MSE virus removal and support
Jul 31, 2010 | 2:17 pm
#1
Original Poster
Join Date: Mar 2003
Posts: 4,800
MSE virus removal and support
I'm wondering if Microsoft uses virus infection as a means to force/encourage people to upgrade.
A week or so ago I got infected with an alureon rootkit (bad stuff), MSE would quarentine it but wouldn't remove it. Infected computer is still on XP. I looked for help online (Microsoft) but basically found very little. Most of what I read was "open a support ticket" which to me is no help. I also saw posts from people in support forums that said the MS support tech had been unable to help.
I also found one general Microsoft doc about rootkit removal, but as it wasn't specific to my case the directions were very vague.
I attempted to remove to the rookit with MSE and the Malicious Software Removal Tool, several times to no avail. Seemed like kind of a joke.
So I looked further into the internet tubes to see if I could find an answer as I'm a do it yourself kind of guy.
On another site I was able to quickly find a removal tool, it took less than 30 seconds to detect and remove the rootkit and replace infected system files. From there I was able to use MSE to remove other less serious viri the rootkit had downloaded. Result was a clean machine, working fine again.
After the fact, I was looking at my drives and noticed that MS had downloaded the MSRT to a couple different places on my computer and they had also downloaded the USMT.
Why would they download the USMT without my knowledge unless they intended me to use it? It just struck me as odd... Like they didn't really intend to try to remove the rootkit. Does that seem wierd?
A week or so ago I got infected with an alureon rootkit (bad stuff), MSE would quarentine it but wouldn't remove it. Infected computer is still on XP. I looked for help online (Microsoft) but basically found very little. Most of what I read was "open a support ticket" which to me is no help. I also saw posts from people in support forums that said the MS support tech had been unable to help.
I also found one general Microsoft doc about rootkit removal, but as it wasn't specific to my case the directions were very vague.
I attempted to remove to the rookit with MSE and the Malicious Software Removal Tool, several times to no avail. Seemed like kind of a joke.
So I looked further into the internet tubes to see if I could find an answer as I'm a do it yourself kind of guy.
On another site I was able to quickly find a removal tool, it took less than 30 seconds to detect and remove the rootkit and replace infected system files. From there I was able to use MSE to remove other less serious viri the rootkit had downloaded. Result was a clean machine, working fine again.
After the fact, I was looking at my drives and noticed that MS had downloaded the MSRT to a couple different places on my computer and they had also downloaded the USMT.
Why would they download the USMT without my knowledge unless they intended me to use it? It just struck me as odd... Like they didn't really intend to try to remove the rootkit. Does that seem wierd?
Jul 31, 2010 | 2:27 pm
#2
FlyerTalk Evangelist
Join Date: Sep 2000
Programs: BA, AA, DL, KLM, UA
Posts: 37,489
Take off the tinfoil hat 
Microsoft is not in the business of keeping people infected, and if they did something to prevent its removal, you can be sure someone would have uncovered that by now.
Any idea where you got the rootkit?
Microsoft is not in the business of keeping people infected, and if they did something to prevent its removal, you can be sure someone would have uncovered that by now.Any idea where you got the rootkit?
Jul 31, 2010 | 2:37 pm
#3
Original Poster
Join Date: Mar 2003
Posts: 4,800
Yes, I'm pretty sure it was loaded via a Java applet.
I was doing a Google picture search for Francesca Hilton, daughter of Zsa Zsa Gabor, and when I clicked on one of the links a java applet loaded and it was over.
When I turned on my Vista laptop, I was prompted for a Java update right away.
I was doing a Google picture search for Francesca Hilton, daughter of Zsa Zsa Gabor, and when I clicked on one of the links a java applet loaded and it was over.
When I turned on my Vista laptop, I was prompted for a Java update right away.
Jul 31, 2010 | 6:29 pm
#4
Join Date: Apr 2007
Location: SEA
Programs: AS MVPG, MGM Rewards Gold, Hhonors ???, National Executive
Posts: 2,708
http://www.microsoft.com/security/po...in32%2fAlureon
That says the MSRT should've removed it.
MSRT comes out via Windows Update, I think once a month. I believe it is run at install time.
Don't know why you have the USMT on your machine.
That says the MSRT should've removed it.
MSRT comes out via Windows Update, I think once a month. I believe it is run at install time.
Don't know why you have the USMT on your machine.