malicious software removal tool

Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labelled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software. I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I
did find some files but couldn't delete the main one.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to enquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related. However I
won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update. If
that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and
I have to do a system restore to get them back. The system
generated restore point immediately before this happens is labelled
by the system 'Software Distribution Service 3.0'. On looking into
this it seems that at some point I have accepted an EULA to
download and run something called Malicious Software Reporting
Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the
month) and it would from then on automatically run a system check
in the background for malicious software. I checked on Google and
there was one reference to this potentially corrupting profile
settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic updates list, however this item is not listed on my
automatic updates (its not hidden either). I have therefore changed
my updates to notify me but not download or install. When the
program popped up a few days ago I did not therefore download it.
Yesterday however I did download a Windows Defender security update
(which I assumed was unrelated), however the system has now been
corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually
delete them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with
Windows Genuine Advantage, so I tried to remove that aswell as in 1
and 2 above - I did find some files but couldn't delete the main
one.
4. did a registry search to try and find these files and deleted a
few entries to at least cause the program to fall over (I hoped),
but evidently that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious
software tool - no effect (couldn't find Software Distribution
Service in ZA so couldn't block that)
6. tried to find either program in the applications tray to
disable it there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all
programs running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system kept telling me my settings weren't right to access that
service. I changed the settings exactly as they suggested but I
still kept getting that message
10. in desperation rang them to enquire about paid support but they
told me they would charge £60 (even if it were a 2 minute job!). I
am not prepared to pay that for what is after all a Microsoft's bug
!

The only other thing I can think of to do is to not download any
updates for Windows Defender either - assuming the 2 products are
related. However I won't know the outcome of that for another month
since it only happens once a month.
If it is still causing a problem then I can only assume that the
software is already installed and will run once a month anyway
without an update. If that's the case I need to know how to get
into the system files to disable it - surely there must be a way ??

Any help you can think of to give me would be very much appreciated
- I am certainly trying to fix it myself without asking anyone and
have spent many hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.

IMO: Drop ZA, use the Windows Firewall. More than enough for most and
doesn't come with the problems ZA users have been plagued with over the last
year or so.

Beyond that - cleanup and update your updating system. After you do this -
perhaps your system will be more stable and you won't have to be so
concerned.

Fix your file/registry permissions...

Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - if not - you can
do that *later* - it is not necessary to continue with the cleanup.)

Reboot and ...

Search your registry for %fystem and replace the "f" with an "s". May be
three or four matches, may be none. You may even have to take ownership
(even after doing the above) of the keys in order to make the change.

Reboot and ...

Download/install this:
http://support.microsoft.com/kb/290301

After installing, do the following:

Start button -- RUN -- type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
-- Click OK.
(The quotation marks and percentage signs and spacing should be exact.)

Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):

SuperAntiSpyware
http://www.superantispyware.com/

MalwareBytes
http://www.malwarebytes.com/

After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.

Download and run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

Reboot.

CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot

Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time

Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.
Installing the latest updates may have you rebooting several times,
which is fine - but after you are sure you are done - still...

Reboot.

Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/d...displaylang=en

Reboot.

and...

Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:

Close all Internet Explorer windows and other applications.

Start button -- RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
-- Click OK.

(If asked, select "Run.) -- Click on NEXT -- Select "I agree" and click on
NEXT -- When it finishes installing, click on "Finish"...

Reboot.

Then follow the instructions he

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Reboot.

Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.

Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.

In any case - no matter what - when you are done doing whatever you decide
to do - please - come back here and let everyone know what you did and
how things turned out.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software.

You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

http://www.microsoft.com/security/malwareremove/default.aspx

I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.

The security update you downloaded was probably a "Definitions" update.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.

The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me

See above.

3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I
did find some files but couldn't delete the main one.

The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.

See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)

Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it

You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to inquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related.

The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

However I won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update.

This is a reasonable assumption.

If that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??

Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!

Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.

Exactly which AVG product are you using? Be very precise.

Many thanks for your help.

When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

Do you have any other antimalware applications?

--
1PW

MS has been downloading this tool around here for quite some time (at least
two years). It is part of the monthly update package. That restore point
that you mentioned is the one which the monthly update package makes before
starting the update.

As for whether MRT corrupts or does not corrupt profiles is something that I
do not know. I do know that it never has corrupted any profiles on my
computers.

Before doing anything else, you should insure that there is no malware on
your system.

Jim
"lopar" wrote in message
...
Every month, around the 15th, my profile settings are corrupted and I have
to
do a system restore to get them back. The system generated restore point
immediately before this happens is labelled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some
point I
have accepted an EULA to download and run something called Malicious
Software
Reporting Tool, and recently (a few months ago) Microsoft announced that
they
would update this program each month (the second Tuesday of the month) and
it
would from then on automatically run a system check in the background for
malicious software. I checked on Google and there was one reference to
this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but
not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows
Defender
security update (which I assumed was unrelated), however the system has
now
been corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above -
I
did find some files but couldn't delete the main one.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but
evidently
that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious software
tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all
programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I
changed
the settings exactly as they suggested but I still kept getting that
message
10. in desperation rang them to enquire about paid support but they told
me
they would charge £60 (even if it were a 2 minute job!). I am not
prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates
for
Windows Defender either - assuming the 2 products are related. However I
won't know the outcome of that for another month since it only happens
once a
month.
If it is still causing a problem then I can only assume that the software
is
already installed and will run once a month anyway without an update. If
that's the case I need to know how to get into the system files to disable
it
- surely there must be a way ??

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent
many
hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.

Thanks ever so much for this very comprehensive reply. I am however somewhat
concencered by it, to say the least !
this seems to be a very drastic set of steps to take, which, if i understand
you correctly will disable a lot of stuff on my computer (even if it is
subsequently reenabled). For example
why would uninstall my browser (IE8)
why would i download MSRT maually when that is the thing i am trying to get
rid of
why defrag
why check drivers

all i am trying to do is remove the MSRT - everything else works fine.
I do have superantispyware and run it regularly, doesn't find anything
though (apart from the odd cookie)

i don't know how to save to the root of the C drive.....

the other post says i can simply delete the .exe file - i will try that first.
thanks again.

"Shenan Stanley" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and
I have to do a system restore to get them back. The system
generated restore point immediately before this happens is labelled
by the system 'Software Distribution Service 3.0'. On looking into
this it seems that at some point I have accepted an EULA to
download and run something called Malicious Software Reporting
Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the
month) and it would from then on automatically run a system check
in the background for malicious software. I checked on Google and
there was one reference to this potentially corrupting profile
settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic updates list, however this item is not listed on my
automatic updates (its not hidden either). I have therefore changed
my updates to notify me but not download or install. When the
program popped up a few days ago I did not therefore download it.
Yesterday however I did download a Windows Defender security update
(which I assumed was unrelated), however the system has now been
corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually
delete them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with
Windows Genuine Advantage, so I tried to remove that aswell as in 1
and 2 above - I did find some files but couldn't delete the main
one.
4. did a registry search to try and find these files and deleted a
few entries to at least cause the program to fall over (I hoped),
but evidently that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious
software tool - no effect (couldn't find Software Distribution
Service in ZA so couldn't block that)
6. tried to find either program in the applications tray to
disable it there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all
programs running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system kept telling me my settings weren't right to access that
service. I changed the settings exactly as they suggested but I
still kept getting that message
10. in desperation rang them to enquire about paid support but they
told me they would charge £60 (even if it were a 2 minute job!). I
am not prepared to pay that for what is after all a Microsoft's bug
!

The only other thing I can think of to do is to not download any
updates for Windows Defender either - assuming the 2 products are
related. However I won't know the outcome of that for another month
since it only happens once a month.
If it is still causing a problem then I can only assume that the
software is already installed and will run once a month anyway
without an update. If that's the case I need to know how to get
into the system files to disable it - surely there must be a way ??

Any help you can think of to give me would be very much appreciated
- I am certainly trying to fix it myself without asking anyone and
have spent many hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.

IMO: Drop ZA, use the Windows Firewall. More than enough for most and
doesn't come with the problems ZA users have been plagued with over the last
year or so.

Beyond that - cleanup and update your updating system. After you do this -
perhaps your system will be more stable and you won't have to be so
concerned.

Fix your file/registry permissions...

Ignore the title and follow the sub-section under "Advanced Troubleshooting"
titled, "Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
(** Ignore the last step - you should have SP3 installed - if not - you can
do that *later* - it is not necessary to continue with the cleanup.)

Reboot and ...

Search your registry for %fystem and replace the "f" with an "s". May be
three or four matches, may be none. You may even have to take ownership
(even after doing the above) of the keys in order to make the change.

Reboot and ...

Download/install this:
http://support.microsoft.com/kb/290301

After installing, do the following:

Start button -- RUN -- type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
-- Click OK.
(The quotation marks and percentage signs and spacing should be exact.)

Download, install, run, update and perform a full scan (separately) with the
following two applications (freeware versions are the ones to use for this):

SuperAntiSpyware
http://www.superantispyware.com/

MalwareBytes
http://www.malwarebytes.com/

After performing a full scan with one and then the other and removing
whatever they both find completely, you may uninstall these products,
if you wish.

Download and run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

Reboot.

CHKDSK
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot

Defragment
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time

Ensure your hardware drivers are up to date (from the hardware
manufacturer's respective web pages.) Never get hardware drivers
for hardware that was not created/sold by Microsoft from Microsoft.
Installing the latest updates may have you rebooting several times,
which is fine - but after you are sure you are done - still...

Reboot.

Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/d...displaylang=en

Reboot.

and...

Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the root
of the C:\ drive, do the following:

Close all Internet Explorer windows and other applications.

Start button -- RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
-- Click OK.

(If asked, select "Run.) -- Click on NEXT -- Select "I agree" and click on
NEXT -- When it finishes installing, click on "Finish"...

Reboot.

Then follow the instructions he

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Reboot.

Log on as an user with administrative rights and open Internet Explorer
and visit http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to install
Internet Explorer 8 at this time.

Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back and
ask here about that step and let someone walk you through it.

In any case - no matter what - when you are done doing whatever you decide
to do - please - come back here and let everyone know what you did and
how things turned out.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software.

You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry

http://www.microsoft.com/security/malwareremove/default.aspx

what is this link for please?

I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.

The security update you downloaded was probably a "Definitions" update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.

The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its due
to run next time ?
2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me

See above.

3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I
did find some files but couldn't delete the main one.

The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.

See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)

Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it

You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to inquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related.

The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then
However I won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update.

This is a reasonable assumption.

If that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??

Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!

Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.

Exactly which AVG product are you using? Be very precise.

its the free version
Many thanks for your help.

When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no other
changes that i am aware of.
Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

thanks for your help.
--
1PW

lopar wrote:

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry
http://www.microsoft.com/security/malwareremove/default.aspx

what is this link for please?

It was there to validate the name I gave you.


I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.
The security update you downloaded was probably a "Definitions" update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its due
to run next time ?

No. However, I sincerely believe this is a move in the wrong
direction. If your goal is to temporarily delete MRT.exe to see what
happens, OK. I would reinstall it afterward though.

2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
See above.

3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to inquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then

Excellent.

However I won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.

If that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??
Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!
Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.

its the free version

I'm afraid that's not very precise of you! You are not giving away
security secrets about yourself. Precisely what version is it?

Many thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no other
changes that i am aware of.

Had you recently installed any applications or utilities?

Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

You may wish to add MBAM to your lineup:

http://www.malwarebytes.org/


thanks for your help.
--
1PW


Shenan has passed you a very good method for doing a comprehensive
clean-up of your system.

All though we read many posts that extol the virtues of IE8, we also
see many anecdotal stories of falling back to IE7 because of slowness
or obscure troubles.

Downloading MSRT again assures you that your copy is corruption free.

--
1PW

lopar

Do you have Zone Alarm installed? It is the cause of this issue. Uninstall ZA before
downloading the Malicious Software and any Defender Updates. Best to remove ZA and
use the built in Windows Firewall which does a better job anyway

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"lopar" wrote in message
...
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labelled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software. I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I
did find some files but couldn't delete the main one.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to enquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related. However I
won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update. If
that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.

OK, i have tried to find the mrt.exe file using search inc hidden files and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the first
time i have ever posted anything anywhere, you say the file might be located
in /is/ - is that a file location, or a piece of jargon or soemthing else - i
genuinely don't know what that means (or am i being too literal and you just
mean is !))

i am beginning to think its not mrt after all but somehting else. however
what could possibly delete my settings every 15th of the month ?

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

i can't say for sure about having installed any applications or utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

"1PW" wrote:

lopar wrote:

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry
http://www.microsoft.com/security/malwareremove/default.aspx

what is this link for please?

It was there to validate the name I gave you.


I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.
The security update you downloaded was probably a "Definitions" update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its due
to run next time ?

No. However, I sincerely believe this is a move in the wrong
direction. If your goal is to temporarily delete MRT.exe to see what
happens, OK. I would reinstall it afterward though.

2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
See above.

3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to inquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then

Excellent.

However I won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.

If that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??
Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!
Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.

its the free version

I'm afraid that's not very precise of you! You are not giving away
security secrets about yourself. Precisely what version is it?

Many thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no other
changes that i am aware of.

Had you recently installed any applications or utilities?

Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

You may wish to add MBAM to your lineup:

http://www.malwarebytes.org/


thanks for your help.
--
1PW


Shenan has passed you a very good method for doing a comprehensive
clean-up of your system.

All though we read many posts that extol the virtues of IE8, we also
see many anecdotal stories of falling back to IE7 because of slowness
or obscure troubles.

Downloading MSRT again assures you that your copy is corruption free.

--
1PW

On my system, the file MRT.exe is located in c:\windows\system32. It is not
a hidden, system file.
As Windows is not case sensitive, mrt.exe and MRT.exe are just two ways to
spell the name of the malicious software removal tool.
Jim
"lopar" wrote in message
...
OK, i have tried to find the mrt.exe file using search inc hidden files
and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the
first
time i have ever posted anything anywhere, you say the file might be
located
in /is/ - is that a file location, or a piece of jargon or soemthing
else - i
genuinely don't know what that means (or am i being too literal and you
just
mean is !))

i am beginning to think its not mrt after all but somehting else. however
what could possibly delete my settings every 15th of the month ?

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

i can't say for sure about having installed any applications or
utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

"1PW" wrote:

lopar wrote:

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I
have to
do a system restore to get them back. The system generated restore
point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some
point I
have accepted an EULA to download and run something called Malicious
Software
Reporting Tool, and recently (a few months ago) Microsoft announced
that they
would update this program each month (the second Tuesday of the
month) and it
would from then on automatically run a system check in the background
for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry
http://www.microsoft.com/security/malwareremove/default.aspx

what is this link for please?

It was there to validate the name I gave you.


I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic
updates list, however this item is not listed on my automatic updates
(its
not hidden either). I have therefore changed my updates to notify me
but not
download or install. When the program popped up a few days ago I did
not
therefore download it. Yesterday however I did download a Windows
Defender
security update (which I assumed was unrelated), however the system
has now
been corrupted again.
The security update you downloaded was probably a "Definitions"
update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its
due
to run next time ?

No. However, I sincerely believe this is a move in the wrong
direction. If your goal is to temporarily delete MRT.exe to see what
happens, OK. I would reinstall it afterward though.

2. searched for the individual files in the directory to manually
delete
them - they seemed to be system files and it wouldn't let me
See above.

3. I found a reference to this tool working in conjunction with
Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2
above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a
few
entries to at least cause the program to fall over (I hoped), but
evidently
that didn't work either.
See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious
software tool
- no effect (couldn't find Software Distribution Service in ZA so
couldn't
block that)
Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable
it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all
programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system
kept telling me my settings weren't right to access that service. I
changed
the settings exactly as they suggested but I still kept getting that
message
10. in desperation rang them to inquire about paid support but they
told me
they would charge £60 (even if it were a 2 minute job!). I am not
prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any
updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then

Excellent.

However I won't know the outcome of that for another month since it
only happens once a
month.
If it is still causing a problem then I can only assume that the
software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.

If that's the case I need to know how to get into the system files to
disable it
- surely there must be a way ??
Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated -
I am
certainly trying to fix it myself without asking anyone and have
spent many
hours doing so, but I am at a dead end!
Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.

its the free version

I'm afraid that's not very precise of you! You are not giving away
security secrets about yourself. Precisely what version is it?

Many thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no
other
changes that i am aware of.

Had you recently installed any applications or utilities?

Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time
because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

You may wish to add MBAM to your lineup:

http://www.malwarebytes.org/


thanks for your help.
--
1PW


Shenan has passed you a very good method for doing a comprehensive
clean-up of your system.

All though we read many posts that extol the virtues of IE8, we also
see many anecdotal stories of falling back to IE7 because of slowness
or obscure troubles.

Downloading MSRT again assures you that your copy is corruption free.

--
1PW

lopar wrote:
OK, i have tried to find the MRT.exe file using search inc hidden files and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the first
time i have ever posted anything anywhere, you say the file might be located
in /is/ - is that a file location, or a piece of jargon or something else - i
genuinely don't know what that means (or am i being too literal and you just
mean is !))

Unfortunately the devil is in the details...

If the standard issued Microsoft Malicious Software Removal Tool is
installed in its usual location, it should be at:

C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size

I tied to make everything case perfect as it would be in your system.

I checked on one of my systems and MRT.exe can definitely be deleted.

i am beginning to think its not MRT after all but something else. however
what could possibly delete my settings every 15th of the month ?

I never did. You could set MRT to scan on some other date to
eliminate this theory.

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

That's the latest free version of AVG and that's very good.

i can't say for sure about having installed any applications or utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

Maybe not. I was hoping your memory might help here.

--
1PW

Thansk very much again. there is nothing in explorer by that name, in
windows there is a SYSTEM32 but its in capiltals, not lower case as yours was
(does that matter?) but there are no mrt entries at all in the system32 area
when i expand it.
if i can't locate mrt presumably i can't set it to scan on a defferent date?
someone else has said the probelm is cuased by zone alarm. i can't find any
refernces on google to this - do you think that might be correct ?

"1PW" wrote:

lopar wrote:
OK, i have tried to find the MRT.exe file using search inc hidden files and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the first
time i have ever posted anything anywhere, you say the file might be located
in /is/ - is that a file location, or a piece of jargon or something else - i
genuinely don't know what that means (or am i being too literal and you just
mean is !))

Unfortunately the devil is in the details...

If the standard issued Microsoft Malicious Software Removal Tool is
installed in its usual location, it should be at:

C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size

I tied to make everything case perfect as it would be in your system.

I checked on one of my systems and MRT.exe can definitely be deleted.

i am beginning to think its not MRT after all but something else. however
what could possibly delete my settings every 15th of the month ?

I never did. You could set MRT to scan on some other date to
eliminate this theory.

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

That's the latest free version of AVG and that's very good.

i can't say for sure about having installed any applications or utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

Maybe not. I was hoping your memory might help here.

--
1PW

OK thanks but its defintielty not there, caps or not. now i'm stuck

"Jim" wrote:

On my system, the file MRT.exe is located in c:\windows\system32. It is not
a hidden, system file.
As Windows is not case sensitive, mrt.exe and MRT.exe are just two ways to
spell the name of the malicious software removal tool.
Jim
"lopar" wrote in message
...
OK, i have tried to find the mrt.exe file using search inc hidden files
and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the
first
time i have ever posted anything anywhere, you say the file might be
located
in /is/ - is that a file location, or a piece of jargon or soemthing
else - i
genuinely don't know what that means (or am i being too literal and you
just
mean is !))

i am beginning to think its not mrt after all but somehting else. however
what could possibly delete my settings every 15th of the month ?

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?

i can't say for sure about having installed any applications or
utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?

"1PW" wrote:

lopar wrote:

"1PW" wrote:

lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I
have to
do a system restore to get them back. The system generated restore
point
immediately before this happens is labeled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some
point I
have accepted an EULA to download and run something called Malicious
Software
Reporting Tool, and recently (a few months ago) Microsoft announced
that they
would update this program each month (the second Tuesday of the
month) and it
would from then on automatically run a system check in the background
for
malicious software.
You may have transcribed the name incorrectly. Is it possible you
meant "Removal" instead of "Reporting"?

yes i do mean Removal sorry
http://www.microsoft.com/security/malwareremove/default.aspx

what is this link for please?

It was there to validate the name I gave you.


I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic
updates list, however this item is not listed on my automatic updates
(its
not hidden either). I have therefore changed my updates to notify me
but not
download or install. When the program popped up a few days ago I did
not
therefore download it. Yesterday however I did download a Windows
Defender
security update (which I assumed was unrelated), however the system
has now
been corrupted again.
The security update you downloaded was probably a "Definitions"
update.

yes it was
Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
The files is located at C:\WINDOWS\system32\MRT.exe and /is/
definitely able to be deleted.

i will definitely try this, but will it simply recreate itself when its
due
to run next time ?

No. However, I sincerely believe this is a move in the wrong
direction. If your goal is to temporarily delete MRT.exe to see what
happens, OK. I would reinstall it afterward though.

2. searched for the individual files in the directory to manually
delete
them - they seemed to be system files and it wouldn't let me
See above.

3. I found a reference to this tool working in conjunction with
Windows
Genuine Advantage, so I tried to remove that as well as in 1 and 2
above - I
did find some files but couldn't delete the main one.
The relationship between the two is almost non-existent. Furthermore,
indiscriminate file removals may render your system even further
impaired and possibly un-usable.

4. did a registry search to try and find these files and deleted a
few
entries to at least cause the program to fall over (I hoped), but
evidently
that didn't work either.
See above. Not good!

5. checked my firewall (zone alarm) and blocked the malicious
software tool
- no effect (couldn't find Software Distribution Service in ZA so
couldn't
block that)
Once MRT.exe is deleted it can't be executed.

6. tried to find either program in the applications tray to disable
it
there (control alt delete) but couldn't see it
You brought up "Task Manager", and Task Manager displays running
applications. While running, Windows Defender is a "Process".

7. tried to block it in Windows Defender (in the bit that lists all
programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system
kept telling me my settings weren't right to access that service. I
changed
the settings exactly as they suggested but I still kept getting that
message
10. in desperation rang them to inquire about paid support but they
told me
they would charge £60 (even if it were a 2 minute job!). I am not
prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any
updates for
Windows Defender either - assuming the 2 products are related.
The are related only by birth...

Keeping your system from being updated is "Cutting off your nose to
spite your face".

ok i will keep downloading updates then

Excellent.

However I won't know the outcome of that for another month since it
only happens once a
month.
If it is still causing a problem then I can only assume that the
software is
already installed and will run once a month anyway without an update.
This is a reasonable assumption.

If that's the case I need to know how to get into the system files to
disable it
- surely there must be a way ??
Surely there must be a *better* way!

Any help you can think of to give me would be very much appreciated -
I am
certainly trying to fix it myself without asking anyone and have
spent many
hours doing so, but I am at a dead end!
Only temporarily...

For info I am running Windows XP Home, SP3, with AVG and ZA.
Exactly which AVG product are you using? Be very precise.

its the free version

I'm afraid that's not very precise of you! You are not giving away
security secrets about yourself. Precisely what version is it?

Many thanks for your help.
When did this original trouble first start? Can you relate any other
system changes at that time with this trouble?

it started an few months ago and happens once a month around 15th. no
other
changes that i am aware of.

Had you recently installed any applications or utilities?

Do you have any other antimalware applications?

yes, spybot, superantispyware, defender, ad-aware anniversary edition,
spyware doctor (though i have to disable this one from real time
because it
takes up too much resources). all are free versions and i run them all
monthly. don't generally find anything significant on any of them.

You may wish to add MBAM to your lineup:

http://www.malwarebytes.org/


thanks for your help.
--
1PW


Shenan has passed you a very good method for doing a comprehensive
clean-up of your system.

All though we read many posts that extol the virtues of IE8, we also
see many anecdotal stories of falling back to IE7 because of slowness
or obscure troubles.

Downloading MSRT again assures you that your copy is corruption free.

--
1PW

lopar wrote:
Thanks very much again. there is nothing in explorer by that name, in
windows there is a SYSTEM32 but its in capitals, not lower case as yours was
(does that matter?)

That is suspicious.

Have you seen the corruption this month?

but there are no mrt entries at all in the system32 area when i expand it.
if i can't locate mrt presumably i can't set it to scan on a different date?
someone else has said the problem is caused by zone alarm. i can't find any
references on google to this - do you think that might be correct ?

"1PW" wrote:

lopar wrote:
OK, i have tried to find the MRT.exe file using search inc hidden files and
system files. there was nothing except an ie log text file.
(by the way, and please don't think i am being funny since this is the first
time i have ever posted anything anywhere, you say the file might be located
in /is/ - is that a file location, or a piece of jargon or something else - i
genuinely don't know what that means (or am i being too literal and you just
mean is !))
Unfortunately the devil is in the details...

If the standard issued Microsoft Malicious Software Removal Tool is
installed in its usual location, it should be at:

C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size

I tied to make everything case perfect as it would be in your system.

I checked on one of my systems and MRT.exe can definitely be deleted.

i am beginning to think its not MRT after all but something else. however
what could possibly delete my settings every 15th of the month ?
I never did. You could set MRT to scan on some other date to
eliminate this theory.

sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ?
That's the latest free version of AVG and that's very good.

i can't say for sure about having installed any applications or utilities -
i don't recall doing so. would a check on add remove programs by date be
sufficient to tell me ?
Maybe not. I was hoping your memory might help here.

--
1PW



--
1PW

Yes i do. can i ask how you know this to be the case - i have checked around
some sites but can't find refernces to za casuing a loss of settings when
getting a security update. is there a link you could give me ?
is it just certain versions of za ? i have 8.0.298 is there a fix in za -
i am reluctant to get rid of it.
or alternatively would it be enough to shut za down whilst installing
updates (and use windows firewall temporarily) then start it up again
afterwards ?
thanks for your help
"Peter Foldes" wrote:

lopar

Do you have Zone Alarm installed? It is the cause of this issue. Uninstall ZA before
downloading the Malicious Software and any Defender Updates. Best to remove ZA and
use the built in Windows Firewall which does a better job anyway

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"lopar" wrote in message
...
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point
immediately before this happens is labelled by the system 'Software
Distribution Service 3.0'. On looking into this it seems that at some point I
have accepted an EULA to download and run something called Malicious Software
Reporting Tool, and recently (a few months ago) Microsoft announced that they
would update this program each month (the second Tuesday of the month) and it
would from then on automatically run a system check in the background for
malicious software. I checked on Google and there was one reference to this
potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the automatic
updates list, however this item is not listed on my automatic updates (its
not hidden either). I have therefore changed my updates to notify me but not
download or install. When the program popped up a few days ago I did not
therefore download it. Yesterday however I did download a Windows Defender
security update (which I assumed was unrelated), however the system has now
been corrupted again.

Things I have done to try and fix this

1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually delete
them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with Windows
Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I
did find some files but couldn't delete the main one.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but evidently
that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious software tool
- no effect (couldn't find Software Distribution Service in ZA so couldn't
block that)
6. tried to find either program in the applications tray to disable it
there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all programs
running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the system
kept telling me my settings weren't right to access that service. I changed
the settings exactly as they suggested but I still kept getting that message
10. in desperation rang them to enquire about paid support but they told me
they would charge £60 (even if it were a 2 minute job!). I am not prepared
to pay that for what is after all a Microsoft's bug !

The only other thing I can think of to do is to not download any updates for
Windows Defender either - assuming the 2 products are related. However I
won't know the outcome of that for another month since it only happens once a
month.
If it is still causing a problem then I can only assume that the software is
already installed and will run once a month anyway without an update. If
that's the case I need to know how to get into the system files to disable it
- surely there must be a way ??

Any help you can think of to give me would be very much appreciated - I am
certainly trying to fix it myself without asking anyone and have spent many
hours doing so, but I am at a dead end!

For info I am running Windows XP Home, SP3, with AVG and ZA.

Many thanks for your help.