Microsoft released second April Malicious Software Removal Tool today

http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
"In continuation of our support for the takedown activities on the 
Win32/Afcore botnet, we are releasing a second edition of MSRT in April. 
This edition includes variants of Afcore released by the criminals 
behind it at approximately the same time as the previous edition of MSRT."

Same KB890830 as before.

New version dated today available via Windows Update.


0
Al
4/27/2011 1:23:21 AM
grc.news.latestversions 8022 articles. 0 followers. Follow

17 Replies
390 Views

Similar Articles

[PageSpeed] 53
Get it on Google Play
Get it on Apple App Store

On 27-Apr-11 11:23, Al wrote:
>
> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
>
> "In continuation of our support for the takedown activities on the
> Win32/Afcore botnet, we are releasing a second edition of MSRT in April.
> This edition includes variants of Afcore released by the criminals
> behind it at approximately the same time as the previous edition of MSRT."
>
> Same KB890830 as before.
>
> New version dated today available via Windows Update.
>
>
Does this program automatically remove threats or does it give one some 
control in case of false negatives - never have trusted Microsoft or 
Apple to trust it's customers to make decisions rather than adopting a 
"Father knows best" attitude?
0
Netmask
4/27/2011 4:30:35 AM
On 27/04/2011 02:23, Al wrote:
>
> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
>
> "In continuation of our support for the takedown activities on the
> Win32/Afcore botnet, we are releasing a second edition of MSRT in April.
> This edition includes variants of Afcore released by the criminals
> behind it at approximately the same time as the previous edition of MSRT."
>
> Same KB890830 as before.
>
> New version dated today available via Windows Update.
>
>

Also released 5 reliability/compatibility updates for at least for 
Windows 7 64bit

-- 
Regards

RayG
0
RayG
4/27/2011 9:36:57 AM
Al wrote:
>
> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
>
> "In continuation of our support for the takedown activities on the
> Win32/Afcore botnet, we are releasing a second edition of MSRT in April.
> This edition includes variants of Afcore released by the criminals
> behind it at approximately the same time as the previous edition of MSRT."
>
> Same KB890830 as before.
>
> New version dated today available via Windows Update.

All windows users must be SICK of these perpetual updates!



0
rickmerrill
4/27/2011 1:25:53 PM
On Wed, 27 Apr 2011 09:25:53 -0400, rickmerrill
<rick0.merrill@gmail.com> wrote:

>Al wrote:
>>
>> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
>>
>> "In continuation of our support for the takedown activities on the
>> Win32/Afcore botnet, we are releasing a second edition of MSRT in April.
>> This edition includes variants of Afcore released by the criminals
>> behind it at approximately the same time as the previous edition of MSRT."
>>
>> Same KB890830 as before.
>>
>> New version dated today available via Windows Update.
>
>All windows users must be SICK of these perpetual updates!

Why?

When new variants of malware are created,
isn't it wise to also update the anti-malware?
Do you refuse (perpetual) updates for your anti-virus software?


In general I don't like the MSRT.
It runs every WindowsUpdate for an unspecified period, it does not show
what it is scanning (if anything), nothing is reported (maybe to
Microsoft only?), not even what is removed/repaired (if anything).

I don't like this kind of "cloak and dagger" anti-malware,
I will not allow Microsoft anymore to run it.
 :-((

-- 
Fred W. (NL)
0
FredW
4/27/2011 1:53:55 PM
FredW wrote:
> On Wed, 27 Apr 2011 09:25:53 -0400, rickmerrill
> <rick0.merrill@gmail.com>  wrote:
>
>> Al wrote:
>>>
>>> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
>>>
>>> "In continuation of our support for the takedown activities on the
>>> Win32/Afcore botnet, we are releasing a second edition of MSRT in April.
>>> This edition includes variants of Afcore released by the criminals
>>> behind it at approximately the same time as the previous edition of MSRT."
>>>
>>> Same KB890830 as before.
>>>
>>> New version dated today available via Windows Update.
>>
>> All windows users must be SICK of these perpetual updates!
>
> Why?
>

>
> In general I don't like the MSRT.
> It runs every WindowsUpdate for an unspecified period, it does not show
> what it is scanning (if anything), nothing is reported (maybe to
> Microsoft only?), not even what is removed/repaired (if anything).
>
> I don't like this kind of "cloak and dagger" anti-malware,
> I will not allow Microsoft anymore to run it.
>   :-((
>

The MSRT log is in \C:\windows\debug\mrt.log in WinXp, and new entries 
are appended.

Claude
0
Claude
4/27/2011 3:38:04 PM
FredW wrote:

> In general I don't like the MSRT.
> It runs every WindowsUpdate for an unspecified period, 
> it does not show what it is scanning (if anything), 
> nothing is reported (maybe to Microsoft only?), 
> not even what is removed/repaired (if anything). 
>


notepad %systemroot%\debug\mrt.log

If there is some error it will also display a dialog.

0
Guy
4/27/2011 3:42:00 PM
On 28-Apr-11 01:42, Guy wrote:
> FredW wrote:
>
>> In general I don't like the MSRT.
>> It runs every WindowsUpdate for an unspecified period,
>> it does not show what it is scanning (if anything),
>> nothing is reported (maybe to Microsoft only?),
>> not even what is removed/repaired (if anything).
>>
>
>
> notepad %systemroot%\debug\mrt.log
>
> If there is some error it will also display a dialog.
>
Although no one has actually answered my query I can piece together from 
the replies so far on this program I don't need it..
Next how the hell do I remove it from my "important download list" on 
Windows 7?
0
Netmask
4/28/2011 8:03:32 AM
On Wed, 27 Apr 2011 10:38:04 -0500, Claude Ortega <usenet@bolbrk.net>
wrote:
>
>The MSRT log is in \C:\windows\debug\mrt.log in WinXp, and new entries 
>are appended.

[also reply to Guy]

Thank you both for your advice where to find.


[experiment]

Of course nothing could be found of any mrt.log.
(maybe deleted by CCleaner ?)
(yes, deleted by CCleaner)

Therefore I ran WindowsUpdate.
Indeed another 5 "recommended" updates of an unspecified nature
and the Malicious Software Tool.
So I did a complete WindowsUpdate.

After a required restart I found the mrt.log and a mrteng.log
in C:\Windows\debug of my Windows 7 Home Premium 64-bit.

In the mrteng.log I could read that the Microsoft tool started at
19:07:50 and finished at 19:08:59
In the mrt.log I could read the "summary"of the Microsoft tool:
"No infection found."

I understand that the Microsoft Malicious tool scanned my whole PC in
just one (1) minute to find nothing.
And it did not report anything at all, I had to go and find a log that
was left behind after the mysterious action of the mysterious Ms tool.

Every morning I have my NOD32 scanning selected partitions of my PC.
That takes about 30 minutes for 106,000+ files and a report is provided.
Twice per week I have my Avira AntiVir doing a scheduled scan of
selected partitions of my PC.
That takes about 45 minutes for 405,000+ files and a report appears on
the screen when the scan is finished.
Also when I scan with SAS or MBAM (twice per week) a report appears on
my screen, showing the results of the (complete) scan.

I compare the one(1) minute "scan" of the MS Malicious tool, giving no
report whatsoever with the longer scans of other tools, giving reports
about what happened.

I had no high opinion of Microsoft and security, but when I see this, I
give up all hope that Microsoft will ever do anything useful in
security.

The "fake" MSRT tool scans for a whole one(1) minute to check that
everything is OK and thereafter gives no report, letting users in the
cold as to what was done.

I changed my opinion.
It is no more "I don't like the MSRT", but now I completely distrust the
fake tool of Microsoft.
When this is the quality of Microsoft "security" I am very glad I never
installed Microsoft Security "Essentials", I will never ever trust that
Microsoft understands anything of security "Essentials".

[End experiment]

For me MSRT just qualified as "rogue" software.
 :-((((

-- 
Fred W. (NL)
0
FredW
4/28/2011 2:27:03 PM
On Thu, 28 Apr 2011 16:27:03 +0200, FredW <fredw@blackholespam.net>
wrote:

>For me MSRT just qualified as "rogue" software.

You don't seem to understand the tool, its function or how it works.

Read this:
http://support.microsoft.com/kb/890830
0
blue
4/28/2011 2:37:08 PM
On Thu, 28 Apr 2011 18:03:32 +1000, Netmask <netmask56@gmail.com> wrote:
>>
>Although no one has actually answered my query I can piece together from 
>the replies so far on this program I don't need it..
>Next how the hell do I remove it from my "important download list" on 
>Windows 7?

I just read some articles on a Dutch security news site and I will try
to summarize the news.

Microsoft updated the MSRT tool for the second time this month.
This was meant to finally "kill" the Coreflood botnet.
Apparently the FBI eliminated the older Coreflood botnet in the middle
of April.

The latest update of MSRT contains definitions for variants of Coreflood
botnet.
The "additional" release of MSRT was released by Microsoft "on request".
Who requested this release was not told by Jeff Williams of the
Microsoft Malware Protection Center.

Ah, I found a link in one of the Dutch articles:
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx

In another article it is suggested that the request to Microsoft is most
probably done by the FBI.
It is said that the FBI is studying the way the Dutch police and justice
removed an old botnet from infected computers.
http://www.wired.com/threatlevel/2011/04/coreflood/


-- 
Fred W. (NL)
0
FredW
4/28/2011 2:48:42 PM
My opinion is that the tool just looks in limited areas that MS has
defined as holding certain keys to a high malware risk. Just like
Superantispyware and Malwarebytes are looking at different areas that
they consider important. 


KenW
0
Ken1943
4/28/2011 3:44:49 PM
rickmerrill <rick0.merrill@gmail.com> wrote in
news:ip95h2$2eh3$2@news.grc.com: 

> Al wrote:
>>
>> http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release
>> -in-april.aspx 
>>
>> "In continuation of our support for the takedown activities on the
>> Win32/Afcore botnet, we are releasing a second edition of MSRT in
>> April. This edition includes variants of Afcore released by the
>> criminals behind it at approximately the same time as the previous
>> edition of MSRT." 
>>
>> Same KB890830 as before.
>>
>> New version dated today available via Windows Update.
> 
> All windows users must be SICK of these perpetual updates!

It's Christmas every day!!!

Sadly it's the way of the world. Bad guys are finding new ways to attack and software has bugs and needs to 
be patched. Unlikely this will ever change.

0
Fuzzy
4/28/2011 7:48:49 PM
Netmask Scribbled on the wall:
> On 28-Apr-11 01:42, Guy wrote:
>> FredW wrote:
>>
>>> In general I don't like the MSRT.
>>> It runs every WindowsUpdate for an unspecified period,
>>> it does not show what it is scanning (if anything),
>>> nothing is reported (maybe to Microsoft only?),
>>> not even what is removed/repaired (if anything).
>>>
>>
>>
>> notepad %systemroot%\debug\mrt.log
>>
>> If there is some error it will also display a dialog.
>>
> Although no one has actually answered my query I can piece together from
> the replies so far on this program I don't need it..
> Next how the hell do I remove it from my "important download list" on
> Windows 7?

Right click on it then click "hide update".

-- 
TimS

Everything will be Okay in the end...
If it's not Okay...
It's not the end.
0
TimS
5/1/2011 4:04:46 AM
On 01-May-11 14:04, TimS wrote:
> Netmask Scribbled on the wall:
>> On 28-Apr-11 01:42, Guy wrote:
>>> FredW wrote:
>>>
>>>> In general I don't like the MSRT.
>>>> It runs every WindowsUpdate for an unspecified period,
>>>> it does not show what it is scanning (if anything),
>>>> nothing is reported (maybe to Microsoft only?),
>>>> not even what is removed/repaired (if anything).
>>>>
>>>
>>>
>>> notepad %systemroot%\debug\mrt.log
>>>
>>> If there is some error it will also display a dialog.
>>>
>> Although no one has actually answered my query I can piece together from
>> the replies so far on this program I don't need it..
>> Next how the hell do I remove it from my "important download list" on
>> Windows 7?
>
> Right click on it then click "hide update".
>
Many thanks - done
0
Netmask
5/1/2011 9:08:50 AM
On Sun, 01 May 2011 19:08:50 +1000, Netmask <netmask56@gmail.com> wrote:
>On 01-May-11 14:04, TimS wrote:
>> Netmask Scribbled on the wall:
>>>>
>>> Although no one has actually answered my query I can piece together from
>>> the replies so far on this program I don't need it..
>>> Next how the hell do I remove it from my "important download list" on
>>> Windows 7?
>>
>> Right click on it then click "hide update".
>>
>Many thanks - done

And it will po-up next month, when there is a fresh version of MSRT.

-- 
Fred W. (NL)
0
FredW
5/1/2011 10:41:20 AM
FredW Scribbled on the wall:
> On Sun, 01 May 2011 19:08:50 +1000, Netmask<netmask56@gmail.com>  wrote:
>> On 01-May-11 14:04, TimS wrote:
>>> Netmask Scribbled on the wall:
>>>>>
>>>> Although no one has actually answered my query I can piece together from
>>>> the replies so far on this program I don't need it..
>>>> Next how the hell do I remove it from my "important download list" on
>>>> Windows 7?
>>>
>>> Right click on it then click "hide update".
>>>
>> Many thanks - done
>
> And it will po-up next month, when there is a fresh version of MSRT.
>
This is true... But once again... Right click > Hide update.
I haven't installed a MSMWRT update for a very long time. The last two 
times I did, my box froze on the update and I had to kill MSMWRT 
processes in task manager to get past it.

-- 
TimS

Everything will be Okay in the end...
If it's not Okay...
It's not the end.
0
TimS
5/2/2011 3:26:42 AM
On Sun, 01 May 2011 20:26:42 -0700, TimS <slydher@blackholespam.net>
wrote:
>FredW Scribbled on the wall:
>>
>> And it will po-up next month, when there is a fresh version of MSRT.
>>
>This is true... But once again... Right click > Hide update.
>I haven't installed a MSMWRT update for a very long time. The last two 
>times I did, my box froze on the update and I had to kill MSMWRT 
>processes in task manager to get past it.

Anyhow, I will try.
Next WindowsUpdate I will put MSRT in "hide" and not run it anymore.
I will see what will happen.
 ;-)

-- 
Fred W. (NL)
0
FredW
5/2/2011 1:22:31 PM
Reply: