Malicious Software Tool - No EULA

G

Guest

Hello Forum-
I just got the "Malicious Software Tool" via WU. I understand that it is
supposed to run silently and then go away, but I never saw a EULA to agree
to, so did it run?
I ran it from the web, just for kicks, and came up clean, but wondering if
the monthly updates will work for me via WU...
 
G

Guest

I just got same thing, but from a pop-up window lower right. A check on
Add/Remove Programs does not show this KB890830 having been installed. Is it
possible we got spoofed?
 
T

Torgeir Bakken \(MVP\)

operaflute said:
Hello Forum-
I just got the "Malicious Software Tool" via WU. I understand
that it is supposed to run silently and then go away, but I
never saw a EULA to agree to, so did it run?
Hi

When KB890830 runs from WU or AU, it runs in unattended mode, so no
EULA is presented to the end user.

After the scan is complete, the tool creates a file Mrt.log that
contains the results of the scan. The file is in the %windir%\Debug
folder (%windir% is typically C:\Windows).

Check the content of Mrt.log to see when the tool have been run, and
the result.
 
G

Guest

Not sure how to interpret the first comment, however Microsoft suggests:
• When you download the tool from Windows Update or from Automatic Updates,
the tool always runs in quiet mode.
• When you run the tool from our Web site at http://www.microsoft.com, the
tool always displays a user interface (UI).
• When you download the tool from the Microsoft Download Center, the tool
ordinarily displays a UI when it runs. However, if you supply the /Q
command-line switch, it runs in quiet mode.
 
G

Guest

I have a different problem with Malicious Software Tool. When running Norton
Antivirus Realtime Protection Scan, it repeatedly displays the following
alert: Virus name: Downloader.Trojan File: C:\WINDOWS\system32\g0l2d.dll
Location: C:\WINDOWS\system32.

As I haven't seen this before, I believe it results from the tool. Any
suggestions on how to stop this from happening (other than not running the
realtime scan) or how to remove the tool?

Thanks...

A
Any suggestions on how to
4 posts
 
G

Guest

I should have said that I got it through AU, not WU. I thought that I would
get a EULA the first time (as opposed to each month) But as posted in an
earlier post, I guess there is no EULA via AU.
Thanks
 
W

Wesley Vogel

See what the mrt.log says...

Paste this in the Start | Run box...

%windir%\debug\mrt.log

Click OK
 
G

Guest

Sure enough - it ran twice. Once from the AU, once when I did it from the
web page. Came up clean both time. Would be nice to see some sort of UI
confimation of the process, though, even if it comes via AU...
 
W

Wesley Vogel

Apparently no news is good news. The darn thing had me running around
trying to see what happened also.

[[Q2. How do I verify whether the removal tool has run on a client computer?

A2. You can examine the following registry key to verify the execution of
the tool. Note that you can implement such a check as part of a startup or
logon script. This will prevent the tool from running multiple times.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT with value named
"Version".

Every time the tool is executed, independent of the results of the
execution, the tool will record a GUID to the registry to indicate that it
has been executed. The following table lists the GUID corresponding to each
release.

Release Value Data
January 2005 E5DD9936-C147-4CD1-86D3-FED80FAADA6C ]]

Deployment of the Microsoft Windows Malicious Software Removal Tool in an
enterprise environment
http://support.microsoft.com/default.aspx?scid=kb;en-us;891716
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top