MS Recovery Tool
This guide will help you remove MS Recovery Tool from an infected computer. There is no other way to get rid of this threat other than running complete virus scan.
MS Recovery Tool is a virus that may infect computer who pays a visit to malicious web sites that will disguise as an online virus scanner. The malware is sometimes called as Microsoft Recovery Tool. It is included in the category of rogue anti-virus software that will attempt to mislead computer users with fake and alarming messages about security status of the computer. It will always remind victims that Trojan, virus and other threats are attacking the PC. This fake program can pass-through any installed security software because it uses a technique that will hide itself on the system. This method can embed malicious code on to valid system files. Other files dropped by MS Recovery Tool virus bears a unique name and are usually found in random characters. Its presence on the PC will bring many annoyances that may disrupt computer operation.
Any installed software will be block by this threat to avoid execution. The malware also modifies Desktop background and displays a warning that contains this message:
“Warning! You’re in Danger! Your Computer is infected with Spyware!”
Other than that, MS Recovery Tool scan will launch every time Windows starts. A false detection of threats will warn computer users and remind to remove them by having the registered version of fake product. You do not need to spend for this rogue program. In fact, you must remove MS from the computer at once to avoid further damage. Scan your PC with genuine and effective anti-malware program as stated in the guide below.
Screenshot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Malware Behavior
If MS Recovery Tool is installed, it will begin to display fake alerts as an scare tactics to mislead victims:
MS Recovery Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
[cf]regis[/cf] [cf]files[/cf]MS Recovery Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Recovery Tool.
How to Remove MS Recovery Tool
Manual Removal Procedure
1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "MS Recovery Tool". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe
2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to MS Recovery Tool Virus.
4. Next, you need to remove registry entries created by MS Recovery Tool. Please refer to registry section to view entries related to the rogue program. [how to edit registry]
5. Exit registry editor when you are done.
6. Get rid of MS Recovery Tool start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe
MS Recovery Tool Virus Removal Tool
1. In order to completely remove MS Recovery Tool, it is best to download and run removal software and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. If it prompts to update the database after installation, please proceed.
5. Click Finish button after installation. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the button Show Results.
8. Make sure that all items have check mark, click on Remove Selected. This will remove MS Recovery Tool files and registry entries.
9. Restart the computer.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Alternative Removal Method for MS Recovery Tool
Option 1 : Use Windows System Restore to return Windows to previous state
If MS Recovery Tool enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before MS Recovery Tool infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : MS Recovery Tool manual uninstall guide
IMPORTANT! Manual removal of MS Recovery Tool requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to MS Recovery Tool.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for MS Recovery Tool files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by MS Recovery Tool.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Brandon
May 12, 2011 @ 16:36:48
Was very helpful in removing this virus. Will note that getting access to task manager wasn’t easy, but was able to do most of this from safe mode with networking, including downloading the antivirus program mentioned in this article. Also, the virus seems to have torpedoed my copy of AVG pretty completely, so I had to re-install my old anti-virus software afterwards.