MS Removal Tool

MS Removal Tool Description

ScreenshotThe pretty pink menace has struck again: MS Removal Tool is the latest version of some especially ugly fake security software that has been scamming PC users out of their money. MS Removal Tool is nothing more than an attempt to drive you to pay for a bogus program, by scaring you into thinking that your computer is infected with tons of malware. Please don't fall for it!

Although MS Removal Tool is only the latest name for this malware, its previous names have not been as easily confused with real anti-virus products. There is a program called Microsoft Windows Malicious Software Removal Tool that is a real, useful anti-malware application. MS Removal Tool has no affiliation with Microsoft, and its name is not a shortened form of the name of their legitimate security program.

However, aside from its claims to be a Microsoft product, there is almost nothing remotely realistic or normal about MS Removal Tool. MS Removal Tool has a bubblegum-pink interface, all of its messages and warnings are in really mangled English, and it changes the desktop wallpaper to a crazy, ranting paragraph about how "Your're in danger" because everything you've ever done is supposedly saved forever on your computer and is accessible to every single person or entity that might matter to you at all ever, and it could "break your life." (The claims that the wallpaper warning makes are false, so don't sweat it – and that "break your life" bit is downright laughable!) Of course, even if you don't fall for it and believe the sparkly pink MS Removal Tool to be real security software, MS Removal Tool will still seriously disable your computer and prevent you from using it.

Signs of a MS Removal Tool Infection

MS Removal Tool will configure itself to start when Windows starts, which means that every time you start Windows in its normal mode, you will see the MS Removal Tool interface. The interface exists in order to run some scan animations in order to simulate a scan of your computer, although MS Removal Tool can't, and doesn't, actually scan for anything. You can't skip past the fake scan, so you have to wait through it, and at the end, the result is always the same – MS Removal Tool will present you with a long list of "results," containing names for up to thirty different threats that it claims to have detected. MS Removal Tool will then tell you that the only way to remove these threats is to "activate" your copy of MS Removal Tool by paying for a license. There's even a payment page where you can enter your credit card information, if you feel inclined to follow all of MS Removal Tool's suggestions and prompts. However, because the entire thing is a scam, there aren't any licenses to be had, and you won't get anything for the huge chunk of money that you pay.

Even assuming that you don't fall for the fake scan, and you make it to the desktop, that doesn't mean that MS Removal Tool will stop pestering you for money. On the contrary, MS Removal Tool will start creating warnings and alert messages, which will say very vague things about how MS Removal Tool has detected that your PC is not properly secured. You'll see pop-ups that remind you to "activate" your anti-virus program, in order to remove various unspecified threats, and these pop-ups will lead you right to the bogus payment page if you follow them.

The fake scans and security alerts are only the scare-tactics component of MS Removal Tool's attack. MS Removal Tool also does a few things in the name of self-preservation, to keep you from deleting it. It will disable your anti-virus software, along with your other programs, even including Task Manager. You won't be able to kill MS Removal Tool's processes with Task Manager, and you won't be able to uninstall it with the Control Panel. Furthermore, MS Removal Tool may prevent you from going for help online, by causing your browser to redirect you to one of the MS Removal Tool sites whenever you try to access anything on the Internet.

How Did MS Removal Tool Wind Up on Your Computer in the First Place?

So, you probably don't remember asking for MS Removal Tool or downloading it, right? That's because MS Removal Tool relies on a Trojan in order to get into your computer. The Trojan is hidden in something that you are tricked into downloading, usually because it looks so harmless and normal. The most common hiding spots are fake video codec updates, program updates downloaded from third-party websites, and files downloaded from freeware or pirating sites. The Trojan that supports MS Removal Tool may also be promoted by spam email attachments, or through malicious links that lead to drive-by-download sites. In any case, once you have been tricked into downloading the Trojan (because Trojans can't copy themselves or spread on their own), it drops the files that are necessary to run the MS Removal Tool rogue anti-virus software.

Believe it or not, this crazy pink program is not the first one in this malware family; there have been several other fake security applications that are essentially the same malware under a different name. Most recently, there was System Removal, although the malware currently being called MS Removal Tool has been around since at least 2009. Some other mutations of this same malware are Windows Smart Security, Total Security, Total Security 2009, Total Security 4.52, System Tool, System Tool 2011, PC Tool 2011, and System Security. There has been a marked increase in the infection rate with malware from this family since the beginning of 2011.

Twitter Trend on MS Removal Tool

Snapshot of Search Volume for MS Removal Tool

ms removal tool search volume

Do You Suspect Your PC May Be Infected with MS Removal Tool & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like MS Removal Tool as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how MS Removal Tool infects a computer.

How To Detect and Remove MS Removal Tool

MS Removal Tool Image 1 MS Removal Tool Image 2 MS Removal Tool Image 3 MS Removal Tool Image 4 MS Removal Tool Image 5 MS Removal Tool Image 6 MS Removal Tool Image 7 MS Removal Tool Image 8 MS Removal Tool Image 9 MS Removal Tool Image 10 MS Removal Tool Image 11 MS Removal Tool Image 12

File System Details

MS Removal Tool creates the following file(s):
# File Name Size MD5
1 %ALLUSERSPROFILE%\Application Data\fNfBeFdPgGn07003\fNfBeFdPgGn07003.exe 293,560 76afb8bf0cecf856c52cfc04babf1550
More files

More Details on MS Removal Tool

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • 194.28.113.214
  • 69.50.195.77
  • 69.50.209.220
  • msantispam-srv2.com
The following messages associated with MS Removal Tool were found:
MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool
Warning!
Application cannot be executed. The file [FILENAME].exe is infected.
Please activate your antivirus software.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

3 Comments

  • Cheryl:

    What can you do if you were scammed by this program? I was convinced something was wrong with my computer so I bought it 🙁 Now I'm out $60 and have a virus. I called my cc company but the guy was no help and barely spoke English.

  • Pascal:

    I'm a programmer, and I write software for Windows (amongst other systems). I've just finished removing this trojan from my neighbours laptop. A pain in the ass - but as least he didn't have to pay anything (more fool me!).

    Don't believe the Windows zealots and fanboys, the truth of the matter is that Windows, even Windows 7, is the weakest OS available today. Linux is far better - albeit not as easy to install in the first place (but try Ubuntu - it may be the best thing you ever did).

    If you're not technology savvy then Mac OS X is easy to install and virus free (although not Trojan free, so you still need a good password). If you buy a Windows PC it looks like a nice cheap option but, as with all things, you get what you pay for.

    Both Linux and Mac OS X are way faster than Windows - and use less electricity too (so more battery life on a laptop). Caveat Emptor though - there aren't as many games available for these two, so if games are your bag you'll have to suck it up and keep using Windows.

  • angel gilliam:

    MS won't let me do anything. I cannot download google chrome or firefox. I cannot change to a new account. I cannot do anything. Will this go away soon or am I totally in trouble?

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.