MS Removal Tool

Posted: March 27, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 94

MS Removal Tool Description

ScreenshotMS Removal Tool is the newest rogue anti-virus application on the block, and this rogue threat can still slip under the detection methods of many types of anti-malware programs. Don't confuse this fraudulent MS Removal Tool with the real Microsoft Malicious Software Removal Tool - the latter will always come with Windows, free of charge. In between bouts of asking for your money, MS Removal Tool will block a wide range of programs and may also hijack your web browser. Deleting MS Removal Tool is a serious priority because this rogue application can interfere with almost every action you take on the infected PC.

Telltale Signs of the Fake MS Removal Tool

This rogue infection version of MS Removal Tool can be easily distinguished from the real MS Removal Tool by a number of signs:

  • MS Removal Tool will exhibit the appearance and many obvious behaviors known from the rogue program System Tool, which it copies to a large extent. This includes the pink-themed interface and the alteration of your desktop background to a threatening message about spyware or other malware infections.
  • This fake MS Removal Tool will also request money in exchange for registration of the program. The real MS Removal Tool is completely free and doesn't require registration. If you give your money or personal information to the fake MS Removal Tool, you're giving those things away to criminals.
  • Infection by MS Removal Tool will coincide with dysfunctional behavior in many different programs. Anti-virus scanners may refuse to run, the Windows Task Manager may spontaneously shut down and other programs may crash with unusual error messages. Microsoft Security Essentials will also fail to run, potentially with a fake error message about an infected root file.

All error messages and warnings created by MS Removal Tool have no basis in reality as far as your PC's health goes. Here are some of the messages you might see:

MS Removal Tool Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool.

MS Removal Tool
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.

MS Removal Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

Dealing with MS Removal Tool Attacks

MS Removal Tool has been reported to spread through insecure files on P2P networks, freeware websites and pirated software websites. Being careful to verify the safety of suspicious files before running them will help you avoid the MS Removal Tool bug.

Although MS Removal Tool is based off of the older rogue threat System Tool, MS Removal Tool has had sufficient alterations to avoid being detected by many anti-malware programs. Keeping your anti-malware software up to date is a critical step in detecting MS Removal Tool. Having multiple well-known brands of security software will also give you security through redundancy that may just be what you need to delete MS Removal Tool.

You probably won't be able to access most of the necessary software for removing MS Removal Tool while this rogue program is active. Using Safe Mode will let you scan your computer without MS Removal Tool getting in the way. Safe Mode is available for all Windows systems by tapping F8 during the booting process and makes cleaning out MS Removal Tool and otherrogue security applications such as Live Security Platinum and Security Shield 2012 a relatively simple task.


Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to MS Removal Tool may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\Application Data\fNfBeFdPgGn07003\fNfBeFdPgGn07003.exe File name: fNfBeFdPgGn07003.exe
Size: 293.56 KB (293560 bytes)
MD5: 76afb8bf0cecf856c52cfc04babf1550
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\fNfBeFdPgGn07003\
Group: Malware file
Last Updated: March 28, 2011

Additional Information

The following URL's were detected:
The following messages's were detected:
# Message
1MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool
Application cannot be executed. The file [FILENAME].exe is infected.
Please activate your antivirus software.
3Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

Related Posts


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.