Sign in with
Sign up | Sign in
Your question

Malicious Software Tool - No EULA

Last response: in Windows XP
Share
Anonymous
a b 8 Security
January 12, 2005 5:23:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello Forum-
I just got the "Malicious Software Tool" via WU. I understand that it is
supposed to run silently and then go away, but I never saw a EULA to agree
to, so did it run?
I ran it from the web, just for kicks, and came up clean, but wondering if
the monthly updates will work for me via WU...
January 12, 2005 5:59:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I just got same thing, but from a pop-up window lower right. A check on
Add/Remove Programs does not show this KB890830 having been installed. Is it
possible we got spoofed?

"operaflute" wrote:

> Hello Forum-
> I just got the "Malicious Software Tool" via WU. I understand that it is
> supposed to run silently and then go away, but I never saw a EULA to agree
> to, so did it run?
> I ran it from the web, just for kicks, and came up clean, but wondering if
> the monthly updates will work for me via WU...
>
January 12, 2005 6:41:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Not sure how to interpret the first comment, however Microsoft suggests:
• When you download the tool from Windows Update or from Automatic Updates,
the tool always runs in quiet mode.
• When you run the tool from our Web site at http://www.microsoft.com, the
tool always displays a user interface (UI).
• When you download the tool from the Microsoft Download Center, the tool
ordinarily displays a UI when it runs. However, if you supply the /Q
command-line switch, it runs in quiet mode.


"Roy" wrote:

> I just got same thing, but from a pop-up window lower right. A check on
> Add/Remove Programs does not show this KB890830 having been installed. Is it
> possible we got spoofed?
>
> "operaflute" wrote:
>
> > Hello Forum-
> > I just got the "Malicious Software Tool" via WU. I understand that it is
> > supposed to run silently and then go away, but I never saw a EULA to agree
> > to, so did it run?
> > I ran it from the web, just for kicks, and came up clean, but wondering if
> > the monthly updates will work for me via WU...
> >
Related resources
Anonymous
a b 8 Security
January 12, 2005 8:23:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have a different problem with Malicious Software Tool. When running Norton
Antivirus Realtime Protection Scan, it repeatedly displays the following
alert: Virus name: Downloader.Trojan File: C:\WINDOWS\system32\g0l2d.dll
Location: C:\WINDOWS\system32.

As I haven't seen this before, I believe it results from the tool. Any
suggestions on how to stop this from happening (other than not running the
realtime scan) or how to remove the tool?

Thanks...

A
Any suggestions on how to
4 posts



"operaflute" wrote:

> Hello Forum-
> I just got the "Malicious Software Tool" via WU. I understand that it is
> supposed to run silently and then go away, but I never saw a EULA to agree
> to, so did it run?
> I ran it from the web, just for kicks, and came up clean, but wondering if
> the monthly updates will work for me via WU...
>
Anonymous
a b 8 Security
January 12, 2005 9:53:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Coincidental, I'll bet. The Malicious Software Tool runs and if it finds
nothing the tool is deleted.

g0l2d.dll is probably the virus.

Downloader.Trojan
http://securityresponse.symantec.com/avcenter/venc/data...

--
Hope this helps. Let us know.
Wes

In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
harvey611 <harvey611@hotmail.com> hunted and pecked:
> I have a different problem with Malicious Software Tool. When running
> Norton Antivirus Realtime Protection Scan, it repeatedly displays the
> following alert: Virus name: Downloader.Trojan File:
> C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
>
> As I haven't seen this before, I believe it results from the tool. Any
> suggestions on how to stop this from happening (other than not
> running the realtime scan) or how to remove the tool?
>
> Thanks...
>
> A
> Any suggestions on how to
> 4 posts
>
>
>
> "operaflute" wrote:
>
>> Hello Forum-
>> I just got the "Malicious Software Tool" via WU. I understand that
>> it is supposed to run silently and then go away, but I never saw a
>> EULA to agree to, so did it run?
>> I ran it from the web, just for kicks, and came up clean, but
>> wondering if the monthly updates will work for me via WU...
Anonymous
a b 8 Security
January 12, 2005 9:53:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I should have said that I got it through AU, not WU. I thought that I would
get a EULA the first time (as opposed to each month) But as posted in an
earlier post, I guess there is no EULA via AU.
Thanks

"Wesley Vogel" wrote:

> Coincidental, I'll bet. The Malicious Software Tool runs and if it finds
> nothing the tool is deleted.
>
> g0l2d.dll is probably the virus.
>
> Downloader.Trojan
> http://securityresponse.symantec.com/avcenter/venc/data...
>
> --
> Hope this helps. Let us know.
> Wes
>
> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
> harvey611 <harvey611@hotmail.com> hunted and pecked:
> > I have a different problem with Malicious Software Tool. When running
> > Norton Antivirus Realtime Protection Scan, it repeatedly displays the
> > following alert: Virus name: Downloader.Trojan File:
> > C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
> >
> > As I haven't seen this before, I believe it results from the tool. Any
> > suggestions on how to stop this from happening (other than not
> > running the realtime scan) or how to remove the tool?
> >
> > Thanks...
> >
> > A
> > Any suggestions on how to
> > 4 posts
> >
> >
> >
> > "operaflute" wrote:
> >
> >> Hello Forum-
> >> I just got the "Malicious Software Tool" via WU. I understand that
> >> it is supposed to run silently and then go away, but I never saw a
> >> EULA to agree to, so did it run?
> >> I ran it from the web, just for kicks, and came up clean, but
> >> wondering if the monthly updates will work for me via WU...
>
>
Anonymous
a b 8 Security
January 12, 2005 11:19:58 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

See what the mrt.log says...

Paste this in the Start | Run box...

%windir%\debug\mrt.log

Click OK

--
Hope this helps. Let us know.
Wes

In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
> I should have said that I got it through AU, not WU. I thought that
> I would get a EULA the first time (as opposed to each month) But as
> posted in an earlier post, I guess there is no EULA via AU.
> Thanks
>
> "Wesley Vogel" wrote:
>
>> Coincidental, I'll bet. The Malicious Software Tool runs and if it
>> finds nothing the tool is deleted.
>>
>> g0l2d.dll is probably the virus.
>>
>> Downloader.Trojan
>>
http://securityresponse.symantec.com/avcenter/venc/data...
>>
>> --
>> Hope this helps. Let us know.
>> Wes
>>
>> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
>> harvey611 <harvey611@hotmail.com> hunted and pecked:
>>> I have a different problem with Malicious Software Tool. When
>>> running Norton Antivirus Realtime Protection Scan, it repeatedly
>>> displays the following alert: Virus name: Downloader.Trojan File:
>>> C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
>>>
>>> As I haven't seen this before, I believe it results from the tool.
>>> Any suggestions on how to stop this from happening (other than not
>>> running the realtime scan) or how to remove the tool?
>>>
>>> Thanks...
>>>
>>> A
>>> Any suggestions on how to
>>> 4 posts
>>>
>>>
>>>
>>> "operaflute" wrote:
>>>
>>>> Hello Forum-
>>>> I just got the "Malicious Software Tool" via WU. I understand that
>>>> it is supposed to run silently and then go away, but I never saw a
>>>> EULA to agree to, so did it run?
>>>> I ran it from the web, just for kicks, and came up clean, but
>>>> wondering if the monthly updates will work for me via WU...
Anonymous
a b 8 Security
January 12, 2005 11:35:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Sure enough - it ran twice. Once from the AU, once when I did it from the
web page. Came up clean both time. Would be nice to see some sort of UI
confimation of the process, though, even if it comes via AU...

"Wesley Vogel" wrote:

> See what the mrt.log says...
>
> Paste this in the Start | Run box...
>
> %windir%\debug\mrt.log
>
> Click OK
>
> --
> Hope this helps. Let us know.
> Wes
>
> In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
> operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
> > I should have said that I got it through AU, not WU. I thought that
> > I would get a EULA the first time (as opposed to each month) But as
> > posted in an earlier post, I guess there is no EULA via AU.
> > Thanks
> >
> > "Wesley Vogel" wrote:
> >
> >> Coincidental, I'll bet. The Malicious Software Tool runs and if it
> >> finds nothing the tool is deleted.
> >>
> >> g0l2d.dll is probably the virus.
> >>
> >> Downloader.Trojan
> >>
> http://securityresponse.symantec.com/avcenter/venc/data...
> >>
> >> --
> >> Hope this helps. Let us know.
> >> Wes
> >>
> >> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
> >> harvey611 <harvey611@hotmail.com> hunted and pecked:
> >>> I have a different problem with Malicious Software Tool. When
> >>> running Norton Antivirus Realtime Protection Scan, it repeatedly
> >>> displays the following alert: Virus name: Downloader.Trojan File:
> >>> C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
> >>>
> >>> As I haven't seen this before, I believe it results from the tool.
> >>> Any suggestions on how to stop this from happening (other than not
> >>> running the realtime scan) or how to remove the tool?
> >>>
> >>> Thanks...
> >>>
> >>> A
> >>> Any suggestions on how to
> >>> 4 posts
> >>>
> >>>
> >>>
> >>> "operaflute" wrote:
> >>>
> >>>> Hello Forum-
> >>>> I just got the "Malicious Software Tool" via WU. I understand that
> >>>> it is supposed to run silently and then go away, but I never saw a
> >>>> EULA to agree to, so did it run?
> >>>> I ran it from the web, just for kicks, and came up clean, but
> >>>> wondering if the monthly updates will work for me via WU...
>
>
Anonymous
a b 8 Security
January 13, 2005 3:38:33 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

operaflute wrote:

> Hello Forum-
> I just got the "Malicious Software Tool" via WU. I understand
> that it is supposed to run silently and then go away, but I
> never saw a EULA to agree to, so did it run?
Hi

When KB890830 runs from WU or AU, it runs in unattended mode, so no
EULA is presented to the end user.

After the scan is complete, the tool creates a file Mrt.log that
contains the results of the scan. The file is in the %windir%\Debug
folder (%windir% is typically C:\Windows).

Check the content of Mrt.log to see when the tool have been run, and
the result.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
January 13, 2005 7:28:24 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Apparently no news is good news. The darn thing had me running around
trying to see what happened also.

[[Q2. How do I verify whether the removal tool has run on a client computer?

A2. You can examine the following registry key to verify the execution of
the tool. Note that you can implement such a check as part of a startup or
logon script. This will prevent the tool from running multiple times.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT with value named
"Version".

Every time the tool is executed, independent of the results of the
execution, the tool will record a GUID to the registry to indicate that it
has been executed. The following table lists the GUID corresponding to each
release.

Release Value Data
January 2005 E5DD9936-C147-4CD1-86D3-FED80FAADA6C ]]

Deployment of the Microsoft Windows Malicious Software Removal Tool in an
enterprise environment
http://support.microsoft.com/default.aspx?scid=kb;en-us;891716

--
Hope this helps. Let us know.
Wes

In news:96AD750B-78AF-4E1A-99B7-056F5BF10BAE@microsoft.com,
operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
> Sure enough - it ran twice. Once from the AU, once when I did it
> from the web page. Came up clean both time. Would be nice to see
> some sort of UI confimation of the process, though, even if it comes
> via AU...
>
> "Wesley Vogel" wrote:
>
>> See what the mrt.log says...
>>
>> Paste this in the Start | Run box...
>>
>> %windir%\debug\mrt.log
>>
>> Click OK
>>
>> --
>> Hope this helps. Let us know.
>> Wes
>>
>> In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
>> operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
>>> I should have said that I got it through AU, not WU. I thought that
>>> I would get a EULA the first time (as opposed to each month) But as
>>> posted in an earlier post, I guess there is no EULA via AU.
>>> Thanks
>>>
>>> "Wesley Vogel" wrote:
>>>
>>>> Coincidental, I'll bet. The Malicious Software Tool runs and if it
>>>> finds nothing the tool is deleted.
>>>>
>>>> g0l2d.dll is probably the virus.
>>>>
>>>> Downloader.Trojan
>>>>
>>
http://securityresponse.symantec.com/avcenter/venc/data...
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>> Wes
>>>>
>>>> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
>>>> harvey611 <harvey611@hotmail.com> hunted and pecked:
>>>>> I have a different problem with Malicious Software Tool. When
>>>>> running Norton Antivirus Realtime Protection Scan, it repeatedly
>>>>> displays the following alert: Virus name: Downloader.Trojan
>>>>> File: C:\WINDOWS\system32\g0l2d.dll Location:
>>>>> C:\WINDOWS\system32.
>>>>>
>>>>> As I haven't seen this before, I believe it results from the tool.
>>>>> Any suggestions on how to stop this from happening (other than not
>>>>> running the realtime scan) or how to remove the tool?
>>>>>
>>>>> Thanks...
>>>>>
>>>>> A
>>>>> Any suggestions on how to
>>>>> 4 posts
>>>>>
>>>>>
>>>>>
>>>>> "operaflute" wrote:
>>>>>
>>>>>> Hello Forum-
>>>>>> I just got the "Malicious Software Tool" via WU. I understand
>>>>>> that it is supposed to run silently and then go away, but I
>>>>>> never saw a EULA to agree to, so did it run?
>>>>>> I ran it from the web, just for kicks, and came up clean, but
>>>>>> wondering if the monthly updates will work for me via WU...
!