How to Remove the MS Removal Tool Virus

MS Removal Tool Virus Removal: What is it?

The MS removal tool virus is a trojan that can infect your computer through an infected file or freeware program that was downloaded or through viewing a movie codec.

Once your computer is infected you will start getting pop up windows that claim your computer is infected with the virus. This particular trojan is a close relative to the System tool trojan that produces similar behaviour.

You may see various types of warnings such as:

Microsoft Security Essentials Alert!
Potential Threat Details!
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer.

Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.

msremoval3

MS Removal Tool Virus Removal: How to get rid of it.

The first step is obtain malwarebytes. If you are unable to install it on your computer you will need to download it and burn it to a CD/DVD or store it on a USB drive.

Next reboot your computer into safe mode with networking prompt. You can enter safe mode by tapping f8 while the computer is booting. Press repeatedly to make sure you get in.:)

The Trojan changes your internet options to use proxy settings. You can easily set these back by opening Internet Explorer,  click on Tools, Internet Options, Connections, LAN settings and make sure everything is unchecked.

msrm1

msrm2
Now we want to end any processes related to the trojan that are running. We can do this by starting Task Manager (CTRL + ALT + DELETE-> Task Manager). Clicking on the Process tab and ending the associated process. The process name is made up of random characters and ends with exe so (random).exe.

Install Malwarebytes by either downloading it (if you can get to the Internet) or installing it from your disk or USB storage device. Once it is installed you can start it and start a scan. It may be helpful to run the scan multiple times and to also do a thorough scan. Once the scan is completed you will be prompted to reboot your computer so that all infected files can be removed.  

MS Removal Tool Virus Removal: Additional Help

If you are still having issues after running Malwarebytes then you may try going into safe mode and trying to do a System Restore the time before your computer had issues. Check out your app data folder. There maybe a folder with a random string of characters. This is where the random.exe file resides. Try deleting this file. You will also need to remove the associated registry key using the run->regedit tool. The registry entry will look something like this. Make sure you back your registry up before deleting anything!

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce (random).