Microsoft Malicious Software Removal Tool

http://www.microsoft.com/security/malwareremove/default.mspx

Silj


-- 
siljaline 

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP    
_______________________________________
0
siljaline
1/11/2005 8:55:32 PM
grc.news.latestversions 8022 articles. 0 followers. Follow

36 Replies
912 Views

Similar Articles

[PageSpeed] 26
Get it on Google Play
Get it on Apple App Store

Is this in addition to Microsoft AntiSpyware Beta 1?

doug
0
Doug
1/11/2005 9:12:38 PM
Doug wrote in grc.news.latestversions:

> Is this in addition to Microsoft AntiSpyware Beta 1? 

yes

-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok
1/11/2005 9:20:03 PM
"kayodeok" wrote:
> Doug wrote in grc.news.latestversions:
>
>> Is this in addition to Microsoft AntiSpyware Beta 1?
>
> yes

I beg to differ, it's a 'stand-alone' tool which is not a plug-in the
MS anti-spyware (MSAS).
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Or, http://snipurl.com/bxw7

Silj

-- 
siljaline

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP
_______________________________________
0
siljaline
1/11/2005 10:25:27 PM
siljaline wrote in grc.news.latestversions:

> "kayodeok" wrote:
>> Doug wrote in grc.news.latestversions:
>>
>>> Is this in addition to Microsoft AntiSpyware Beta 1?
>>
>> yes
> 
> I beg to differ, it's a 'stand-alone' tool which is not a plug-in
> the MS anti-spyware (MSAS).

Isn't that what I said?

"Is this in addition to Microsoft AntiSpyware Beta 1?"
"yes"

In other words, we have Microsoft AntiSpyware Beta 1 and then we have 
another utility - Microsoft Malicious Software Removal Tool.  

We now have *two* utilities; 
(1) Microsoft AntiSpyware Beta 1 and 
(2) Microsoft Malicious Software Removal Tool

Am I missing something here?

"Is this in addition to Microsoft AntiSpyware Beta 1?"
"yes"

I don't see anything wrong in my answer except that it perhaps needs 
fleshing out.


-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok
1/11/2005 10:42:18 PM
In grc.news.latestversions kayodeok wrote:

> siljaline wrote in grc.news.latestversions:
> 
>> "kayodeok" wrote:
>>> Doug wrote in grc.news.latestversions:
[ ]
> 
> "Is this in addition to Microsoft AntiSpyware Beta 1?"
> "yes"

I suggest that the reader read "Is this an addition..." 
(ie "Add-in")
0
Mark
1/11/2005 10:54:09 PM
kayodeok wrote:
> siljaline wrote in grc.news.latestversions:
> 
> 
> Am I missing something here?
> 
> "Is this in addition to Microsoft AntiSpyware Beta 1?"
> "yes"
> 
> I don't see anything wrong in my answer except that it perhaps needs 
> fleshing out.
> 

looked like substance was merely lost in translation ...
-- 
poo
.... the sound of inevitability
0
poo0gimmal
1/12/2005 1:03:47 AM
siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 

Impression is that this is a "Stinger" like program, targeting only 
specific viruses...
0
Nobody
1/12/2005 1:20:27 AM
siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 
Wait a damn minute here!  This tool just showed up on my Windows Update!

It's probably a good thing that it came out, and maybe after it is out 
for a while and is proven to do no harm it would be OK for it to be 
automatic, but to set me up to download it on the first day?  I think 
not!  At least I am setup to get notices only so I got to see what it 
wanted to do first...

(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
run, but I'll bet it installs.  Arrogant pukes)
0
Nobody
1/12/2005 1:50:00 AM
While parsing 'grc.security.software', I found "Nobody" stating:

> siljaline wrote:
> 
> > http://www.microsoft.com/security/malwareremove/default.mspx
> > 
> > Silj

> Wait a damn minute here!  This tool just showed up on my Windows Update!
> 
> It's probably a good thing that it came out, and maybe after it is out for a while and is proven to do no harm it would be OK for it to be automatic, but to set me up to download it on the first day?  I think not!  At least I am setup to get notices only so I got to see what it wanted to do first...
> 
> (This is my first, shocked, reaction.  I'm sure (almost) that it won't run, but I'll bet it installs.  Arrogant pukes)

LOL -- I know what you mean. I came here first and read up on it before
I clicked that purdy yellow systray icon! There's more info in earlier
threads by kayodeok -- lots of good links... :)
0
Axn
1/12/2005 1:58:32 AM
>There's more info in earlier
> threads by kayodeok -- lots of good links... :)

Message-ID: <Xns95DBBE299AEF0news4kayode@news.grc.com>
Date: Tue, 11 Jan 2005 18:41:26 +0000 (UTC)
0
Axn
1/12/2005 2:00:51 AM
http://forum.aumha.org/viewtopic.php?t=10865

Silj

-- 
siljaline 

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP    
_______________________________________
0
siljaline
1/12/2005 2:08:18 AM
Nobody wrote:
> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>>
>> Silj
>>
>>
> Wait a damn minute here!  This tool just showed up on my Windows Update!
> 
> but I'll bet it installs.  Arrogant pukes)

MS said it shows up in XP windows update but not w2k
or 2003.  I ran *mst* -- MS says it does not install,
merely scans for several malcodes and removes.  scan is
quick and just starts, less than 1 min, found nothing here.
DLs as exe (cab) I think it puts mst in temp folder and
runs.  when it's done, MS says the temp folder will
delete after reboot.  they say they will update this
tool every month...


-- 
poo
.... the sound of inevitability
0
poo0gimmal
1/12/2005 2:26:35 AM
Wandering aimlessly about grc.news.latestversions,grc.security.software,
I heard Nobody say:

> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 
>> Silj
>> 
> Wait a damn minute here!  This tool just showed up on my Windows Update!
> 
> It's probably a good thing that it came out, and maybe after it is out 
> for a while and is proven to do no harm it would be OK for it to be 
> automatic, but to set me up to download it on the first day?  I think 
> not!  At least I am setup to get notices only so I got to see what it 
> wanted to do first...
> 
> (This is my first, shocked, reaction.  I'm sure (almost) that it won't 
> run, but I'll bet it installs.  Arrogant pukes)

You'd lose the bet, since there is no "installation" involved. The
"arrogant pukes" are offering a tool via the update process that does
*not* install anything, does *not* even download unless you accept the
displayed EULA, even on automatic updates, and if the EULA is accepted,
downloads and runs, and then deletes itself. Still "shocked"?



-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch
1/12/2005 3:39:16 AM
> siljaline scribbled: 
> http://www.microsoft.com/security/malwareremove/default.mspx

I allowed WU to install it, but also manually downloaded it. I went back to 
WU after rebooting, but there is nothing on that page that allows me to run 
the tool....

The only way I have found to run it is by manually downloading the install 
file from:

http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

....and double clicking on it. It means you have to agree to the EULA each 
time....   :-(
No way of automating it's scan through task scheduler when that has to be 
done by the user...

This webpage http://support.microsoft.com/?kbid=890830 says:

<quote>
When the Malicious Software Removal Tool runs, it performs the following 
functions. Except where noted, the tool has the same behavior independent of 
what command-line switches you use or how you download and run the tool. 
Note that the tool is not actually installed on a computer. Therefore, no 
entry is created for it in the Programs folder or in Add/Remove Programs.
<end quote>

....which appears to say that it doesn't actually install an 'executable' on 
the hard drive that users can run.

Still looking CLOSELY at what it reports back to Microsoft each time it's 
run.  Dont know how that's going to work if I'm not online when I run it.

-- 
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke 
0
Max
1/12/2005 6:05:30 AM
I understood ... thanks for the info

doug
0
Doug
1/12/2005 10:55:28 AM
In grc.news.latestversions Nobody wrote:

> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 

> 
> Impression is that this is a "Stinger" like program, targeting only 
> specific viruses...

Except that the MSRT *only* scans for selected *active* malware.  
Stinger scans files on disk as well.

http://support.microsoft.com/?kbid=890830
 "Q16: Why does my antivirus product take longer to scan my 
       computer than this tool?
  A16: Unlike an antivirus product, the Malicious Software Removal Tool
  scans only for "active" malicious software. Specifically, the tool
  does not scan the whole hard disk. ..."
0
Mark
1/12/2005 2:16:05 PM
In grc.news.latestversions Max Burke wrote:

>> siljaline scribbled: 
>> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> I allowed WU to install it, but also manually downloaded it. I
> went back to WU after rebooting, but there is nothing on that page
> that allows me to run the tool....
[ ]

> ...and double clicking on it. It means you have to agree to the
> EULA each time....   :-(
> No way of automating it's scan through task scheduler when that
> has to be done by the user...
> 
> This webpage http://support.microsoft.com/?kbid=890830 says:
> 
> <quote>
> When the Malicious Software Removal Tool runs, it performs the
> following functions. Except where noted, the tool has the same
[ ]

> ...which appears to say that it doesn't actually install an
> 'executable' on the hard drive that users can run.

AFAICT the executable is "stand-alone" with the possibility of 
skipping the EULA each time *only* if it is "installed" via WU and if 
XP.  Likely a registry setting somewhere.

> Still looking CLOSELY at what it reports back to Microsoft each
> time it's run.  Dont know how that's going to work if I'm not
> online when I run it. 

http://support.microsoft.com/?kbid=890830
 "EULA display"
 "Reporting infection information"
 "Reporting component"
and others...
0
Mark
1/12/2005 2:25:04 PM
Mark V wrote:
> In grc.news.latestversions Max Burke wrote:
> 
> AFAICT the executable is "stand-alone" with the possibility of 
> skipping the EULA each time *only* if it is "installed" via WU and if 
> XP.  Likely a registry setting somewhere.
> 

even directly running just the mrt.exe GUI from temp dir
opens EULA here, "accept" and it starts immediately, no
trace that it phoned home but it also reported as clean
so nothing to report ...


-- 
poo
.... the sound of inevitability
0
poo0gimmal
1/12/2005 7:52:52 PM
"Max Burke" <mlvburke@%$%#@.nz> wrote in
news:cs2eni$23kh$1@news.grc.com: 

>> siljaline scribbled: 
>> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> I allowed WU to install it, but also manually downloaded it. I went
> back to WU after rebooting, but there is nothing on that page that
> allows me to run the tool....

I also "downloaded" it using the Windows update, and saw nothing different 
on my screen.  However, after doing some digging, I found a new file, 
MRT.LOG, in my C:\Windows\Debug folder with the following content:


Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Wed Jan 12 08:35:11 2005


Removal Tool Results:
No infection found.

Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
2005


So, I'm guessing that users will only be made aware of it running if 
something is found.

I've always been critical of M$ "minimal information" policy.  In this 
case, if a user has "asked" for it, M$ should be considerate enough to tell 
you what happened...

Daniel Bragg
0
Daniel
1/12/2005 8:07:15 PM
Mark V wrote:
> In grc.news.latestversions kayodeok wrote:
> 
> 
>>siljaline wrote in grc.news.latestversions:
>>
>>
>>>"kayodeok" wrote:
>>>
>>>>Doug wrote in grc.news.latestversions:
> 
> [ ]
> 
>>"Is this in addition to Microsoft AntiSpyware Beta 1?"
>>"yes"
> 
> 
> I suggest that the reader read "Is this an addition..." 
> (ie "Add-in")

Absolutely.

"Silj" read "an" rather than "in".

Oh!, the joys of English :-)

-- 
Tony.P
0
Tony
1/12/2005 8:10:01 PM
Daniel Bragg wrote:
> "Max Burke" <mlvburke@%$%#@.nz> wrote in
> news:cs2eni$23kh$1@news.grc.com: 

> after doing some digging, I found a new file, 
> MRT.LOG, in my C:\Windows\Debug folder with the following content:

same here on w2k_sp4 c:\winnt\debug\mrt.log
it appends newer info to old.
I did not use WUP but rather did a download.


-- 
poo
.... the sound of inevitability
0
poo0gimmal
1/12/2005 8:24:38 PM
Daniel Bragg wrote:
> "Max Burke" <mlvburke@%$%#@.nz> wrote in

> I also "downloaded" it using the Windows update, and saw nothing different 
> on my screen.  However, after doing some digging, I found a new file, 
> MRT.LOG, in my C:\Windows\Debug folder with the following content:
> 
> 
> Microsoft Malicious Software Removal Tool v1.0, January 2005
> Started On Wed Jan 12 08:35:11 2005
> 
> 
> Removal Tool Results:
> No infection found.
> 
> Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
> 2005
> 
> 
> So, I'm guessing that users will only be made aware of it running if 
> something is found.
> 
> I've always been critical of M$ "minimal information" policy.  In this 
> case, if a user has "asked" for it, M$ should be considerate enough to tell 
> you what happened...
> 
> Daniel Bragg
Same here. I put a shortcut to the file on my desktop so I can look in 
it occasionally. There's gotta be a file somewhere that runs it though 
.... wouldn't you think?

-- 
Get Firefox! Rediscover the web.
http://www.mozilla.org/products/firefox/
0
TCM
1/12/2005 8:28:46 PM
Wandering aimlessly about grc.news.latestversions, I heard TCM say:

> Daniel Bragg wrote:
>> "Max Burke" <mlvburke@%$%#@.nz> wrote in
> 
>> I also "downloaded" it using the Windows update, and saw nothing different 
>> on my screen.  However, after doing some digging, I found a new file, 
>> MRT.LOG, in my C:\Windows\Debug folder with the following content:
>> 
>> Microsoft Malicious Software Removal Tool v1.0, January 2005
>> Started On Wed Jan 12 08:35:11 2005
>> 
>> Removal Tool Results:
>> No infection found.
<> 
>> Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
>> 2005
>> 
>> So, I'm guessing that users will only be made aware of it running if 
>> something is found.
>> 
>> I've always been critical of M$ "minimal information" policy.  In this 
>> case, if a user has "asked" for it, M$ should be considerate enough to tell 
>> you what happened...
>> 
> Same here. I put a shortcut to the file on my desktop so I can look in 
> it occasionally. There's gotta be a file somewhere that runs it though 
> ... wouldn't you think?

If you got the MSRT from WU, it ran in "quiet" mode, and was then
deleted on completion of the run.

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch
1/12/2005 8:39:18 PM
     TCM wrote,
     in post  news:cs419s$h82$1@news.grc.com :
> Daniel Bragg wrote:
>> "Max Burke" <mlvburke@%$%#@.nz> wrote in
>
>> I also "downloaded" it using the Windows update, and saw nothing
>> different on my screen.  However, after doing some digging, I found
>> a new file, MRT.LOG, in my C:\Windows\Debug folder with the
>> following content:
[...]
>> So, I'm guessing that users will only be made aware of it running if
>> something is found.
>>
>> I've always been critical of M$ "minimal information" policy.  In
>> this case, if a user has "asked" for it, M$ should be considerate
>> enough to tell you what happened...
>>
>> Daniel Bragg
> Same here. I put a shortcut to the file on my desktop so I can look in
> it occasionally. There's gotta be a file somewhere that runs it though
> ... wouldn't you think?


I downloaded the tool during a WU session but couldn't find hide nor
hair of it when the session was through, so I just moved on over
to the MS download site and DL'd it to a folder. It's named
Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
size 255KB. You click it, a wizard-like screen appears, you click
"Accept all terms yada...", click Next, and maybe 3 seconds later
you get the results. Is it just scanning RAM or what? I guess it's
better to have than not to have. A quick second opinion sorta.
 PZ
-
0
PrivacyZealot
1/12/2005 10:24:25 PM
PrivacyZealot wrote:
>      TCM wrote,
>      in post  news:cs419s$h82$1@news.grc.com :
> 
> I downloaded the tool during a WU session but couldn't find hide nor
> hair of it when the session was through, so I just moved on over
> to the MS download site and DL'd it to a folder. It's named
> Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
> size 255KB. You click it, a wizard-like screen appears, you click
> "Accept all terms yada...", click Next, and maybe 3 seconds later
> you get the results. Is it just scanning RAM or what? I guess it's
> better to have than not to have. A quick second opinion sorta.
>  PZ
> -

when you run windows-kb..-enu.exe it creates a new 'temp' directory
where it deposits mrt.exe.  I renamed mrt and moved it to a
new location, still runs ok, and appends to debug .log.


-- 
poo
.... the sound of inevitability
0
poo0gimmal
1/12/2005 11:48:09 PM
> poo0gimmal scribbled:
> when you run windows-kb..-enu.exe it creates a new 'temp' directory
> where it deposits mrt.exe.  I renamed mrt and moved it to a
> new location, still runs ok, and appends to debug .log.

Two command line switches for this tool....

/Q    runs in quiet mode. Does NOT prompt user to accept the EULA.  (So it 
can be a scheduled task after all)

/?  displays version, language, etc....

The only 'annoyance' I have know is that it renames a temp file that GRR 
warns about, and asks if the change should be allowed....



-- 
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke 
0
Max
1/13/2005 4:50:06 AM
On Wed, 12 Jan 2005 17:48:09 -0600, poo0gimmal wrote:

> PrivacyZealot wrote:
>>      TCM wrote,
>>      in post  news:cs419s$h82$1@news.grc.com :
>> 
>> I downloaded the tool during a WU session but couldn't find hide nor
>> hair of it when the session was through, so I just moved on over
>> to the MS download site and DL'd it to a folder. It's named
>> Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
>> size 255KB. You click it, a wizard-like screen appears, you click
>> "Accept all terms yada...", click Next, and maybe 3 seconds later
>> you get the results. Is it just scanning RAM or what? I guess it's
>> better to have than not to have. A quick second opinion sorta.
>>  PZ
>> -
> 
> when you run windows-kb..-enu.exe it creates a new 'temp' directory
> where it deposits mrt.exe.  I renamed mrt and moved it to a
> new location, still runs ok, and appends to debug .log.

According to FileAlyzer it's a self extracting cab file (internal name
SFXCAB.EXE), so each time it is run, it acts like a patch, except that it
searches and reports, rather than replacing system files and crocking your
box.....
Fits on floppy disk too.
-- 
Parker Molin
0
Parker
1/13/2005 5:56:30 PM
Parker Molin wrote:
> crocking your box.....

Haven't heard this one... ??  :-)
0
Nobody
1/13/2005 7:34:08 PM
Dutch wrote:

> Wandering aimlessly about grc.news.latestversions,grc.security.software,
> I heard Nobody say:
> 

>>siljaline wrote:
>>
>>
>>>http://www.microsoft.com/security/malwareremove/default.mspx
>>>
>>>Silj
>>>
>>
>>Wait a damn minute here!  This tool just showed up on my Windows Update!
>>
>>It's probably a good thing that it came out, and maybe after it is out 
>>for a while and is proven to do no harm it would be OK for it to be 
>>automatic, but to set me up to download it on the first day?  I think 
>>not!  At least I am setup to get notices only so I got to see what it 
>>wanted to do first...
>>
>>(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
>>run, but I'll bet it installs.  Arrogant pukes)
> 

> You'd lose the bet, since there is no "installation" involved. The
> "arrogant pukes" are offering a tool via the update process that does
> *not* install anything, does *not* even download unless you accept the
> displayed EULA, even on automatic updates, and if the EULA is accepted,
> downloads and runs, and then deletes itself. Still "shocked"?

Yeah, sorry.  Independent of their motives, I think it is totally 
inappropriate, even with a eula (that most will not read), for MS to (as 
part of their patching service) download an executable, run it, and 
delete it without ANY visible indication of what just took place (unless 
it finds something).  They haven't even publicly indicated (that I have 
seen at least) that there is a log file left on the system with the 
results of the scan.
This makes them "arrogant pukes", IMO, because this is the typical "we 
know what's best for you" attitude that they seem to always apply to us 
"stupid customers".
If I may paraphrase Steve, 'This is my (damn) computer', and they are 
not entitled to treat it like it was theirs.  This is NOT MS bashing. 
It wouldn't matter a damn to me what company did this, it would still be 
unacceptable.
0
Nobody
1/13/2005 9:42:48 PM
Wandering aimlessly about grc.security.software, I heard Nobody say:

> Dutch wrote:
> 
>> Wandering aimlessly about grc.news.latestversions,grc.security.software,
>> I heard Nobody say:
[...]
>>>Wait a damn minute here!  This tool just showed up on my Windows Update!
>[...]
>>>(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
>>>run, but I'll bet it installs.  Arrogant pukes)
> 
>> You'd lose the bet, since there is no "installation" involved. The
>> "arrogant pukes" are offering a tool via the update process that does
>> *not* install anything, does *not* even download unless you accept the
>> displayed EULA, even on automatic updates, and if the EULA is accepted,
>> downloads and runs, and then deletes itself. Still "shocked"?
 >  
> Yeah, sorry.  Independent of their motives, I think it is totally 
> inappropriate, even with a eula (that most will not read), for MS to (as 
> part of their patching service) download an executable, run it, and 
> delete it without ANY visible indication of what just took place (unless 
> it finds something).  They haven't even publicly indicated (that I have 
> seen at least) that there is a log file left on the system with the 
> results of the scan.
> This makes them "arrogant pukes", IMO, because this is the typical "we 
> know what's best for you" attitude that they seem to always apply to us 
> "stupid customers".
> If I may paraphrase Steve, 'This is my (damn) computer', and they are 
> not entitled to treat it like it was theirs.  This is NOT MS bashing. 
> It wouldn't matter a damn to me what company did this, it would still be 
> unacceptable.

Whatever, but isn't that pretty much what many of the updates also do? 
They download, run some not so obvious process to fix "you know not 
what", and then exit, leaving nothing behind except an indication that 
the patch has been installed. Why is this tool seen any differently?

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch
1/13/2005 10:21:53 PM
Dutch wrote:
> 
> Whatever, but isn't that pretty much what many of the updates also do? 
> They download, run some not so obvious process to fix "you know not 
> what", and then exit, leaving nothing behind except an indication that 
> the patch has been installed. Why is this tool seen any differently?

Definitely!

I've got an XPH laptop and the MSRT shows just like another update. And 
the other EXEs are gone too unless they persist in a temp folder somewhere.
0
Kerry
1/13/2005 11:55:54 PM
Dutch wrote:

> Wandering aimlessly about grc.security.software, I heard Nobody say:
> 
> 
>>Dutch wrote:
>>
>>
>>>Wandering aimlessly about grc.news.latestversions,grc.security.software,
>>>I heard Nobody say:
> 

> 
>>Yeah, sorry.  Independent of their motives, I think it is totally 
>>inappropriate, even with a eula (that most will not read), for MS to (as 
>>part of their patching service) download an executable, run it, and 
>>delete it without ANY visible indication of what just took place (unless 
>>it finds something).  They haven't even publicly indicated (that I have 
>>seen at least) that there is a log file left on the system with the 
>>results of the scan.
>>This makes them "arrogant pukes", IMO, because this is the typical "we 
>>know what's best for you" attitude that they seem to always apply to us 
>>"stupid customers".
>>If I may paraphrase Steve, 'This is my (damn) computer', and they are 
>>not entitled to treat it like it was theirs.  This is NOT MS bashing. 
>>It wouldn't matter a damn to me what company did this, it would still be 
>>unacceptable.
> 
> 
> Whatever, but isn't that pretty much what many of the updates also do? 
> They download, run some not so obvious process to fix "you know not 
> what", and then exit, leaving nothing behind except an indication that 
> the patch has been installed. Why is this tool seen any differently?

Because it is NOT a patch, and it is NOT fixing something that is broken 
(or flawed, unless you consider the OS flawed because it doesn't include 
AV).  It is a new, separate (albeit free) product.

As far as I'm concerned, they could allay my objection by adding at the 
top of the EULA, in red type, "Warning, accepting this EULA will result 
the downloading and running of a simple AV program that will only report 
results if it finds a problem".  I understand that the EULA may already 
say something to this effect, but since this particular tool does 
something different than one would expect from an "Update" I think it 
needs to be more clear.  The red text would draw more attention to the 
fact that this is different.
0
Nobody
1/14/2005 12:25:27 AM
Wandering aimlessly about grc.security.software, I heard Nobody say:

> Dutch wrote:
> 
>> Wandering aimlessly about grc.security.software, I heard Nobody say:
>> 
[...]
>>>Yeah, sorry.  Independent of their motives, I think it is totally 
>>>inappropriate, even with a eula (that most will not read), for MS to (as 
>>>part of their patching service) download an executable, run it, and 
>>>delete it without ANY visible indication of what just took place (unless 
>>>it finds something).  They haven't even publicly indicated (that I have 
>>>seen at least) that there is a log file left on the system with the 
>>>results of the scan.
>>>This makes them "arrogant pukes", IMO, because this is the typical "we 
>>>know what's best for you" attitude that they seem to always apply to us 
>>>"stupid customers".
>>>If I may paraphrase Steve, 'This is my (damn) computer', and they are 
>>>not entitled to treat it like it was theirs.  This is NOT MS bashing. 
>>>It wouldn't matter a damn to me what company did this, it would still be 
>>>unacceptable.
< > 
>> Whatever, but isn't that pretty much what many of the updates also do? 
>> They download, run some not so obvious process to fix "you know not 
>> what", and then exit, leaving nothing behind except an indication that 
>> the patch has been installed. Why is this tool seen any differently?
> 
> Because it is NOT a patch, and it is NOT fixing something that is broken 
> (or flawed, unless you consider the OS flawed because it doesn't include 
> AV).  It is a new, separate (albeit free) product.

Removing trojans if they exist is not "fixing" anything?
 
> As far as I'm concerned, they could allay my objection by adding at the 
> top of the EULA, in red type, "Warning, accepting this EULA will result 
> the downloading and running of a simple AV program that will only report 
> results if it finds a problem".  I understand that the EULA may already 
> say something to this effect, but since this particular tool does 
> something different than one would expect from an "Update" I think it 
> needs to be more clear.  The red text would draw more attention to the 
> fact that this is different.

Ok, I'll accept that having the EULA text in red would likely catch the
attention of a few more people long enough to read the very first
paragraph of section 1, where exactly what the tool does is clearly
spelled out. IMHO, most would still just "click-n-go", which is exactly
why having the tool run "automagically", as it does for auto updates, is
a good thing. Those are the very same people most likely to be
infected...

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch
1/14/2005 1:37:47 AM
While parsing 'grc.security.software', I found "Dutch" stating:

> Wandering aimlessly about grc.security.software, I heard Nobody say:
> 
> > Dutch wrote:
> > 
> >> Wandering aimlessly about grc.security.software, I heard Nobody say:
> >> 
> [...]
> > > > Yeah, sorry.  Independent of their motives, I think it is totally 
> > > > inappropriate, even with a eula (that most will not read), for MS to (as 
> > > > part of their patching service) download an executable, run it, and 
> > > > delete it without ANY visible indication of what just took place (unless 
> > > > it finds something).  They haven't even publicly indicated (that I have 
> > > > seen at least) that there is a log file left on the system with the 
> > > > results of the scan.
> > > > This makes them "arrogant pukes", IMO, because this is the typical "we 
> > > > know what's best for you" attitude that they seem to always apply to us 
> > > > "stupid customers".
> > > > If I may paraphrase Steve, 'This is my (damn) computer', and they are 
> > > > not entitled to treat it like it was theirs.  This is NOT MS bashing. 
> > > > It wouldn't matter a damn to me what company did this, it would still be 
> > > > unacceptable.
> < > 
> >> Whatever, but isn't that pretty much what many of the updates also do? 
> >> They download, run some not so obvious process to fix "you know not 
> >> what", and then exit, leaving nothing behind except an indication that 
> >> the patch has been installed. Why is this tool seen any differently?
> > 
> > Because it is NOT a patch, and it is NOT fixing something that is broken 
> > (or flawed, unless you consider the OS flawed because it doesn't include 
> > AV).  It is a new, separate (albeit free) product.
> 
> Removing trojans if they exist is not "fixing" anything?
>  
> > As far as I'm concerned, they could allay my objection by adding at the 
> > top of the EULA, in red type, "Warning, accepting this EULA will result 
> > the downloading and running of a simple AV program that will only report 
> > results if it finds a problem".  I understand that the EULA may already 
> > say something to this effect, but since this particular tool does 
> > something different than one would expect from an "Update" I think it 
> > needs to be more clear.  The red text would draw more attention to the 
> > fact that this is different.

> Ok, I'll accept that having the EULA text in red would likely catch the
> attention of a few more people long enough to read the very first
> paragraph of section 1, where exactly what the tool does is clearly
> spelled out. IMHO, most would still just "click-n-go", which is exactly
> why having the tool run "automagically", as it does for auto updates, is
> a good thing. Those are the very same people most likely to be
> infected...

Am I allowed to agree with both of you? I like AVG's method of
notification with their updates, but OTOH, I rarely read them
and usually just click through anyway... <g>
0
Axn
1/14/2005 2:57:24 AM
On article <cs1efv$159n$1@news.grc.com>, siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 
> 
Silj, do you think this tool could be used as (a replacement to) 
McAfee's Stinger?

-- 
Kind regards,
Euler German

Note that my eMail address is useless. Please, reply to the list
0
Euler
1/22/2005 12:31:07 PM
"Euler German" wrote: 
 
> On article <cs1efv$159n$1@news.grc.com>, siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 
>> Silj
>> 
>> 
>> 
> Silj, do you think this tool could be used as (a replacement to) 
> McAfee's Stinger?

I wouldn't use it as a replacement, not for the time being at least.
This may help >  
http://forum.aumha.org/viewtopic.php?t=10865

McAfee's Stinger is a "proven" stand-alone virus remover.
http://vil.nai.com/vil/stinger/
http://download.nai.com/products/mcafee-avert/stinger.exe

Regards,
Silj

-- 
siljaline 

MS - MVP Windows (IE/OE) & Security (AH-VSOP)     
__________________________________________
Security Tools Updates
http://forum.aumha.org/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
0
siljaline
1/22/2005 4:26:16 PM
Reply:

Similar Artilces:

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000 http://support.microsoft.com/?id=890830 *********************************************************** Quote *********************************************************** Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft W...

Microsoft Windows Malicious Software Removal Tool
Why is it that the Microsoft Windows Malicious Software Removal Tool takes so long to download each month? It's July 29th and I still see June's entry in the Vulnerability List. Everything else came down by Friday following Patch Tuesday. This happens every month. Does it happen to everyone? Server version 6.3.2.700 Thank you! Leslie Leslie, no reason I can think of why that one's any different to any other in that respect... -- Shaun Pond Is there any way for me to force it to come down? I've gone to the Options tab and clicked Update ...

Microsoft Malicious Software Removal Tool (KB890830)
<http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en> aka <http://makeashorterlink.com/?U26F519CB> *** Begin Quote *** The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software�including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and...

Microsoft Windows Malicious Software Removal Tool
*************** Quote from http://support.microsoft.com/?kbid=890830 *************** Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Malicious Software Removal Tool supersedes all virus-cleaner tools that were previously released by Microsoft. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool fr...

Malicious Software Removal Tool vs Microsoft Defender
I had thought that Defender was the replacement for MSRT, but now I'm not so certain. Anybody ? -- - Fred "FredC" <fred26cor@primus.ca> wrote in message news:f2hk39$1niq$1@news.grc.com... >I had thought that Defender was the replacement for MSRT, but now I'm not >so > certain. No, it isn't a replacement, as such. Since MS doesn't know which computers are running Defender, they put out a new version of MSRT each month with updates for new things to check for. And I don't know the internal workings of MSRT, so I don&#...

Microsoft Windows Malicious Software Removal Tool (MSRT)
For those of you that would wish to run the new version, please proceed to: (http://support.microsoft.com/kb/890830) Or, from the MS Download Center; (http://snipurl.com/hnqt) Click, Run > from it's current location for immediate scanning, or save to disc for later analysis. The tool will generate a findings log, regardless if malicious software is found or not. Randy -- siljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit....

Microsoft Malicious Software Removal Tool 2.0
The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software; including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder. Note The version of this tool delivered by Windows Update runs on your computer once a month, in the ba...

Microsoft Malicious Software Removal Tool Guided Tour
Requires signing-off a EULA to run the tour. http://support.microsoft.com/kb/890830/ Silj -- siljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. ...

Microsoft Windows Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en -- Regard: Joh@nnes � :-)) "If U know neither the enemy nor yourself,U will succumb in every battle" ...

Microsoft Windows Malicious Software Removal Tool v2 released
This is out-of-band and related to the latest Microsoft Botnet takedown = > Article >=20 (http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-n= eutralizes-kelihos-botnet-names-defendant-in-case.aspx) MSRT >=20 (http://www.microsoft.com/download/en/details.aspx?displaylang=3Den&id=3D= 16) Regards,=20 --=20 Randy (http://msmvps.com/blogs/siljaline/default.aspx) (http://www.linkedin.com/in/randyknobloch) On Wed, 28 Sep 2011 17:02:10 -0400, Randy Knobloch wrote: > This is out-of-band and related to the latest Microsoft Botnet takedown &g...

Update to Microsoft Malicious Software Removal Tool (1.7A)
Download: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en Malware Removal Website: http://www.microsoft.com/security/malwareremove/default.mspx ...

Microsoft Windows Malicious Software Removal Tool (KB890830) 1.5
The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software-including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder. http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en...

Microsoft released second April Malicious Software Removal Tool today
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx "In continuation of our support for the takedown activities on the Win32/Afcore botnet, we are releasing a second edition of MSRT in April. This edition includes variants of Afcore released by the criminals behind it at approximately the same time as the previous edition of MSRT." Same KB890830 as before. New version dated today available via Windows Update. On 27-Apr-11 11:23, Al wrote: > > http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-apr...

Microsoft Windows Malicious Software Removal Tool V.1.3
http://go.microsoft.com/fwlink/?LinkId=40587 ...

Web resources about - Microsoft Malicious Software Removal Tool - grc.news.latestversions

Microsoft - Wikipedia, the free encyclopedia
Albuquerque , New Mexico , U.S. (April 4, 1975 ( 1975-04-04 ) ) Microsoft Redmond Campus , Redmond, Washington , U.S. is an American multinational ...

Microsoft Corporation
Visit Microsoft Australia to download themes, find a new PC, upgrade Windows and much more.

Microsoft Canada - Software - Advertising - Phones - IT - Cloud
Microsoft Canada is a world leader in software, services, partner resources and Internet technologies. Get product information, support, and ...

Free Microsoft Points - Free Microsoft Points
Get Free Microsoft Points, Free 1400 Microsoft Points, Free 2100 Microsoft Points codes emailed to you for Free. Yes, All for Free.


Microsoft Bob - Just a short, simple blog for Bob to share some tips and tricks.
Just a short, simple blog for Bob to share some tips and tricks.

Microsoft New England Research and Development Center
The Microsoft New England Research & Development Center is a research and software innovation campus located in the heart of Cambridge, Massachusetts. ...

Jobs at Microsoft - Explore Microsoft Jobs and Join our Talent Community - Apply for Microsoft Jobs Online ...
Search for Jobs at Microsoft here. Explore worldwide Microsoft jobs, including game design jobs, developer jobs, software sales jobs, marketing ...

Microsoft Cloud Partner - Home
... your existing Internal Use Right through June 2013 while you work towards earning Cloud Accelerate status. Note: If you intend to sell Microsoft ...

Microsoft Hohm Service Discontinuation
Microsoft-Hohm discontinuation message

Resources last updated: 11/22/2015 12:04:54 AM