If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
malicious software removal tool
Every month, around the 15th, my profile settings are corrupted and I have to
do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. |
Ads |
#2
|
|||
|
|||
malicious software removal tool
lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. IMO: Drop ZA, use the Windows Firewall. More than enough for most and doesn't come with the problems ZA users have been plagued with over the last year or so. Beyond that - cleanup and update your updating system. After you do this - perhaps your system will be more stable and you won't have to be so concerned. Fix your file/registry permissions... Ignore the title and follow the sub-section under "Advanced Troubleshooting" titled, "Method 1: Reset the registry and the file permissions" http://support.microsoft.com/kb/949377 *will take time (** Ignore the last step - you should have SP3 installed - if not - you can do that *later* - it is not necessary to continue with the cleanup.) Reboot and ... Search your registry for %fystem and replace the "f" with an "s". May be three or four matches, may be none. You may even have to take ownership (even after doing the above) of the keys in order to make the change. Reboot and ... Download/install this: http://support.microsoft.com/kb/290301 After installing, do the following: Start button -- RUN -- type in: "%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g! -- Click OK. (The quotation marks and percentage signs and spacing should be exact.) Download, install, run, update and perform a full scan (separately) with the following two applications (freeware versions are the ones to use for this): SuperAntiSpyware http://www.superantispyware.com/ MalwareBytes http://www.malwarebytes.com/ After performing a full scan with one and then the other and removing whatever they both find completely, you may uninstall these products, if you wish. Download and run the MSRT manually: http://www.microsoft.com/security/ma...e/default.mspx Reboot. CHKDSK How to scan your disks for errors http://support.microsoft.com/kb/315265 * will take time and a reboot Defragment How to Defragment your hard drives http://support.microsoft.com/kb/314848 * will take time Ensure your hardware drivers are up to date (from the hardware manufacturer's respective web pages.) Never get hardware drivers for hardware that was not created/sold by Microsoft from Microsoft. Installing the latest updates may have you rebooting several times, which is fine - but after you are sure you are done - still... Reboot. Download/Install the latest Windows Installer (for your OS): ( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe ) http://www.microsoft.com/downloadS/d...displaylang=en Reboot. and... Download the latest version of the Windows Update agent from here (x86): http://go.microsoft.com/fwlink/?LinkID=91237 .... and save it to the root of your C:\ drive. After saving it to the root of the C:\ drive, do the following: Close all Internet Explorer windows and other applications. Start button -- RUN and type in: %SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE -- Click OK. (If asked, select "Run.) -- Click on NEXT -- Select "I agree" and click on NEXT -- When it finishes installing, click on "Finish"... Reboot. Then follow the instructions he How do I reset Windows Update components? http://support.microsoft.com/kb/971058 Reboot. Log on as an user with administrative rights and open Internet Explorer and visit http://windowsupdate.microsoft.com/ and select to do a CUSTOM scan... Every time you are about to click on something while at these web pages - first press and hold down the CTRL key while you click on it. You can release the CTRL key after clicking each time. Once the scan is done, select just _ONE_ of the high priority updates (deselect any others) and install it. Reboot again. If it did work - try the web page again - selecting no more than 3-5 at a time. Rebooting as needed. The Optional Software updates are generally safe - although I recommend against the "Windows Search" one and any of the "Office Live" ones or "Windows Live" ones for now. I would completely avoid the Optional Hardware updates. Also - I do not see any urgent need to install Internet Explorer 8 at this time. Seriously - do all that. This is like antibiotics - don't skip a single step, don't quit because you think things will be okay now - go through until the end, until you have done everything given in the order given. If you have a problem with a step come ask and let someone here get you through that step. If you don't understand how to do a step, come back and ask here about that step and let someone walk you through it. In any case - no matter what - when you are done doing whatever you decide to do - please - come back here and let everyone know what you did and how things turned out. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#3
|
|||
|
|||
malicious software removal tool
lopar wrote:
Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? http://www.microsoft.com/security/malwareremove/default.aspx I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? Do you have any other antimalware applications? -- 1PW |
#4
|
|||
|
|||
malicious software removal tool
MS has been downloading this tool around here for quite some time (at least
two years). It is part of the monthly update package. That restore point that you mentioned is the one which the monthly update package makes before starting the update. As for whether MRT corrupts or does not corrupt profiles is something that I do not know. I do know that it never has corrupted any profiles on my computers. Before doing anything else, you should insure that there is no malware on your system. Jim "lopar" wrote in message ... Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. |
#5
|
|||
|
|||
malicious software removal tool
Thanks ever so much for this very comprehensive reply. I am however somewhat
concencered by it, to say the least ! this seems to be a very drastic set of steps to take, which, if i understand you correctly will disable a lot of stuff on my computer (even if it is subsequently reenabled). For example why would uninstall my browser (IE8) why would i download MSRT maually when that is the thing i am trying to get rid of why defrag why check drivers all i am trying to do is remove the MSRT - everything else works fine. I do have superantispyware and run it regularly, doesn't find anything though (apart from the odd cookie) i don't know how to save to the root of the C drive..... the other post says i can simply delete the .exe file - i will try that first. thanks again. "Shenan Stanley" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. IMO: Drop ZA, use the Windows Firewall. More than enough for most and doesn't come with the problems ZA users have been plagued with over the last year or so. Beyond that - cleanup and update your updating system. After you do this - perhaps your system will be more stable and you won't have to be so concerned. Fix your file/registry permissions... Ignore the title and follow the sub-section under "Advanced Troubleshooting" titled, "Method 1: Reset the registry and the file permissions" http://support.microsoft.com/kb/949377 *will take time (** Ignore the last step - you should have SP3 installed - if not - you can do that *later* - it is not necessary to continue with the cleanup.) Reboot and ... Search your registry for %fystem and replace the "f" with an "s". May be three or four matches, may be none. You may even have to take ownership (even after doing the above) of the keys in order to make the change. Reboot and ... Download/install this: http://support.microsoft.com/kb/290301 After installing, do the following: Start button -- RUN -- type in: "%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g! -- Click OK. (The quotation marks and percentage signs and spacing should be exact.) Download, install, run, update and perform a full scan (separately) with the following two applications (freeware versions are the ones to use for this): SuperAntiSpyware http://www.superantispyware.com/ MalwareBytes http://www.malwarebytes.com/ After performing a full scan with one and then the other and removing whatever they both find completely, you may uninstall these products, if you wish. Download and run the MSRT manually: http://www.microsoft.com/security/ma...e/default.mspx Reboot. CHKDSK How to scan your disks for errors http://support.microsoft.com/kb/315265 * will take time and a reboot Defragment How to Defragment your hard drives http://support.microsoft.com/kb/314848 * will take time Ensure your hardware drivers are up to date (from the hardware manufacturer's respective web pages.) Never get hardware drivers for hardware that was not created/sold by Microsoft from Microsoft. Installing the latest updates may have you rebooting several times, which is fine - but after you are sure you are done - still... Reboot. Download/Install the latest Windows Installer (for your OS): ( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe ) http://www.microsoft.com/downloadS/d...displaylang=en Reboot. and... Download the latest version of the Windows Update agent from here (x86): http://go.microsoft.com/fwlink/?LinkID=91237 .... and save it to the root of your C:\ drive. After saving it to the root of the C:\ drive, do the following: Close all Internet Explorer windows and other applications. Start button -- RUN and type in: %SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE -- Click OK. (If asked, select "Run.) -- Click on NEXT -- Select "I agree" and click on NEXT -- When it finishes installing, click on "Finish"... Reboot. Then follow the instructions he How do I reset Windows Update components? http://support.microsoft.com/kb/971058 Reboot. Log on as an user with administrative rights and open Internet Explorer and visit http://windowsupdate.microsoft.com/ and select to do a CUSTOM scan... Every time you are about to click on something while at these web pages - first press and hold down the CTRL key while you click on it. You can release the CTRL key after clicking each time. Once the scan is done, select just _ONE_ of the high priority updates (deselect any others) and install it. Reboot again. If it did work - try the web page again - selecting no more than 3-5 at a time. Rebooting as needed. The Optional Software updates are generally safe - although I recommend against the "Windows Search" one and any of the "Office Live" ones or "Windows Live" ones for now. I would completely avoid the Optional Hardware updates. Also - I do not see any urgent need to install Internet Explorer 8 at this time. Seriously - do all that. This is like antibiotics - don't skip a single step, don't quit because you think things will be okay now - go through until the end, until you have done everything given in the order given. If you have a problem with a step come ask and let someone here get you through that step. If you don't understand how to do a step, come back and ask here about that step and let someone walk you through it. In any case - no matter what - when you are done doing whatever you decide to do - please - come back here and let everyone know what you did and how things turned out. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#6
|
|||
|
|||
malicious software removal tool
"1PW" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? yes i do mean Removal sorry http://www.microsoft.com/security/malwareremove/default.aspx what is this link for please? I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. yes it was Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. i will definitely try this, but will it simply recreate itself when its due to run next time ? 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". ok i will keep downloading updates then However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. its the free version Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? it started an few months ago and happens once a month around 15th. no other changes that i am aware of. Do you have any other antimalware applications? yes, spybot, superantispyware, defender, ad-aware anniversary edition, spyware doctor (though i have to disable this one from real time because it takes up too much resources). all are free versions and i run them all monthly. don't generally find anything significant on any of them. thanks for your help. -- 1PW |
#7
|
|||
|
|||
malicious software removal tool
lopar wrote:
"1PW" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? yes i do mean Removal sorry http://www.microsoft.com/security/malwareremove/default.aspx what is this link for please? It was there to validate the name I gave you. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. yes it was Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. i will definitely try this, but will it simply recreate itself when its due to run next time ? No. However, I sincerely believe this is a move in the wrong direction. If your goal is to temporarily delete MRT.exe to see what happens, OK. I would reinstall it afterward though. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". ok i will keep downloading updates then Excellent. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. its the free version I'm afraid that's not very precise of you! You are not giving away security secrets about yourself. Precisely what version is it? Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? it started an few months ago and happens once a month around 15th. no other changes that i am aware of. Had you recently installed any applications or utilities? Do you have any other antimalware applications? yes, spybot, superantispyware, defender, ad-aware anniversary edition, spyware doctor (though i have to disable this one from real time because it takes up too much resources). all are free versions and i run them all monthly. don't generally find anything significant on any of them. You may wish to add MBAM to your lineup: http://www.malwarebytes.org/ thanks for your help. -- 1PW Shenan has passed you a very good method for doing a comprehensive clean-up of your system. All though we read many posts that extol the virtues of IE8, we also see many anecdotal stories of falling back to IE7 because of slowness or obscure troubles. Downloading MSRT again assures you that your copy is corruption free. -- 1PW |
#8
|
|||
|
|||
malicious software removal tool
lopar
Do you have Zone Alarm installed? It is the cause of this issue. Uninstall ZA before downloading the Malicious Software and any Defender Updates. Best to remove ZA and use the built in Windows Firewall which does a better job anyway -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "lopar" wrote in message ... Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. |
#9
|
|||
|
|||
malicious software removal tool
OK, i have tried to find the mrt.exe file using search inc hidden files and
system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or soemthing else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) i am beginning to think its not mrt after all but somehting else. however what could possibly delete my settings every 15th of the month ? sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? "1PW" wrote: lopar wrote: "1PW" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? yes i do mean Removal sorry http://www.microsoft.com/security/malwareremove/default.aspx what is this link for please? It was there to validate the name I gave you. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. yes it was Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. i will definitely try this, but will it simply recreate itself when its due to run next time ? No. However, I sincerely believe this is a move in the wrong direction. If your goal is to temporarily delete MRT.exe to see what happens, OK. I would reinstall it afterward though. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". ok i will keep downloading updates then Excellent. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. its the free version I'm afraid that's not very precise of you! You are not giving away security secrets about yourself. Precisely what version is it? Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? it started an few months ago and happens once a month around 15th. no other changes that i am aware of. Had you recently installed any applications or utilities? Do you have any other antimalware applications? yes, spybot, superantispyware, defender, ad-aware anniversary edition, spyware doctor (though i have to disable this one from real time because it takes up too much resources). all are free versions and i run them all monthly. don't generally find anything significant on any of them. You may wish to add MBAM to your lineup: http://www.malwarebytes.org/ thanks for your help. -- 1PW Shenan has passed you a very good method for doing a comprehensive clean-up of your system. All though we read many posts that extol the virtues of IE8, we also see many anecdotal stories of falling back to IE7 because of slowness or obscure troubles. Downloading MSRT again assures you that your copy is corruption free. -- 1PW |
#10
|
|||
|
|||
malicious software removal tool
On my system, the file MRT.exe is located in c:\windows\system32. It is not
a hidden, system file. As Windows is not case sensitive, mrt.exe and MRT.exe are just two ways to spell the name of the malicious software removal tool. Jim "lopar" wrote in message ... OK, i have tried to find the mrt.exe file using search inc hidden files and system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or soemthing else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) i am beginning to think its not mrt after all but somehting else. however what could possibly delete my settings every 15th of the month ? sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? "1PW" wrote: lopar wrote: "1PW" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? yes i do mean Removal sorry http://www.microsoft.com/security/malwareremove/default.aspx what is this link for please? It was there to validate the name I gave you. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. yes it was Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. i will definitely try this, but will it simply recreate itself when its due to run next time ? No. However, I sincerely believe this is a move in the wrong direction. If your goal is to temporarily delete MRT.exe to see what happens, OK. I would reinstall it afterward though. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". ok i will keep downloading updates then Excellent. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. its the free version I'm afraid that's not very precise of you! You are not giving away security secrets about yourself. Precisely what version is it? Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? it started an few months ago and happens once a month around 15th. no other changes that i am aware of. Had you recently installed any applications or utilities? Do you have any other antimalware applications? yes, spybot, superantispyware, defender, ad-aware anniversary edition, spyware doctor (though i have to disable this one from real time because it takes up too much resources). all are free versions and i run them all monthly. don't generally find anything significant on any of them. You may wish to add MBAM to your lineup: http://www.malwarebytes.org/ thanks for your help. -- 1PW Shenan has passed you a very good method for doing a comprehensive clean-up of your system. All though we read many posts that extol the virtues of IE8, we also see many anecdotal stories of falling back to IE7 because of slowness or obscure troubles. Downloading MSRT again assures you that your copy is corruption free. -- 1PW |
#11
|
|||
|
|||
malicious software removal tool
lopar wrote:
OK, i have tried to find the MRT.exe file using search inc hidden files and system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or something else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) Unfortunately the devil is in the details... If the standard issued Microsoft Malicious Software Removal Tool is installed in its usual location, it should be at: C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size I tied to make everything case perfect as it would be in your system. I checked on one of my systems and MRT.exe can definitely be deleted. i am beginning to think its not MRT after all but something else. however what could possibly delete my settings every 15th of the month ? I never did. You could set MRT to scan on some other date to eliminate this theory. sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? That's the latest free version of AVG and that's very good. i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? Maybe not. I was hoping your memory might help here. -- 1PW |
#12
|
|||
|
|||
malicious software removal tool
Thansk very much again. there is nothing in explorer by that name, in
windows there is a SYSTEM32 but its in capiltals, not lower case as yours was (does that matter?) but there are no mrt entries at all in the system32 area when i expand it. if i can't locate mrt presumably i can't set it to scan on a defferent date? someone else has said the probelm is cuased by zone alarm. i can't find any refernces on google to this - do you think that might be correct ? "1PW" wrote: lopar wrote: OK, i have tried to find the MRT.exe file using search inc hidden files and system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or something else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) Unfortunately the devil is in the details... If the standard issued Microsoft Malicious Software Removal Tool is installed in its usual location, it should be at: C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size I tied to make everything case perfect as it would be in your system. I checked on one of my systems and MRT.exe can definitely be deleted. i am beginning to think its not MRT after all but something else. however what could possibly delete my settings every 15th of the month ? I never did. You could set MRT to scan on some other date to eliminate this theory. sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? That's the latest free version of AVG and that's very good. i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? Maybe not. I was hoping your memory might help here. -- 1PW |
#13
|
|||
|
|||
malicious software removal tool
OK thanks but its defintielty not there, caps or not. now i'm stuck
"Jim" wrote: On my system, the file MRT.exe is located in c:\windows\system32. It is not a hidden, system file. As Windows is not case sensitive, mrt.exe and MRT.exe are just two ways to spell the name of the malicious software removal tool. Jim "lopar" wrote in message ... OK, i have tried to find the mrt.exe file using search inc hidden files and system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or soemthing else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) i am beginning to think its not mrt after all but somehting else. however what could possibly delete my settings every 15th of the month ? sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? "1PW" wrote: lopar wrote: "1PW" wrote: lopar wrote: Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labeled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. You may have transcribed the name incorrectly. Is it possible you meant "Removal" instead of "Reporting"? yes i do mean Removal sorry http://www.microsoft.com/security/malwareremove/default.aspx what is this link for please? It was there to validate the name I gave you. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. The security update you downloaded was probably a "Definitions" update. yes it was Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. The files is located at C:\WINDOWS\system32\MRT.exe and /is/ definitely able to be deleted. i will definitely try this, but will it simply recreate itself when its due to run next time ? No. However, I sincerely believe this is a move in the wrong direction. If your goal is to temporarily delete MRT.exe to see what happens, OK. I would reinstall it afterward though. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me See above. 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that as well as in 1 and 2 above - I did find some files but couldn't delete the main one. The relationship between the two is almost non-existent. Furthermore, indiscriminate file removals may render your system even further impaired and possibly un-usable. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. See above. Not good! 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) Once MRT.exe is deleted it can't be executed. 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it You brought up "Task Manager", and Task Manager displays running applications. While running, Windows Defender is a "Process". 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to inquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. The are related only by birth... Keeping your system from being updated is "Cutting off your nose to spite your face". ok i will keep downloading updates then Excellent. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. This is a reasonable assumption. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Surely there must be a *better* way! Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! Only temporarily... For info I am running Windows XP Home, SP3, with AVG and ZA. Exactly which AVG product are you using? Be very precise. its the free version I'm afraid that's not very precise of you! You are not giving away security secrets about yourself. Precisely what version is it? Many thanks for your help. When did this original trouble first start? Can you relate any other system changes at that time with this trouble? it started an few months ago and happens once a month around 15th. no other changes that i am aware of. Had you recently installed any applications or utilities? Do you have any other antimalware applications? yes, spybot, superantispyware, defender, ad-aware anniversary edition, spyware doctor (though i have to disable this one from real time because it takes up too much resources). all are free versions and i run them all monthly. don't generally find anything significant on any of them. You may wish to add MBAM to your lineup: http://www.malwarebytes.org/ thanks for your help. -- 1PW Shenan has passed you a very good method for doing a comprehensive clean-up of your system. All though we read many posts that extol the virtues of IE8, we also see many anecdotal stories of falling back to IE7 because of slowness or obscure troubles. Downloading MSRT again assures you that your copy is corruption free. -- 1PW |
#14
|
|||
|
|||
malicious software removal tool
lopar wrote:
Thanks very much again. there is nothing in explorer by that name, in windows there is a SYSTEM32 but its in capitals, not lower case as yours was (does that matter?) That is suspicious. Have you seen the corruption this month? but there are no mrt entries at all in the system32 area when i expand it. if i can't locate mrt presumably i can't set it to scan on a different date? someone else has said the problem is caused by zone alarm. i can't find any references on google to this - do you think that might be correct ? "1PW" wrote: lopar wrote: OK, i have tried to find the MRT.exe file using search inc hidden files and system files. there was nothing except an ie log text file. (by the way, and please don't think i am being funny since this is the first time i have ever posted anything anywhere, you say the file might be located in /is/ - is that a file location, or a piece of jargon or something else - i genuinely don't know what that means (or am i being too literal and you just mean is !)) Unfortunately the devil is in the details... If the standard issued Microsoft Malicious Software Removal Tool is installed in its usual location, it should be at: C:\WINDOWS\system32\MRT.exe and has a 24,111 KB file size I tied to make everything case perfect as it would be in your system. I checked on one of my systems and MRT.exe can definitely be deleted. i am beginning to think its not MRT after all but something else. however what could possibly delete my settings every 15th of the month ? I never did. You could set MRT to scan on some other date to eliminate this theory. sorry about imprecision on AVG - its 8.5.409 - is that what you wanted ? That's the latest free version of AVG and that's very good. i can't say for sure about having installed any applications or utilities - i don't recall doing so. would a check on add remove programs by date be sufficient to tell me ? Maybe not. I was hoping your memory might help here. -- 1PW -- 1PW |
#15
|
|||
|
|||
malicious software removal tool
Yes i do. can i ask how you know this to be the case - i have checked around
some sites but can't find refernces to za casuing a loss of settings when getting a security update. is there a link you could give me ? is it just certain versions of za ? i have 8.0.298 is there a fix in za - i am reluctant to get rid of it. or alternatively would it be enough to shut za down whilst installing updates (and use windows firewall temporarily) then start it up again afterwards ? thanks for your help "Peter Foldes" wrote: lopar Do you have Zone Alarm installed? It is the cause of this issue. Uninstall ZA before downloading the Malicious Software and any Defender Updates. Best to remove ZA and use the built in Windows Firewall which does a better job anyway -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "lopar" wrote in message ... Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. |
Thread Tools | |
Display Modes | |
|
|