Over the weekend, I noticed that some pages being shared on the social network StumbleUpon have malicious code. The sites distribute a Trojan which installs a rogue anti-virus program without the user’s knowledge or consent. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software. The rogue antivirus program is called MS Tool Removal which is in the same family as Security Tool Virus and System Tool.
Unfortunately, there’s no way to detect if a page is harmful from the StumbleUpon tool bar until you arrive at the site. If you have the WOT (Web of Trust) Firefox or IE add-on installed (Recommended before sharing pages), you will get a prompt that the site is rated as dangerous. This is not 100% full proof as some sites may have never been rated, therefore a user is exposed to the Trojan via Drive-by.
What’s a Drive-by? It is when a download of spyware, viruses or malware are installed on a person’s computer without a person’s knowledge.
How to remove MS Removal Tool
To remove MS Removal Tool, follow the instructions below which are the same steps in removing both Security Tool and System Tool.
- Download MalwareBytes to your desktop and rename it to Explorer.exe as MS Removal Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
- Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
- Run RKILL to stop all background processes related to MS Removal Tool.
- Launch MalwareBytes and run a (Full Scan) to remove infections.
- Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\
a. Windows XP HOSTS File Download Link
b. Windows 7 HOSTS File Download Link
- Reboot your computer.
Your computer should be clean and working normal again.
For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool
Related Articles
Rogueware and Fake Antivirus will Dominate in 2011
How to Remove SystemTool 2011
How to Remove Security Tool Virus
I use NoScript in Firefox… I think that keeps me protected from this kind of thing (?)
Kristi,
It does work, but it’s not fool proof. It can help against script kiddies who embed code in iframes.
@kirsti: I agree with you, but you have to be selective also while stumbling because there are some updates who can do the damages like this.
Nice to hear from you about Trojans from stumble upon shares.
Although i will forever use browser add ons i guess it is important to have an Anti virus capable of alerting you about harmful codes before they load or execute.
I use AVG 2011 and it has always blocked any malicious programs before being installed.
malicious codes/developers will always be there as long as the internet exists so don’t panic just make sure you are safe by using the right security tools.
moseski,
There’s no antivirus program 100% full proof including AVG 2011. I used AVG and parasites got by.