MS Removal Tool Description
The pretty pink menace has struck again: MS Removal Tool is the latest version of some especially ugly fake security software that has been scamming PC users out of their money. MS Removal Tool is nothing more than an attempt to drive you to pay for a bogus program, by scaring you into thinking that your computer is infected with tons of malware. Please don't fall for it!
Although MS Removal Tool is only the latest name for this malware, its previous names have not been as easily confused with real anti-virus products. There is a program called Microsoft Windows Malicious Software Removal Tool that is a real, useful anti-malware application. MS Removal Tool has no affiliation with Microsoft, and its name is not a shortened form of the name of their legitimate security program.
However, aside from its claims to be a Microsoft product, there is almost nothing remotely realistic or normal about MS Removal Tool. MS Removal Tool has a bubblegum-pink interface, all of its messages and warnings are in really mangled English, and it changes the desktop wallpaper to a crazy, ranting paragraph about how "Your're in danger" because everything you've ever done is supposedly saved forever on your computer and is accessible to every single person or entity that might matter to you at all ever, and it could "break your life." (The claims that the wallpaper warning makes are false, so don't sweat it – and that "break your life" bit is downright laughable!) Of course, even if you don't fall for it and believe the sparkly pink MS Removal Tool to be real security software, MS Removal Tool will still seriously disable your computer and prevent you from using it.
Signs of a MS Removal Tool Infection
MS Removal Tool will configure itself to start when Windows starts, which means that every time you start Windows in its normal mode, you will see the MS Removal Tool interface. The interface exists in order to run some scan animations in order to simulate a scan of your computer, although MS Removal Tool can't, and doesn't, actually scan for anything. You can't skip past the fake scan, so you have to wait through it, and at the end, the result is always the same – MS Removal Tool will present you with a long list of "results," containing names for up to thirty different threats that it claims to have detected. MS Removal Tool will then tell you that the only way to remove these threats is to "activate" your copy of MS Removal Tool by paying for a license. There's even a payment page where you can enter your credit card information, if you feel inclined to follow all of MS Removal Tool's suggestions and prompts. However, because the entire thing is a scam, there aren't any licenses to be had, and you won't get anything for the huge chunk of money that you pay.
Even assuming that you don't fall for the fake scan, and you make it to the desktop, that doesn't mean that MS Removal Tool will stop pestering you for money. On the contrary, MS Removal Tool will start creating warnings and alert messages, which will say very vague things about how MS Removal Tool has detected that your PC is not properly secured. You'll see pop-ups that remind you to "activate" your anti-virus program, in order to remove various unspecified threats, and these pop-ups will lead you right to the bogus payment page if you follow them.
The fake scans and security alerts are only the scare-tactics component of MS Removal Tool's attack. MS Removal Tool also does a few things in the name of self-preservation, to keep you from deleting it. It will disable your anti-virus software, along with your other programs, even including Task Manager. You won't be able to kill MS Removal Tool's processes with Task Manager, and you won't be able to uninstall it with the Control Panel. Furthermore, MS Removal Tool may prevent you from going for help online, by causing your browser to redirect you to one of the MS Removal Tool sites whenever you try to access anything on the Internet.
How Did MS Removal Tool Wind Up on Your Computer in the First Place?
So, you probably don't remember asking for MS Removal Tool or downloading it, right? That's because MS Removal Tool relies on a Trojan in order to get into your computer. The Trojan is hidden in something that you are tricked into downloading, usually because it looks so harmless and normal. The most common hiding spots are fake video codec updates, program updates downloaded from third-party websites, and files downloaded from freeware or pirating sites. The Trojan that supports MS Removal Tool may also be promoted by spam email attachments, or through malicious links that lead to drive-by-download sites. In any case, once you have been tricked into downloading the Trojan (because Trojans can't copy themselves or spread on their own), it drops the files that are necessary to run the MS Removal Tool rogue anti-virus software.
Believe it or not, this crazy pink program is not the first one in this malware family; there have been several other fake security applications that are essentially the same malware under a different name. Most recently, there was System Removal, although the malware currently being called MS Removal Tool has been around since at least 2009. Some other mutations of this same malware are Windows Smart Security, Total Security, Total Security 2009, Total Security 4.52, System Tool, System Tool 2011, PC Tool 2011, and System Security. There has been a marked increase in the infection rate with malware from this family since the beginning of 2011.
Twitter Trend on MS Removal Tool
Snapshot of Search Volume for MS Removal Tool
Do You Suspect Your PC May Be Infected with MS Removal Tool & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like MS Removal Tool as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
Screenshots & Other Imagery
How To Detect and Remove MS Removal Tool
File System Details
More Details on MS Removal Tool
|MS Removal Tool Warning|
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool
Application cannot be executed. The file [FILENAME].exe is infected.
Please activate your antivirus software.
|Warning: Your computer is infected|
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.