[prev in list] [next in list] [prev in thread] [next in thread]
List: ntbugtraq
Subject: Re: Microsoft Windows Malicous Software Removal Tool
From: Rick Klinge <rick () FAMHOST ! COM>
Date: 2005-02-09 13:52:44
Message-ID: 000901c50eae$a17b7c10$6b01a8c0 () MGMT
[Download RAW message or body]
> During the month of January 2005, Microsoft apparently
> released something called the "Microsoft Windows Malicous
> Software Removal Tool", not to be confused with the beta
> version of Microsoft Antispyware. I don't recall seeing any
> discussion or articles on this software.
>
> This application was announced by KB890830. According to the
> info in KB890830, the tool can be installed through Windows
> Updates or Automatic Updates, or GPO or SMS. Alternatively,
> it can also be run online, or downloaded and run from the
> command line or script. A link to the download page can be
> found in the KB article.
>
> There is also a website dedicated to the product, and updates
> are supposed to be released on the second Tuesday of each
> month, probably along with other updates. The current
> version works only with Windows XP.
>
> So far, I have noticed four issues of concern:
> 1. No such updates have been mentioned in this month's
> (Feb)advance notice of updates, nor was the tool's release
> included in the Jan 2005 summary of security bulletins.
>
> 2. KB890830 does NOT describe how to run it from the command
> line. The result of installing it from WU, is that we now
> have a utility installed that we cannot run. We may be able
> to figure it out, but it would have been so much easier if MS
> had included the executable filename in the KB article.
>
> 3. The download page (
> http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724
> AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en )does not
> inlcude the download button, so the tool cannot be downloaded
> and saved to disk.
>
> 4. The tool did NOT download to our SUS server with other
> updates, and install automatically on our client
> workstations. Arguably, any updates that work through AU
> should have downloaded for distribution via SUS. However, we
> only discovered it by going to Windows Updates.
>
> We have not, so far, tried running it from the website.
>
> I thought I would share this information, and hope that
> someone could point me in the right direction if I happen to
> have overlooked anything, or to be otherwise in error.
> However, the situation currently appears to be as described above.
>
> Joe Dance
> University of South Carolina
Joe,
http://www.microsoft.com/security/malwareremove/default.mspx
~Rick
_____________________________________________________________________
Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus \
product which automatically notifies the perceived sender of a message it believes is \
infected may well cause more harm than good. Someone who did not actually send you a \
virus may receive the notification and scramble their support staff to find an \
infection which never existed in the first place. Suggest such notifications be \
disabled by whomever is responsible for your AV, or at least that the idea is \
considered.
--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic