[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

MS Removal Tool

Posted on 2011-04-22
7
Medium Priority
?
570 Views
Last Modified: 2013-11-22
I have been attempting to remove this MS Removal Tool disaster.
I have done the following:
Run Malwarebytes anti-malware - to no avail
I have run rkill.com this removed a couple of fileds but not the correct ones.
I cannot accesss my ESET antiq virus

I believe thekey file is
04-HKCU\,,\RunOnce:[FHrPqDaZcC802547]C:\ProgramDAta\FHrPqDADcCg02547.exe

I have Windows 7 OS Home Edition and cannot get into ProgramData to delete this file.

Does anyone know a simple and effective way of getting rid of this.

I am not good enough to go into Registry files etc.
Thanks
0
Comment
Question by:digisel
7 Comments
 
LVL 14

Assisted Solution

by:bmsjeff
bmsjeff earned 400 total points
ID: 35448337
Click on the Start/Windows button
Enter "Folder Options" into the box and hit enter
Click on the "View" tab
Put a dot in "Show hidden files, folder, and drives"
Click Apply

Open explorer and go to the directory to delete.

Regedit is not to complicated.  Let me know if you want to delete it there also.
0
 
LVL 38

Accepted Solution

by:
younghv earned 1600 total points
ID: 35448565
You can use the tools shown in this step-by-step set of instructions:

http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Please read through both of these EE Articles for more information:
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 

Author Comment

by:digisel
ID: 35449532
To bmsjeff
I have looked in the directory and the 04-HKCU edtc. RuncOnce file is not there

To Younghv: I had already followed the steps of bleepingcomputer to no avail.   I have repeated them  And also managed to download the latest version of malbytes which I ran - to no avail

I also ran ESET in Safemoade - it found only one suspect file and it did not apply to this problem
The MS Removal Tool probl;em remains.

Any other thoughts or actions please
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:digisel
ID: 35449563
P.S. I shall also be following the links suggested by Younghx and acting accordingly.
If you have any other suggestions they will be most welcome
0
 
LVL 14

Expert Comment

by:bmsjeff
ID: 35449813
This file will change.  Run Malwarebytes again. Make sure you update it first.  See what the name of the new file is and delete it.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35451340
If the problem persists:

Try running unhide.exe to remove hidden flags.
Download and run Unhide.exe to remove the hidden flags on files and folders.
http://download.bleepingcomputer.com/grinler/unhide.exe


If needed you can download ComboFix and if it doesn't delete it on its first run we can delete it using its script function.

1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Closing Comment

by:digisel
ID: 35452674
Thanks for your time and trouble.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question