'Re: Microsoft Windows Malicous Software Removal Tool'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Re: Microsoft Windows Malicous Software Removal Tool
From:       Rick Klinge <rick () FAMHOST ! COM>
Date:       2005-02-09 13:52:44
Message-ID: 000901c50eae$a17b7c10$6b01a8c0 () MGMT
[Download RAW message or body]

> During the month of January 2005, Microsoft apparently
> released something called the "Microsoft Windows Malicous
> Software Removal Tool", not to be confused with the beta
> version of Microsoft Antispyware. I don't recall seeing any
> discussion or articles on this software.
> 
> This application was announced by KB890830.  According to the
> info in KB890830, the tool can be installed through Windows
> Updates or Automatic Updates, or GPO or SMS.  Alternatively,
> it can also be run online, or downloaded and run from the
> command line or script.  A link to the download page can be
> found in the KB article.
> 
> There is also a website dedicated to the product, and updates
> are supposed to be released on the second Tuesday of each
> month, probably along with other updates.  The current
> version works only with Windows XP.
> 
> So far, I have noticed four issues of concern:
> 1.  No such updates have been mentioned in this month's
> (Feb)advance notice of updates, nor was the tool's release
> included in the Jan 2005 summary of security bulletins.
> 
> 2.  KB890830 does NOT describe how to run it from the command
> line.  The result of installing it from WU, is that we now
> have a utility installed that we cannot run.  We may be able
> to figure it out, but it would have been so much easier if MS
> had included the executable filename in the KB article.
> 
> 3.  The download page (
> http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724
> AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en )does not
> inlcude the download button, so the tool cannot be downloaded
> and saved to disk.
> 
> 4.  The tool did NOT download to our SUS server with other
> updates, and install automatically on our client
> workstations.  Arguably, any updates that work through AU
> should have downloaded for distribution via SUS.  However, we
> only discovered it by going to Windows Updates.
> 
> We have not, so far, tried running it from the website.
> 
> I thought I would share this information, and hope that
> someone could point me in the right direction if I happen to
> have overlooked anything, or to be otherwise in error.
> However, the situation currently appears to be as described above.
> 
> Joe Dance
> University of South Carolina

Joe,

http://www.microsoft.com/security/malwareremove/default.mspx


~Rick

_____________________________________________________________________
Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus \
product which automatically notifies the perceived sender of a message it believes is \
infected may well cause more harm than good. Someone who did not actually send you a \
virus may receive the notification and scramble their support staff to find an \
infection which never existed in the first place. Suggest such notifications be \
disabled by whomever is responsible for your AV, or at least that the idea is \
                considered.
--


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic