Another home computer with another fake Antivirus!

"MS Removal Tool" Removal
Another home computer with another fake Antivirus! “MS Removal Tool” on a Windows 7 laptop.

How did I remove it?
1. Boot safe mode

2. Checked in the registry under Local Machine and Current user for Runonce entries, found 1 entry with a random name.

3. Ran Microsoft security essentials (full scan) which found a Trojan and removed it.

4. Searched on the runonce entry name and found a folder under program data.

5. (Warnings do not edit the registry unless you know what you are doing.)
I deleted the random named file from runonce.

6. Rebooted logged in and ran Microsoft security essentials and Spybot search and destroy.

The Laptop is now clean, I managed to surf the web, rebooted a few times and scanned a few times to make sure all had gone.
So what does Runonce do, it allows a program to runonce when the laptop/pc is started and logged in. This is why the software will keep reinstalling even if you think you have removed it.
Free Computer and laptop Security software
I have been impressed with Microsoft security essentials, which is free for home use. I have been a fan of AVG free for quite few years. There is no reason why every pc and laptop should not have Security software installed.

I have started to set windows 7 pc’s /laptops with two accounts with passwords a general non privileged account and a Super user account. My thinking is if something wants to install you should have to enter the Super user password to allow it.

Do you have thoughts on the Free antivirus product?

"MS removal Tool" if you follow the prompts you will end up entering credit card details but still be unable to use you machine. It will be cheaper to get your local PC man to clean up.