
AC555.exe
oGcMaMjAlJj07003.exe
#4- Start the registry editor and delete the following entries.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\oGcMaMjAlJj07003
HKCU\Software\Microsoft\Windows\CurrentVersion\Run " junk file name.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\junk file name.
Where junk file name is a name made up of random characters.
#5- Once you have done this restart your computer and you should be rid of the MS removal tool. If it is still there or you are unsure of how to remove it follow the easier automated method.
Automated method to get rid of the MS removal tool.
#1- Start your computer in safe mode using the steps outlined above.
#2- Download a system scanner that will scan for malware and get rid of it quickly running the same steps as above but done for you automatically. If your computer is infected with malware and the manual removal method fails run a system scan and get rid of it fast.
No comments:
Post a Comment