thirdgen

iTrader: (26)

About 1 hour ago I was on google and I did a search for something, and a pop up ad came on my screen. I clicked the X to close it out, and then this little icon in the lower right of my screen says "MS removal tool" and starts telling me I have all kinds of spyware on my PC.
This is spyware itself. I know this because when I opened it, it asked me right away for my credit card number so I could purchase the registered version.
I googled "MS removal spyware" and it took me to this sight where it tolk me what the spyware I have on my PC was, and it told me how to remove it, but I needed to download "PC Tools Spyware Doctor". It scanned my PC and found a pile of stuff, but it won't let me remove anything until I enter my credit card information and download the registered version.
This SUCKS. I'm on MT.net right now in Safe mode, cause otherwise my PC keeps popping all kinds of bullshit up.

What can I download to fix this problem?
I tried Microsoft security essentials, but it found NOTHING.

pdexta

iTrader: (17)

System restore is worth a shot, I've had good luck with getting crap like that off and it doesn't affect anything on your computer (pictures/documents/etc), only programs and applications installed after the time you select.

Start > All Programs > Accessories > System Tools > System Restore

Takes 5-10 min.

Joe_Mama

AVG antivirus free version.
Blocks and removes **** like this automatically.

thirdgen

iTrader: (26)

Might help to mention, It's my home pc with windows xp.

Joe Perez

iTrader: (8)

Manual removal guide: http://www.wiki-security.com/wiki/Pa.../MSRemovalTool

Remove MS Removal Tool manually
Another method to remove MS Removal Tool is to manually delete MS Removal Tool files in your system. Detect and remove the following MS Removal Tool files:

Processes

• %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
• %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
• C:\Documents and Settings\All Users\Application Data\oGcMaMjAlJj07003\oGcMaMjAlJj07003.exe
• C:\Documents and Settings\[USERNAME]\Local Settings\Temp\aC555.exe

Other Files

• %CommonAppData%\[RANDOM CHARACTERS]
• %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].cfg
• %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].bat
• C:\Documents and Settings\All Users\Application Data\oGcMaMjAlJj07003
• C:\Documents and Settings\[USERNAME]\Local Settings\Temp\aC555.tmp

Registry Keys

• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\[RANDOM CHARACTERS]
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
• HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\oGcMaMjAlJj07003=C:\Documents and Settings\All Users\Application Data\oGcMaMjAlJj07003\oGcMaMjAlJj07003.exe

If this doesn't work, just google "MS Removal Tool". There are several other guides.

thirdgen

iTrader: (26)

Ill try that stuff, right now I gotta go to work. Thanks for the advice guys!

revlimiter

iTrader: (1)

On my one Windows box at home, I use Avast antivirus/spyware. It seems less resource heavy than AVG. And is also free.

Also, what the others said.

shooterschmidty

Malwarebyte's Anti-Malware is a pretty powerful malware removal tool.

thirdgen

iTrader: (26)

I just want FREE and fast. I'll try the manual removal that Joe posted once I get home.

Braineack

iTrader: (62)

you need to download an exe file called rkill.exe to completely stop to process of the spyware to be able to remove it.

Tnn

iTrader: (1)

Download malwarebytes free edition from malwarebytes.com. Run full scan in safe mode and remove whatever it finds.

Also get ComboFix.. run this (safe mode with networking) after malwarebytes.. it'll get rid of most of the hard to remove malware.

Pen2_the_penguin

iTrader: (4)

ComboFix

g_reichow

iTrader: (2)

This should do the trick. Additionally, install the app on a different computer, than copy the app directory to a USB key. Rename the main executable to something other than mab or antibytes like your name. Then take the USB key and insert onto infected computer. Run executable from usb key and let it do its magic. Some of the new tools will stop removal tools like MAB from executing. And yes, it is free.

-Greer

Braineack

iTrader: (62)

i bet you anything this spyware prevents the installation of malwarebyes. and then rkill is needed.

pusha

iTrader: (5)

I've had that **** before. It sucks.

y8s

iTrader: (8)

believe it or not, the internets love microsoft security essentials over some of the other bigger fatter antivirus junk.

spyware is another story. windows defender might work to remove it. or not.

thirdgen

iTrader: (26)

So if I google "rkill.exe" I should find it. What exactly does it do?

Braineack

iTrader: (62)

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

So in summary, RKill just kills processes, imports a Registry file that removes incorrect file associations, removes and backs up proxy settings, and fixes policies that stop us from using certain tools. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill. I have whitelisted some processes that are commonly shown as being killed even though they weren't terminated by Rkill, including the program itself, to avoid confusion that a legitimate process was terminated. Other than what is listed above, it does nothing else.

Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program. Some great free tools that you can use to scan your computer after running RKill include MalwareBytes' Anti-Malware, SuperAntiSpyware, and Dr.Web CureIt.

http://www.bleepingcomputer.com/forums/topic308364.html

g_reichow

iTrader: (2)

Brain, thats why I suggested installing malware on another pc and renaming the exe before trying it ont he infected computer. works like a champ 99.999% of the time.

thirdgen

iTrader: (26)

Thanks Scott. I was just trying to verify that it wasn't a renamed file that was originally titled "formatyourcomputerforfree.exe" lol.
I'll do it up tonight and hopefully my pc will stop being down with the sickness.