The Implications of MS Removal Tool
By: Jang Linghan | Posted: 07th June 2011
MS Removal Tool is a new rogue antispyware which pretends to be a legitimate security program. It is a direct clone of System Tool and System Tool 2011. These malicious software applications were the hottest parasites in 2010. The user must delete MS Removal Tool immediately, because as a rogue program, MS Removal Tool is created to trick unsuspecting user into believing that this program could be trusted. However, the real aim of the rogue is to steal your financial information and then use it for its own purposes. The relationship between MS Removal Tool and its predecessors is more than obvious, because all software applications share the same infection symptoms.
The most popular way for the rogue to arrive at your computer is through fake online malware scanners. Are you wondering how it is possible to land in an infected site? The answer is simple – one click on a hijacked link from a search engine result can lead you to the site which hosts a download file for MS Removal Tool. Sometimes you don't even need to initiate the download yourself. The download starts automatically, when you land in the infected site. When the download is done, you need to initialize the installation yourself, but clicking on the rogue’s icon. Sometimes, however, the rogue can be downloaded an installed by a Trojan infection, which you have caught some time earlier. Depending on your operating system, MS Removal Tool's infection files are created in random folders in the following directories: C:\Documents and Settings\All Users\Application Data\ for Windows XP, and C:\Documents and Settings\All Users\Application Data\ for Windows Vista and Windows 7.
When MS Removal Tool infiltrates in your computer, it initiates a fake system scan, and it will always show you that you have numerous infections, such as rogues, backdoors, worms and Trojans. The infections in scan results always appear in the same order, no matter how many times you perform the scan. MS Removal Tool also disables your task manager and does not allow you to execute .exe files. The rogue also floods you with fake security alert messages, which might look legitimate at first glance, because they are constructed to look reliable. Nevertheless messages are not true, and MS Removal Tool is programmed to bombard you with these fraudulent notifications so that you would believe your computer is seriously compromised. Here are some of the fake messages that MS Removal Tool shows you:
MS Removal Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool.
Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick Yes to download official intrusion detection system (IDS software).
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...
If that weren't enough, MS Removal Tool will change your desktop background into a blue screen with extensive warning.
With such poorly written messages you are urged to activate the protection by providing your credit card number and other personal information to MS Removal Tool. If you do so, you might as well say good-bye to your money for good. In order to prevent that, you need to acquire a good security program or do the manual removal to terminate MS Removal Tool.
In order to make the removal process smoother, you need to “register” the program. It will allow you to terminate MS Removal Tool easier. To “register” the problem, use one of the codes below:
WNDS-S0DF5-GS5E0-FG14S-2DF8G
WNDS-JUYH3-24GHJ-HGKSH-FKLSD
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-S0DF5-GS5E0-FG14S-2DF8G
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-A1SDF-RY4E8-7U98D-F1GB2
If you use one of these codes to "register" the program, MS Removal Tool's interface will change from wash-out pink into light blue, and if you perform the scan again, the rogue will find no infections whatsoever. You will be allowed to access your Task Manager again, and load the .exe files. Also, when you have registered the program, another function appears where you can contact MS Removal Tool’s support service by the number-1-800-417-5679.
I have tried contacting them, with intention to say that there is something wrong with the software, and we were immediately asked for the transaction ID, which was supposed to be in our email inbox. If you don't have it, they ask for the first 6 and the last 4 digits of your credit card, and then checks in a data base, to see if they have a record of you. This implies that the people behind MS Removal Tool are storing the credit card information of every single person they have managed to trick.
They also offer a refund if you are not satisfied with the product, but for that you need to tell your transaction ID as well. Also, if you say that you think MS Removal Tool is a virus, the "support center" claims that malicious programs have merely infected MS Removal Tool and they are using the interface of the program. They try to look legitimate by saying their support extension number, and they assure that it is possible to use the same license on a few computers. That is, they indirectly force the user to infect as many computers as possible.
Not to mention, that MS Removal Tool's customer support is not your best service ever. We have contacted Anastasia and Max, and some of their answers were harsh, drenched with strong Russian accent. We even heard them swearing. The fact that there is more than 1 person answering the customer's support calls means that the creators of MS Removal Tool are well-prepared to make this scam a successful operation.
This program will always hinder your attempts to remove it, because it needs to stay in your computer for as long as possible. In order to do that, MS Removal Tool blocks your internet connection. When your internet connection is blocked you cannot search for the ways how to get rid of this rogue. The parasite allows you to load only MS Removal Tool’s purchase sites.
This article is free for republishing
Printed From: http://www.goinglegal.com/the-implications-of-ms-removal-tool-2267027.html
Back to the original article
Tags: search engine result, software applications, task manager, rogues, application data, removal tool, predecessors, parasites, malicious software, security program, antispyware, c documents, scan results, documents and settings