Need help removing MS Removal malware -

Infected with MS Removal malware on my other laptop - I had advice on this forum

http://forum.avast.com/index.php?topic=53253.new;topicseen#new

I installed and ran MBAM and it found 4 items (Rogue MS…) I just need some help in finishing the job - what next?

Thanks

post the scan log

Perhaps it is useful in this case.
http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Pondus - see attached log

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6353

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2011-04-13 20:49:45
mbam-log-2011-04-13 (20-49-29).txt

Scan type: Full scan (C:|)
Objects scanned: 244023
Time elapsed: 48 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\programdata\ngh16635fbkgl16635\ngh16635fbkgl16635.exe (Rogue.MSRemovalTool) → 4304 → No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nGh16635fBkGl16635 (Rogue.MSRemovalTool) → Value: nGh16635fBkGl16635 → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ngh16635fbkgl16635\ngh16635fbkgl16635.exe (Rogue.MSRemovalTool) → No action taken.
c:\Users\Ash\downloads\antispy2011setup.exe (Rogue.MSRemovalTool) → No action taken.

Press remove selected.

[quote author=Left123 link=topic=76187.msg630322#msg630322 date=1302772639]
Press remove selected.
[/quote

Left123 I got your PM and have ‘removed selected’ and am now running another full scan as suggested. It’ll take a while, -

[quote author=Sidmac link=topic=76187.msg630324#msg630324 date=1302772783]

Full scan complete - no malicious items detected.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6353

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2011-04-14 10:59:11
mbam-log-2011-04-14 (10-59-11).txt

Scan type: Full scan (C:|D:|E:|F:|)
Objects scanned: 244097
Time elapsed: 43 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I’m guessing that’s it - is there anything else I need to do now, or in future?
thanks

buy malwarebytes PRO with protection module, IP block and autoupdate
a onetime fee for a lifetime license :wink:

Malwarebytes have already released 7 updates since your last scan :wink:

had a feeling that would be suggested :wink:

I didn’t see the malwarebytes Pro version offered on their website…just standard ???

also - got 2 laptops, need a licence for each ? or do they licence per household / person / ???

I didn't see the malwarebytes Pro version offered on their website...just standard
Should be easy to find.....the green button....http://malwarebytes.org/

There is no download, what you buy is a license that will activate the extra functions when inserted

Good that you have no further problems,you must be cautious while you are surfing the web since viruses are out to get you(r) money.Mbam online webshield isn’t good at all IMO,use avast and keep it updated.
Regards

You need a licence for each system.

Many thanks guys !

Mbam online webshield isn't good at all IMO
and why is that ?

Use ClearCloud DNS. Its free and more effective. Use MBAM Free for on demand scanning.

I find something like 100 - 500 malware samples a week, so i see it working every day… :wink:
both the IP block and the install protection, usually i must disable the protection module to be able to download the sample…