Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Saturday, March 26, 2011

How to Remove MS Removal Tool (Uninstall Guide)

Tell your friends:
MS Removal Tool is a rogue security application that comes up with tons of infections and security threats to make you think that your computer is infected with malicious software. This scareware may report up to 30 infections on your computer which do not even exist. Besides, the scan is a little too fast to be real. It charges about $60 to remove the threats and even claims that your PC will be protected against other malware if you choose to purchase the full version of MS Removal Tool. Of course, you shouldn't pay for this rogue AV. By the way, do not confuse this fake application with the Microsoft Windows Malicious Software Removal Tool which is a perfectly legitimate tool. Cyber-criminals clearly want to gain some credibility with well known names here.



The bad news is that MS Removal Tool blocks malware removal tools and system utilities, Task Manager and other even changes your desktop wallpaper. If you click on any desktop icon you'll get a message that the program is infected and that you should run your anti-virus software.



What is more, it constantly displays fake security warnings saying that your computer is infected with viruses, Trojan horses, spyware and other maliclious software.





It may modify Windows Hosts file too. If your computer is being infected by the MS Removal Tool, please follow the removal instructions below. Please be advised, if you pay for this phony security software, you will subjected to monetary theft, or in a worst-case example, ID Theft. There is no guarantee that your credit card details aren't going to be sold to other third parties. Do not hesitate to contact us if you need further assistance or you have questions regarding removal of MS Removal Tool. Please leave a comment below. Good luck and be safe online!


MS Removal Tool removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.



2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this rogue anti-virus program from your computer. 

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Alternate MS Removal Tool removal instructions using HijackThis or Process Explorer (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results:

Windows XP/2000:
O4 - HKCU\..\RunOnce: [fHrPqDaZcCg02547] C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

Windows Vista/7:
O4 - HKCU\..\RunOnce: [fHrPqDaZcCg02547] C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

The process name will be different in your case [SET OF RANDOM CHARACTERS].exe, located in:
C:\Documents and Settings\All Users\Application Data\ in Windows XP and C:\ProgramData\ in Windows Vista/7. Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end MS Removal Tool process:
  • [SET OF RANDOM CHARACTERS].exe, i.e. fHrPqDaZcCg02547.exe
3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this rogue anti-virus program from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Associated MS Removal Tool files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe
For Windows Vista and Windows 7 users:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Share this information with other people:

236 comments:

«Oldest   ‹Older   1 – 200 of 236   Newer›   Newest»
Anonymous said...

Is this a new one? How does it spread itself?

Anonymous said...

i really hope this works. But even if it doesnt thank u of the advice. :)

Max and Signe said...

Thank you very much. It worked perfectly on my girlfriend's PC.

The scareware thing was quite effective in blocking a number of the usual ways of dealing with viruses, so we were genuinely grateful for this article.

Admin said...

Yes, this is a new rogue AV. Usually, it speards through the use of fake online virus scanners but there are other means too, e.g. spam e-mails, infected websites, facebook scams etc.

riomarb said...

thnx 4 this website i almost pay for this fucking fake removal tool..thank you bec of you i fixed my computer safely and without paying anything..t.y. so much!!

daniel Horande said...

Hi,

Another option is restarting on safe mode and just restore system to a previous day. I just did it and it took me no more than 5 minutes to have my computer back !!!!!

booker said...

Daniel Horande--- thank you so much--- worked like a charm. im running xp sevice pack 3.
restart safe mode
start- all programs- accessories- system tools system restor

Anonymous said...

This worked for me! Much appreciation!!

Anonymous said...

with the startup,immediatly hit taskmanager before removal tool can take complete control,find the program,end the proces,delete program,throw away!worked for me,got complete control again!

Bob said...

How long does the scan take?

Anonymous said...

Thank you very much, this thing is worse than the ones I had before, normally i can go to the system restore on normal but this thing need you to go to safe mode and do it, thanks for the tip booker.

Anonymous said...

I really hope this works it scared the crap out of me! any idea how long it usually takes

Anonymous said...

I started task manager and ended process. where do I go from here to delete the file? I'm operating w7

Anonymous said...

Thanks for the information. Worked to the letter and my system is back up and running as before. Only took a total of 30 min (fast for me since I'm not very technical)

Anonymous said...

Thanks God, I've found you. My computer is working again. Thanks so much. Greatly appreciated.

Anonymous said...

HOW DO I REMOVE THIS CRAP OFF MY COMPUTER, ALL OF A SUDDEN ITS ON THERE!!!!!!

Anonymous said...

I ended the process as computer started, then I didn't know where to go to delete it. then used spybot. spybot found nothing. and I rebooted and it came back. suggestions?

Admin said...

Run Malwarebytes Antimalware instead of Spybot.

Example of Ms Removal Tool related files:

For Windows XP users:
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

For Windows Vista and Windows 7 users:
C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

Anonymous said...

Thank you very much for this blog! my netbook had been so corrupted from the MS Removal Tool it was beyond ridiculous!!! I had tried so many methods in getting rid of it after finding many ways/articles on google. After what seemed my 100th attempt, I came across this site and when I followed the instructions, ta-da worked like magic and got rid of (uninstalled) the malicious melware! So happy and appreciative to get this sort of help. Thank you very much!

Anonymous said...

look i need help i ran the test but i dont kno how to delete it like its saying i have to pay is this a free site or do i have 2 pay with my credit card im kinda scared 2 pay with a credit card because i dont want them to get a hold of my info

Anonymous said...

can some one help me

Anonymous said...

Going to try this now on my desktop, wish me luck!

Haekim said...

Dude thanks alot ! I did it
Thanks for the tips :D
i owe you

Anonymous said...

iexplore.exe saved my life, thank you very much

Anonymous said...

Okay, once or twice I got into safe mode, but the MS Tool Remover was still popping up, and I got past it once to try the downloads listed above, but, it just went right back to the Tool Remover. Now, when I start my computer, I can't even get it into safe mode.....now what?
Would contating my ISP help, or should I just take it somewhere to see if it can be fixed??

Anonymous said...

This affected me as well. McAfee was no good. I used the task manager method and saw the process start so I was able to search for the exe and directories and deleted them

Anonymous said...

with the start up in normal mode,immediately hit task manager (ctrl, alt, delete) before removal tool can take complete control,find the program,end the process. Then go to Microsoft website and download the real MS tool and run the app. It located and removed the

Anonymous said...

Ok, I tried to restart my computer to get into safe mode, but when I pressed F8, the screen said there was an error with the keyboard. I'm running XP. Is there a different way to fight this?

Anonymous said...

I have been using McAfee as well. Did not detect or prevent infection. (Thanks for taking my money!!!) I searched for MS Remover on the McAfee site and it came up with nothing. Are they just clueless or are we stupid for falling for their scam and giving them our money?

In any case, the poster that recommended using the F8 and restoring to a safe point in time before the infection, has me up and running thus far. Hopefully it will stay running. Thanks for the good info...

Anonymous said...

When I open task manager, what is the name of the program that I need to end? Can't find anything with the name "MSremoval".

Antti said...

thanks a bunch, helped me repair the damage my gf had done on her computer. =) my own computer skills are next to nothing, yet i had the sense to google things out and presto here's the answer. thanks again.

Anonymous said...

You might have hit the F8 too many times

Anonymous said...

Thank you very much for this precious help.
God bless you !!!

Admin said...

Q: When I open task manager, what is the name of the program that I need to end? Can't find anything with the name "MSremoval".

A: It's a randomly named process, e.g. fHrPqDaZcCg02547.exe

Anonymous said...

restart in safe mode and then system restore worked for me thank you very much

Anonymous said...

System restore seems the only way I can get rid of these type of infections. I agree with one of the above comments regarding McAfee - on the last two infections I've had, McAfee appears to have been 'switched off'. Fat lot of good that is.

Anonymous said...

Restarted in safe mode network and ran your iexplore/hijackthis program. Identified the RunOnce file and "fix checked" it. restarted again and the agressive anoying MS Tool Pop ups, exactly as you have displayed were gone.
Thanks a bunch for helping people out!

Anonymous said...

MS Removal tool took control of my laptop, I thought I was going to be throwing it in the bin! Thanks to this site and its directions it appears that all is well again, amazing! Much appreciated site.

Anonymous said...

good job, guys

Anonymous said...

wow its working.. thank you..!!

Anonymous said...

many thanks. this info helped me too

Keith (Boatbirder) said...

Hi guys, interesting stuff! My laptop was affected last night. All my inportant stuff in on external drive, can't I just restore my laptop to factory setting?

Anonymous said...

Great article, I can't say that you enough. MS removal was stopping my antivirus from starting up or intalling a new antivirus. Followed the directions and everything worked.

Anonymous said...

try norton 360 it may help

Anonymous said...

AMAZING! My computer is back, the planets are aligned. THANK YOU!

Anonymous said...

after better than THREE HOURS fighting this plague, restoring the machine to last week seems to have worked. . . . and Microsoft Defender let the bugger though. . . not just Norton, folks.

THANK YOU!!!

Anonymous said...

I ran into this a few hours ago and thanks to this guide I have got back control of my pc. Starting in safe mode with networking and downloading the malware prog worked for me. It took about 40 mins to scan my drive and allowed me to quarantine and delete the infected files within about a minute of that. The next time I started up, the problem was gone. A great help - Thank you.

Anonymous said...

Daniel Horande and booker's comments worked perfectly. Much easier and quicker, everything seems to be back to normal.

Anonymous said...

my process began with dMm....

Anonymous said...

I was running Kaspersky 2011 AV but dropped it today due to slow transfer rates. Installed MS Essentials and had great speed again but within a few hours picked up this MS Removal Tool. I also have Malwarebytes and Spysweeper installed - don't run them other than weekly scans or as required. I am running M'Bytes in safe mode (XP SP3) right now and it has found 2 infected objects.
Thank you very much for the support and advice. Great job proving clear instructions.
Petrox - Calgary

Anonymous said...

I just got rid of the ms tool bull crap. Even after i downloaded and paid for spydoctor it would not remove it. This is what worked for me. I was able to press alt control delete to open up the task manager. You go to processes. It was at the very top and it was not labeled anything remotely close to MS tool removal. I believe mine started with dMm... something or other. It turned out to be it because once I ended the process I was able to find it an delete the file. What I did to find it was I put the following on my search window at the bottom of the start menu. C:\ProgramData\ Once i typed this in there it gave me a bunch of files. There I found the file beginning with dMm... I deleted it then emptied my recycle bin and now my laptop is cured. Sorry so long but I think this will help anyone with windows 7

Anonymous said...

THANK you so much! I have downloaded iexplore and within minutes my system was fixed!!!

Anonymous said...

I played along and agreed to purchase MS Removal Tools. I used the false Visa number 411111111111111 with verify # 123 and expiry 06/2015.
I used a fake email and real address of a govt building. MS Removal Tools quickly thanked me for the purchase and activated their false program, claiming to have deleted the viruses. MS Removal Tools then went inactive, which allowed me to run Malwarebytes Anti-Malware. This completely killed it from my system.

Anonymous said...

I have just this morning finished removing "MS Removal Tool"from a friends laptop.
Unfortunately like many who are here reading this she is not exactly what i would call PC friendly, and had not made any Restore points on her PC to return to.
This Program had taken complete control of her comp as shown in above posts, changed her screensaver, blocked all antivirus programs by turning them off and your not being able to turn them back on (she has Avira), removed and disabled a number of links from her desktop, blocked skype, etc, etc, etc...
I followed the instructions as shown on this blog and downloaded not 1 but the 4 different free anti-virus and malware removal programs to a stick on my laptop. I then started her laptop in safe mode with networking and installed...updated....and ran all 4 programs.
Took some time but worked perfectly...
I want to say a Special Thanks to you guys who kept us informed as to how to deal with this problem.... you are the heroes of the hour !!! Keep up the good work guys !!

Anonymous said...

Thanks for the help!

Anonymous said...

Yep it just took control. It turned off the firewall and mouse and ran its "Virus Check".
Way to fast to be real.
Pulled the plug on the computer.
Started in safe mode (press F8).
Ran system restore.
Ran AVIRA antivirus (free version) and picked up 52 detections.
Problem solved.

trubertq said...

Thanks a mill I got this pest lasr night and had visions of having to send the lapop to the laptop doctor. I have restored to a previous day , and all is well

Anonymous said...

Thank you so much!

G Data Antivirus running (the payment version!) did not prevent the infection.
As some other have described for other AV-Programs this Malware seems to undermine most of the actual AV-programs.

Thanks again!

Philipp

Anonymous said...

Thank you very much!

aniltmohinani said...

Thanks! Maleawarebytes didnt detect it but Hijackthis did. I had to take a risk though as not all detected were malacious do i deleted HKCU/ type files ( about 8 I think) and everything was back to normal after rebooting twice.

Peter said...

Thanks, You've made a good job.

Anonymous said...

I played along and agreed to purchase MS Removal Tools. I used the false Visa number 411111111111111 with verify # 123 and expiry 06/2015.
^^^^^^^^^
i did the same thing. random info... then it told me my computer was free of infection. chaa!
i did do a hard start to safe mode 2xs and then backed up to way earlier date than today...and so far all is well.
thank you .

Sammie Banks said...

I simply went into C:/ ProgrammeData looked for an unusually named file. It was under iL244837Fge ETC I deleted the entire contents whilst in Safe Mode with Networking, emptied recycle bin, rebooted in normal mode, and it was gone :D

Anonymous said...

Daniel Horande and Booker's tips!
Worked perfectly !
Easy and quick !
Everything seems to be back to normal.
It works 100% !!
Windows Vista Home Sp2

Anonymous said...

Excellent article, helped me to regain control on my notebook, thanks a lot, you earned a free lunch if you even come to Buenos Aires Argentina.

cheers.

Anonymous said...

Thanks so much. I don't know much about computers so I started my computer in safe mode networking. I could't even get on the internet before. While in safemode I could download Malwarebytes Antimalware. It took about 50 minutes to find all the malware on the computer...about 15 of them. Pushed the button to eliminate all of them and wa-la!!!! Back to normal. I'm so glad I found your website.

Anonymous said...

Thank you so much, I was so close to melting down about my laptop! You're the best!

miss b said...

My computer has this virus and I've tried to get rid of it can anyone help me please . Many thanx miss lady

Anonymous said...

fake credit card worked....I used the false Visa number 411111111111111 with verify # 123 and expiry 06/2015. same as one before. Running a malwarebyte check

Anonymous said...

Opened Windws Vista in Safe Mode and used my AVG program and the first thing that pops up is the "Fake Alert" trojan horse virus with a starting code of Fpe01e87......Moved to Virus Vault. Will hit you back after rebooting to see if it works.

Ciana March said...

Hi, downloaded malware software and did scan. Scan results said that nothing malicious was found. The ms removal tool is still there when I go back to normal mode. Help please!

Anonymous said...

Hi, I ran malwarebytes while in safe mode but it didnt detect anything. When I went back into normal mode ms removal tools was still there! help please!

Anonymous said...

Guys, when running the spybot/malwarebytes etc do you do so in safe mode or try to run it in normal boot up? Rebooted in safe mode and ran McAfee and it detected nothing.

Anonymous said...

I am scanning with Malwayre Bytes. What should I do when this is done scanning? Should I start up in Normal Mode? I'm using Win 7.

Admin said...

Yes, you should restart ir normal mode.

Anonymous said...

Absolutely amazing! Thanks sooooooooo much. Really thought my computer was dead. So simple to fix. Stupid virus

Anonymous said...

Just used this advice to get rid of MS Removal. I went for Malwarebytes and it seems to have worked perfectly.

Many thanks!

Anonymous said...

Thank you SO much! Worked.

Anonymous said...

Helo!!!
It has blocked safe mode.
The Credit Card number 411111111111111 is recognized as invalid.

Can't run an exe file to install Malwarebytes.

Don't know how to get rid of this face MS Removal Tool. Any other advice?

Anonymous said...

Daniel Horande ,thank you so much!

It works perfectly by restarting on safe mode and just restore system to a previous day.
It is easy and quick !
My PC seems to be back to normal.

My PC runs on Windows Vista Home Sp2

Anonymous said...

You're best tool to use is Rkill. It will stop any Malware/Scareware virus from running. Download all the versions of Rkill; depending on the virus some versions won't work.

http://www.bleepingcomputer.com/download/anti-virus/rkill

Its a great free tool that's saved my PC and my friends more than once.

Jennifer said...

Thank you so so so much! My computer is good as new again. You are a lifesaver!

Anonymous said...

Stopzilla didn't fix it. Malware did.

Dan.

Anonymous said...

Task Manager before the tool took control worked for me.

Thanks guys

Anonymous said...

i just got this wonderful virus on my system and used this guide to get rid of it, however i had to run malawarebyte twice. the first time it got only picked up a random program that im pretty sure wasn't a virus but i deleted it anyway. restarted in regular mode and ms removal was still there, then rebooted in safe mode ran another program that found it but i had to pay for it to be removed, so i ran malawarebyte again and it was found and removed. the scan takes 2 and a half hours so i didn't let it finish but i will let it do a full scan tonight.

SWADIANTARA said...

Thank you very much..

hyunggyu said...

god! u almost saved my life thank u for
instuctiion. i googled Vanessa Lengies sextape then i got this one. it was stupid anyway
after every struggle i found this instruction
if any one got that fucking one. just believe and follow this instruction
thank u very much!!

Anonymous said...

I got the MS thing and it keeps popping up and i tried safe mode but i can't do much on it so i really need tips on how to get rid of it so i can use the computer WITHOUT safe mode

Admin said...

Windows XP/2000:
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

Windows Vista/7:
C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

fHrPqDaZcCg02547 = randomly generated. Yours will be different.

So, go to the Application data folder (Win XP) or ProgramData (Win Vista/7). Find randomly named folder (it can be hidden!! change folder options to see it) and rename the main executable in that folder, e.g. fHrPqDaZcCg02547.exe

It should be:
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\virus.ex_

Instead of:
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

You can change folder name too! Restart your computer. Ms Removal Tool shouldn't come up anymore. Now, download Malwarebytes Antimalware or any other anti-malware software and run a full system scan to remove this rogue security product.

Good luck!

Anonymous said...

Thanks so much for this post! I was freaking out!

Anonymous said...

daniel horande you are a genius...and a spectacular photographer.

Anonymous said...

This thing has got my brand new laptop with Win7 totally locked out. I cannot even start in safe mode! Tried the bogus credit card thing, no luck, tried microsoft home essentials wich I had installed, it won't let me access it either! Any tips? I'm goin ballistic!! Thanks!

Anonymous said...

Update: I just found the rogue file in the "program data" folder and renamed it with the following extension: \yousuck.ex_
Rebooted, now I'm up and running. You guys ROCK!!! Much Obliged!

Anonymous said...

the iexplore.exe program worked like a charm

Anonymous said...

thank you guys. It is working now. You are great.

Anonymous said...

The computer would not allow me to use system restore and a recovery center installed in my computer (i.e password doesn't work when logging on as an administrator or user). After multiple restarts trying to catch and end process, and failing, I started in "SAFE MODE", (press F8 during the boot up process).

I already have Microsoft Security Essentials downloaded and no other antivirus software installed, but it wasn't turned on (i don't know how it turned off). I right-clicked the MSE icon and chose "Run during Start-up."
Restarted the computer and it is now back to normal, no ms removal tool pop-ups, all my programs running again).

In a nutshell, I went into Safe Mode, turned on MSE to automatically run during start-up, restarted the computer and is now back to normal. I don't know if the virus is gone but I am running a full scan to see if MSE will catch and remove it.

Good luck to everyone and thanks for the helpful posts!

Wrathful Lock

Anonymous said...

What a tricky bullshit program to remove. Thanks for the help

Anonymous said...

It seems to be evolving! I opened in safe mode and stopped the process in task manager and then found the file in the application data folder. It was just a file, no folder associated with it. It seemed fine except when I try to start any .exe, it reinstalls the file into the application data folder.

I can't access the 'run" menu to regedit and it has disabled ALL of my browsers.

Milun said...

Thanks!!! I used HijackThis tool from TrendMicro and it workout just great! :)

Thanks again!

Anonymous said...

stupid "MS Removal Tool"

a new virus?

Anonymous said...

thank you this worked great on my lap top but my is still down almost same prob. Does anyone know where these came from all of a sudden

Daniel said...

Thanks. The malware is gone, and so far, no problems.

Anonymous said...

i had the same problem once.... the solution is quite simple...
go to
1. safe mode
2. C:\Documents and Settings\All Users\Application Data
(application usually hidden... so show all hidden file first)
3. look for recently added folder... usually it got weird name(such as NdMfylmjRf)...and inside the folder you'll find strange exe file.

4. just delete the folder and restart... be sure that you delete the wright folder... otherwise you'll end up have an application software problem.

Anonymous said...

I don't know If this works completely or not, but I just went into regular safe mode and restored my computer from an automatic backup that windows did a couple of days ago

Anonymous said...

iexplore.exe worked for me ! simple steps
thx appreciate it

Anonymous said...

This is infuriating. I'm on my third scan with Malwarebytes and each time it finds new threats. However, when I reboot in normal mode, MS Removal is there again.

Should I delete it using Task Manager?

Also, it won't allow me to do System Restore.

Anonymous said...

Im trying the MalwareBytes thing now! Hopefully it works. If it dont how do i system restore? Im on safe mode with newtworking

Anonymous said...

THIS WORKED FOR ME PERFECT! ( :
shut down your laptop/pc
turn on but keep hitting f8
scrole down to " SAFEMODE WITH NETWORKING"
HIT ENTER
now it may take a little while for everything to load, took a few mins with me.
when system restore pops up i restored my laptop to a few days earlier.( this may also take a little while) & so far so good...everything seems to be back to normal
hope this helps Lisa x


Id also tried 1st to fix it by using the task manager & removing & ending the prosses that way, but because i have lots & lots of things opening in the proseser of the task manager e.g messanger/webcam plus about 30 other things i couldnt find it fast enough to do it that way because that way you have to be quick enough to end it before the virus programme fully takes affect.

Anonymous said...

Trying this right now, hope it works
Thank you sooo much!

Anonymous said...

THANKS! The explanation is great, you just need to follow it to the letter and then manually remove (on W7) the file and folder:

C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

F*ck virus makers and hail to the people who solve them!!!

Anonymous said...

Thanks, works great with the manual removal of the "C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe"

F*** virus makers, hail the people who solve them

Anonymous said...

sorry didn't saw that it needed to be aproved :)

HAIL!

Anonymous said...

Thanx alot I followed the instructions and used Hitman pro 3.5 and it worked. It was driving me crazy Really great instructions and simple thanx alot. Nuha Khalil

Christopher said...

Well i just wanted to stop by and thank you guys for posting this. I sent my brother here when he told me what was happening. Took him a few to understand what safemode was ....lmao.... but with your help he got it fixed lol Thanks guys!!

Guy said...

I can't run safe mode because it keeps locking up on Mup.sys(only does it for safemode).
Last time I got one of this type of fake security virus there was a way to use notepad to shut it down so I could run Malwarebytes.
Is there a way I can do that against this virus?

Anonymous said...

Thank you. I got spammed by this sudden Virus thing, and I wasn't certain what it was. At first, I thought it was just one of those pesky tiny viruses that just needed to be shut down... Sadly, I was mistaken. I do not know how I got it, and the fact that I couldn't close it, made me give my middle finger to the screen. It closed all my open programs. I tried running in safe mode, which didn't seem to work, which made me furious as well. Unable to open any programs that might obliterate it, I was about to lose faith.

I googled, and found this. I am forever thankful I did. PC's working fine once again. Had it not been for you, I would've held my head, and probably cried in a corner for a little while, ending with my pc leaving the building from 2nd floor to the ground below in a massive fiery explosion. I cannot thank you enough!

Anonymous said...

MS Tool Removal Disappears?..

This was a weird virus, scam, or what ever you want to call it. I got the MS tool removal on my PC about a week ago and immediatly started looking for ways to get it off. After several unsuccesfull attempts at doing a system restore, (because I never set up a restore point)I decided just to keep it in Safe Mode untill I decided to go get it fixed. For about a week I kept it in Safe Mode untill I finally decided I was just going to take it in to the geek squad. I restarted my computer in normal mode before I took it in and realized that the MS tool was gone! I did nothing but kept it in safe mode for a while and now there is no signs of the MS tool at all... Kinda weird, and i'm curious to see if it ever comes back. At least it is gone for now and hopefully i wont have to worry about it any more. Don't know if it will help you but it helped me. good luck.

Anonymous said...

Thank you so much!

Michael Bednarek said...

Start Windows in Safe Mode
Find registry key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run:
Locate a value with a long random name;
take note of the directory in that value;
navigate Explorer to that directory and delete it;
delete the registry value.
Done.

Anonymous said...

Thanks so much! youre the best, I got this stupid thing on fiances computer while he was at work. I know he would be super pissed at me lol, so i tried to fix it on my own thank the fuckin lord it worked :) Amazing!!!!!!!!

Tony Gates said...

You guy rock!!! I got this damned virus, recognized that it was no good immediately, and went to run my AV... It wouldn't start, and my browsers were disabled. I Googled it on my iPhone, followed your instructions (most, I would find) and my AV picked up nothing... I then UPDATED the AV (MalwareBytes), and BAM, it showed 2 Trojans. I isolated and deleted them, now all is good!
Thanks!!! If you're ever in Sacramento, lunch os on me!!!

sarah said...

what is C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe ? help me please

JAYANT said...

thax my friend u r genias ............ u r the best awesome

Anonymous said...

Thank you. I'm on Windows 7.
I ran spybot search and destroy but that didn't find it so I tried searching for C:\ProgramData and it found the file made up of random letters. I couldn't select delete from the folder drop down (when you right click on it) so I opened the folder and deleted the 2 items inside the folder then managed to delete the folder. I could then run my Microsoft Security Center software (but couldn't update it). I did a full scan and found nothing. I restarted my laptop and hey presto everything was back to normal. Even my original background had returned. I then updated my Microsoft Security center and repeated a full scan (this is currently in progress and it looks like the preliminary scan has found some "malicious or potentially unwanted software"). Problem solved me thinks. Thank you everyone who posted above and most of all thank you the most excellent human being who wrote this blog. Simon (UK)

Jonas said...

I am SOOOO grateful!!!! I wanna kiss you and pay you 60 bucks for being SO fantastic at this stuff!!

Anonymous said...

hi dude.... you really did a fantastic job by writing this article...!! i've become a great fan of urs...!!! live long...!!!

Anonymous said...

Worked great! THANK YOU.

I just removed the Application Data and the registry.

VVian Wang said...

Aww thanks so so much for this article! I was in a frenzy when i cant find it in the uninstall system. I am gonna share this on my facebook. Once again thanks!

Edu said...

Woke up this morning and was attacked by this annoying Malware that blocked all applications from running on my computer......Gosh, tried all possible ways but still could not execute anything, not even the registry editor so i can identify the infected entries.

But with the malware tools managed to get rid of this and now working well back again without spending a single coin....Thanx

Anonymous said...

Found an entry that is close to these. Should I delete it?

Ruben said...

thanks .. seems like its working ? .. I hope.. I pray .. lets see ..

got it yesterday .. dunno from wher ?
tryd all the normal ways .. but it had controle so couldnt restore it or runn anything that might help me ..

did`t have much time left so shut it down and tryd agin to day .. thanks God I found this page :)


did it like this:

1.)startet up my lap top, tapping F8

2.) startet in safe mode with network

3.) downloaded and runnd MalwareBytes Anti-malware

4.) restartet my laptop

5.) then I could accest my controlpanel and stuff and could make a reeboot/restor it to a week ago or sumthing (just found a random point that lookd good)

6.) so happy (hope it last) that I just had to make a comment in here ..

agin thanks :)

Anonymous said...

hey i was wondering how important the last steps about HOSTS files switching to default is and what it means?

Anonymous said...

Very well written, was a personal fan of malwarebytes for a while now, and am getting to love hijack this.
Thank you

Malinda Crow said...

Thank you so much! You're a lifesaver.

Anonymous said...

Great advice. I used the Normal Removal Tool (in Normal Mode) by downloading the ixplore.exe. When I launched it and did a "System Scan only", it found something similar (but not identical) to the listed "O4-HKCUL...". Even though I run XP, based on a comment for WIN7 that the rogue program may not be identical to that cited above, I checked it anyway and clicked "fix it". Viola, rogue program gone! Thank you so much.

Anonymous said...

Thanks so much!

Anonymous said...

Hi there I just go this virus and I followed the steps of rebooting but after installing SpyDoctor my computer suddenly just shut off. When I turned it on and tried to go to safe mode it would load the files then suddenly stop

Anonymous said...

Tambem resolvi o Problema desse malware, Muito obrigado pelo post!!!

Anonymous said...

I got this one...it's really bad! Can't system restore for some strange reason in normal or safe mode! I restarted in safe mode, but antimalwarebytes can't find anything! I'm at a loss! Any ideas???

garry said...

great stuff guys, renaming the 83948409494.exe file worked perfect, and the computer works perfect, however the file si still there and no scans even from the suggested malware removers worked

Holistic Chemist said...

I had that problem initially, it kept crashing on me, keep switching it on/off and just safe boot. I just did mine a few hours ago and I downloaded the malwareantimalware program, whilst in safe mode. I had to run the scan twice as I didn't catch it the first time and voila! it is gone. I have ESET as well, it let it through!!

Thank you blog owner - I owe you a drink after that! xx

Anonymous said...

My mom got this virus and inserted her real credit card numbers to purchase the fake removal thing, but she said that it said card invalid when she tried to submit it. Anyone know if her credit card would still be at risk? She has since got the virus removed.

Admin said...

I really doubt that they collect credit card details that might be invalid. Anyway, your mom should call her credit card company and tell them what just happened. They should know what to do in such situations. Good luck!

Anonymous said...

You're a life-saver. Thank you!

Anonymous said...

I got this MS Removal Tool paralyzing all applications on my computer. I used safe mode (press on F8 many time while computer is restarting). I just finished scanning an dfound 72 objects. I can not read the whole name of items some are files some folders some registery keys. I don't see Fix checked button, only Remove selected. Should I remove all 72 objects? will I loose any of my files?
Thank you so much for all these info.

YEN-AN said...

Thank you guy! This is really helpful... Thank you <3

Kurt Ingamells said...

Thank you ever so much I actually got rid of the virus and I'm only 15! Luckily I already had ESET NOD32 Antivirus. I had a different way of doing it though because I couldn't access safe mode.

1.I restarted the computer. It did a consistency scan,

2.I logged on and immediately pressed Ctrl+Alt+Del

3. I terminated anything I knew could've been the virus but wasn't a system process

4. Scanned with ESET and removed the virus.

Anonymous said...

thanks... it helps alot

Matt Reese said...

Tried EVERYTHING to fix this problem in safe mode (for about 2 hours) before I visited your site. The Process Explorer disguised as Internet Explorer was totally ingenious. I used THAT and a little program called Rogue Killer to put the kabbash on this MS Removal Tool rubbish. Thanks again!

Tarek S Awad said...

What a nice post and smart instructions, it helped me get rid of this malware in minutes, thank you for your effort, thumps up

Anonymous said...

I'm by no means a techincal wizz, so I actually believed this MS Removal Tool was the only way to fix my "many viruses". Luckily I googled it and found this site here. It's absolutely fantastic. Really helped! Thanks.

Anonymous said...

Just wanted to add my two cents in....THANKS for being a lifesaver. I've ran across malware before but usually malwarebytes will identify and then delete with no troubles. MS Removal Tool malware totally took control of my PC and wouldn't let go. The above mentioned information of renaming the file to virus.exe worked like a charm! Thanks so much for helping the headache disappear!

Anonymous said...

THANKS!!!!!!!!!!!!! my computer just like totally took control of everything and i thought i screwed. but then this site/blog came to the rescue Thanks again

Anonymous said...

Muchas gracias! Thank you very much! It took me for long time to fix it, but it works!!! I thanks to this person who wrote this:

shut down your laptop/pc
turn on but keep hitting f8
scrole down to " SAFEMODE WITH NETWORKING"
HIT ENTER

Anonymous said...

I was about to pay that amount of money. But then I just decided to check ms removal tool on my housemate's computer and got shocked... I did those steps and that worked perfectly on my computer. Thank you

nic95_ said...

thank god u savde my ass thx you i so wanne kiss u xp

Anonymous said...

Works great, Thanks a lot

Anonymous said...

This really works man.....u r genius...thank you so so much for all this...

Anonymous said...

I followed these directions exactly and they worked like a charm. Thank you so much for saving my mom from more grey hairs.

Anonymous said...

Hi there folks... guess what, yer have had the same said problem that yo all have had. thanks to 2nd system in the place was able to 'Google find' this site. got rid of the pesky thing by the 'restore' method ...

thanks

Anonymous said...

I tried all 4 of the programs. THe SuperAntispywarefree worked for me. The others didn't

Anonymous said...

Thank you so much!

Anonymous said...

HEI FRIEND

i have a shool Pc which means i can only remove it manuel from

Registry values:

* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"

if i write "[SET OF RANDOM CHARACTERS]"
does this will work?
or i should write something else.

if yes can you plz tell me wht should i write in the runOnce,

Anonymous said...

Thanks for the help! Had to to use a couple of the malware products before one found the virus. Laptop is back to normal!!

Anonymous said...

Hey, when going to safe mode with networking, am I going to normal mode or not?? PLEASE ANSWER>>!!!!!

Anonymous said...

All you have to do:
Go to start.
Press RUN.
write: %Appdata%
Make sure there stands "All Users" for users and not your name.
Find the wird file with random carekters and move it to your deskop.
Then reboot your computer and before it starts the process, delte the file.
then delete it real in the garbis mappe.
Your computer is now clean.
This is how you remove the virus whitout booting up in safe mode.
Sorry for my english.
PEMA

Anonymous said...

My hat's off to you! I used malwarebytes and had to rename iexplore.exe and then it worked. What a relief. Thanks a million.

Tom

Anonymous said...

Thanx u the best thank u very much :)

Vickey007 said...

Hello

I get this F**king Virus too,
I did reboot
F8 then safe mode with networking,
restore system to previous date,
seems now everything is ok..

but still in pain.. is this really helpful that i did ? or any other way still i need to do ?

Thanks
Vickey

Benji said...

I used the HijackThis tool. Worked beautifuly thankyou!

Anonymous said...

This worked brilliantly for me, I don't know where is malicious malware came from, but I'm just glad to get rid of it, I acctually thought I had got 38 virus'! There are so many websites that offer this help, but I found this one the best to be honest! I am so happy to get rid of it! Thank god for Google!!!! I don't know what I would of done otherwise. I really recomend this to anyone as I had sorted out my 811 infections that my laptop had (according to malware) So thank you VERY VERY MUCH!!!

Penny said...

Thank you. Use Spybot and it work. Saved the day.

Anonymous said...

DOES THIS COMPANY HAVE A EMAIL ANYONE KNOW OR PHONE NUMBER? TRYING TO CALL THE BASTARDS . THEY CHARGED MY DEBIT CARD. THEY TRICKED ME

Anonymous said...

Thank you so much - I have used the Malwarebytes free removal and it worked great.

Anonymous said...

i used the option of deleting folders with named with a set of random characters
an vuala, problem solved in seconds

thanks

Fish - bukan ikan! said...

thank you very much!! i have no idea how this thing get into my pc and the ctrl+alt+del thing doesn't work out (because I search about this first i guess) but i try ur way and it worked! thx again!

Anonymous said...

I got this MS Removal Tool paralyzing all applications on my computer. I used safe mode (press on F8 many time while computer is restarting). I downloaded malwarebytes (for FREE!) and just finished scanning and found 185 objects! I removed all ... THANK YOU! THANK YOU!

Anonymous said...

thank u so very much love u..........it worked 4 me! thanx =)

Anonymous said...

thank you for helping me get rid of this thing..

Anonymous said...

Thanks for posting this. I thought my girlfriend had MalwareBytes installed.

Anonymous said...

If for some reason, like me, you cannot go into safe-mode, then on the same screen you select "safe-made with networking" select "last known good configuration" or something like taht, ad it should restore your system to before you downloaded the virus ^^ I needed to do that, trying to spare other people time ^^

Anonymous said...

GREAT JOOBBBBBB!! IT WORKED!! THANKS ALOT!!

and yes, WE ALL love you

Anonymous said...

Excellent help and advice....Thumbs up for the uploader....

My computer all sort it ....cheers

Raj said...

Got this thing while trying to download a song from pksongs.com. Damn Bollywood songs :P

Am in safe mode now, running malwarebytes scan at the moment, interestingly 14 infected objects found at the moment, will wait for scan to finish and will update people.

Anonymous said...

HELP! PLEASE! I followed the instructions and I used spare terminator which I had used before and the spybot search and destroy and it didn't work! spybot found a few things and I got rid of them but I put my laptop to normal and I still had ms removal tool! PLEASE HELP! I'm really worried.

Anonymous said...

*****ADMIN PLEASE ADDRESS THIS****

I haven't seen you address the "restore your computer from safe mode" idea that apparently worked for a couple of other posters.

I also did this out of sheer frustration, and it did "appear" to solve the problem. Did it? Or are there still traces of this virus/malware in my Win7 system?

Oh, one other question: I was halfway through the Malwarebytes system scan when I saw where you posted that it MUST be run as an administrator. I right clicked MB and ran it as an admin; but my question is: If I log into the computer under the main profile (which is automatically an admin profile) does it make any difference in the way the program runs?

Thank you in advance for answering my questions. I wait your reply with baited breath.

Anonymous said...

I ran Malwarebytes and cleaned 4 infections; but I suppose I have two more questions about my Win7 computer:

1. A friend suggested I use "Combofix" and that was the first thing I tried. He didn't tell me it was outdated for Win7 and only ran on 2000 & XP machines; but here's the thing: There is a new folder I THINK is associated with it called "32788R22FWJFW." The reason I think it has to do with Combofix is because there is also file within that folder titled "ComboFix-Download.cfxxe"

Can I get rid of that or is it an inextricable part of my system now? One thing that worries me is another file titled "catchme.cfxxe"

2. There is a new, empty profile on my machine titled "Mcx1-NAMEOFMYMACHINE-HP" NOTE: I didn't include the ACTUAL name of my machine in this post as I've been told that is the holy grail for hackers, but every other character is correct.

There were only 2 profiles before MS Removal Tool got into my system, and it does not appear on the initial login screen as a profile to log into. Where did this one come from, is it part of MSRemoval Tool, and how do I get rid of it?

I suppose I have one last question:

3. I looked for the path C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe and could not find it AT ALL. Is it a "hidden" folder/file? I'd like to manually check this when you tell me how to find it. I'm a writer, not a techie, so I REALLY APPRECIATE all of your help.

Admin said...

System restore may help, but additionally you still need to scan your computer with anti-malware software just to make sure that there are no remains of the virus. If your account truly has the admin privileges then there shouldn't be any difference in the way the program runs.

Admin said...

1. Yes, you can get rid if that.
2. As we all know, the Xbox 360 (and other extenders) runs under a generated account "MCX1". It's not a part of Ms Removal Tool.
3. Yes, it's hidden. Please read Show Hidden Files and Folders in Windows.

Good luck!

Anonymous said...

"As we all know?" LOL, my 12 year old granddaughter maybe, but I'm an old fart who's more comfortable with a pen and reporter's notebook. I never had one of those crash on me, losing a week's worth of work. :D

Thanks for the advice, I'll let you know how it works out.

Anonymous said...

hey thanks so much just got rid of the that ms removal tool just now, i was so worried i knew that it was something bad but didnt know how to deal with it and you helped out so much thank you a million times

Prakash said...

Hey,

This was pretty useful to me. It saved my day!
Thanks a lot for easy to follow instructions.
I was really scared my computer got hacked!

Thank you

Anonymous said...

Please help i got this virus last night im running xp i went in to safemode ran malware did nothing now i cant even get online at all , is there any hope?

Anonymous said...

Worked like a charm...was ready to take a hammer to my computer...Thank you...thank you...thank you

Anonymous said...

I cant go to the internet, I cant open ANYTHING, not even Malware... I have already installed it, but I just cant open it now... It doesn't work to click F8 or any other number of "F". PLEASE help me!!

Anonymous said...

I should have googled about it and read this blog early. My laptop is back to normal now! Thanks to your helpful post. : )

victim said...

its worked..thank you very much..really apprciate dat..awesome..

Anonymous said...

Many thanks !!!

Was able to remove it from my system (Windows 7) by manually deleting the files found on:

C:\ProgramData\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe

And then manually deleting too ..

Registry values:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"

Thanks again

... said...

Im going to try this as soon as I get home to my computer who has this MS REMOVAL thing.. It really got on my nerves already. Thanks for the advice. I appreciate it!!(:

Ruben said...

My friend came to me with his laptop with the ms removal tool virus, so I removed it using this method and it worked good. However he came back a week later and the virus was there again so I did it again. Today I did again for the third time. why do you think it keeps coming back?

«Oldest ‹Older   1 – 200 of 236   Newer› Newest»