Over the weekend, I noticed that some pages being shared on the social network StumbleUpon have malicious code. The sites distribute a Trojan which installs a rogue anti-virus program without the user’s knowledge or consent. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software. The rogue antivirus program is called MS Tool Removal which is in the same family as Security Tool Virus and System Tool.

Unfortunately, there’s no way to detect if a page is harmful from the StumbleUpon tool bar until you arrive at the site. If you have the WOT (Web of Trust) Firefox or IE add-on installed (Recommended before sharing pages), you will get a prompt that the site is rated as dangerous. This is not 100% full proof as some sites may have never been rated, therefore a user is exposed to the Trojan via Drive-by.

What’s a Drive-by? It is when a download of spyware, viruses or malware are installed on a person’s computer without a person’s knowledge.

How to remove MS Removal Tool

To remove MS Removal Tool, follow the instructions below which are the same steps in removing both Security Tool and System Tool.

Download MalwareBytes to your desktop and rename it to Explorer.exe as MS Removal Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device. Reboot your PC and hit F8 to run your computer in Safe Mode with Networking. Run RKILL to stop all background processes related to MS Removal Tool. Launch MalwareBytes and run a (Full Scan) to remove infections. Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\

a. Windows XP HOSTS File Download Link

b. Windows 7 HOSTS File Download Link

Reboot your computer.

Your computer should be clean and working normal again.

For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Related Articles

Rogueware and Fake Antivirus will Dominate in 2011

How to Remove SystemTool 2011

How to Remove Security Tool Virus