Malicious Software Tool - No EULA

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello Forum-
I just got the "Malicious Software Tool" via WU. I understand that it is
supposed to run silently and then go away, but I never saw a EULA to agree
to, so did it run?
I ran it from the web, just for kicks, and came up clean, but wondering if
the monthly updates will work for me via WU...
9 answers Last reply
More about malicious software tool eula
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I just got same thing, but from a pop-up window lower right. A check on
    Add/Remove Programs does not show this KB890830 having been installed. Is it
    possible we got spoofed?

    "operaflute" wrote:

    > Hello Forum-
    > I just got the "Malicious Software Tool" via WU. I understand that it is
    > supposed to run silently and then go away, but I never saw a EULA to agree
    > to, so did it run?
    > I ran it from the web, just for kicks, and came up clean, but wondering if
    > the monthly updates will work for me via WU...
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Not sure how to interpret the first comment, however Microsoft suggests:
    • When you download the tool from Windows Update or from Automatic Updates,
    the tool always runs in quiet mode.
    • When you run the tool from our Web site at http://www.microsoft.com, the
    tool always displays a user interface (UI).
    • When you download the tool from the Microsoft Download Center, the tool
    ordinarily displays a UI when it runs. However, if you supply the /Q
    command-line switch, it runs in quiet mode.


    "Roy" wrote:

    > I just got same thing, but from a pop-up window lower right. A check on
    > Add/Remove Programs does not show this KB890830 having been installed. Is it
    > possible we got spoofed?
    >
    > "operaflute" wrote:
    >
    > > Hello Forum-
    > > I just got the "Malicious Software Tool" via WU. I understand that it is
    > > supposed to run silently and then go away, but I never saw a EULA to agree
    > > to, so did it run?
    > > I ran it from the web, just for kicks, and came up clean, but wondering if
    > > the monthly updates will work for me via WU...
    > >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I have a different problem with Malicious Software Tool. When running Norton
    Antivirus Realtime Protection Scan, it repeatedly displays the following
    alert: Virus name: Downloader.Trojan File: C:\WINDOWS\system32\g0l2d.dll
    Location: C:\WINDOWS\system32.

    As I haven't seen this before, I believe it results from the tool. Any
    suggestions on how to stop this from happening (other than not running the
    realtime scan) or how to remove the tool?

    Thanks...

    A
    Any suggestions on how to
    4 posts



    "operaflute" wrote:

    > Hello Forum-
    > I just got the "Malicious Software Tool" via WU. I understand that it is
    > supposed to run silently and then go away, but I never saw a EULA to agree
    > to, so did it run?
    > I ran it from the web, just for kicks, and came up clean, but wondering if
    > the monthly updates will work for me via WU...
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Coincidental, I'll bet. The Malicious Software Tool runs and if it finds
    nothing the tool is deleted.

    g0l2d.dll is probably the virus.

    Downloader.Trojan
    http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html

    --
    Hope this helps. Let us know.
    Wes

    In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
    harvey611 <harvey611@hotmail.com> hunted and pecked:
    > I have a different problem with Malicious Software Tool. When running
    > Norton Antivirus Realtime Protection Scan, it repeatedly displays the
    > following alert: Virus name: Downloader.Trojan File:
    > C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
    >
    > As I haven't seen this before, I believe it results from the tool. Any
    > suggestions on how to stop this from happening (other than not
    > running the realtime scan) or how to remove the tool?
    >
    > Thanks...
    >
    > A
    > Any suggestions on how to
    > 4 posts
    >
    >
    >
    > "operaflute" wrote:
    >
    >> Hello Forum-
    >> I just got the "Malicious Software Tool" via WU. I understand that
    >> it is supposed to run silently and then go away, but I never saw a
    >> EULA to agree to, so did it run?
    >> I ran it from the web, just for kicks, and came up clean, but
    >> wondering if the monthly updates will work for me via WU...
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I should have said that I got it through AU, not WU. I thought that I would
    get a EULA the first time (as opposed to each month) But as posted in an
    earlier post, I guess there is no EULA via AU.
    Thanks

    "Wesley Vogel" wrote:

    > Coincidental, I'll bet. The Malicious Software Tool runs and if it finds
    > nothing the tool is deleted.
    >
    > g0l2d.dll is probably the virus.
    >
    > Downloader.Trojan
    > http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html
    >
    > --
    > Hope this helps. Let us know.
    > Wes
    >
    > In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
    > harvey611 <harvey611@hotmail.com> hunted and pecked:
    > > I have a different problem with Malicious Software Tool. When running
    > > Norton Antivirus Realtime Protection Scan, it repeatedly displays the
    > > following alert: Virus name: Downloader.Trojan File:
    > > C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
    > >
    > > As I haven't seen this before, I believe it results from the tool. Any
    > > suggestions on how to stop this from happening (other than not
    > > running the realtime scan) or how to remove the tool?
    > >
    > > Thanks...
    > >
    > > A
    > > Any suggestions on how to
    > > 4 posts
    > >
    > >
    > >
    > > "operaflute" wrote:
    > >
    > >> Hello Forum-
    > >> I just got the "Malicious Software Tool" via WU. I understand that
    > >> it is supposed to run silently and then go away, but I never saw a
    > >> EULA to agree to, so did it run?
    > >> I ran it from the web, just for kicks, and came up clean, but
    > >> wondering if the monthly updates will work for me via WU...
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    See what the mrt.log says...

    Paste this in the Start | Run box...

    %windir%\debug\mrt.log

    Click OK

    --
    Hope this helps. Let us know.
    Wes

    In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
    operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
    > I should have said that I got it through AU, not WU. I thought that
    > I would get a EULA the first time (as opposed to each month) But as
    > posted in an earlier post, I guess there is no EULA via AU.
    > Thanks
    >
    > "Wesley Vogel" wrote:
    >
    >> Coincidental, I'll bet. The Malicious Software Tool runs and if it
    >> finds nothing the tool is deleted.
    >>
    >> g0l2d.dll is probably the virus.
    >>
    >> Downloader.Trojan
    >>
    http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html
    >>
    >> --
    >> Hope this helps. Let us know.
    >> Wes
    >>
    >> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
    >> harvey611 <harvey611@hotmail.com> hunted and pecked:
    >>> I have a different problem with Malicious Software Tool. When
    >>> running Norton Antivirus Realtime Protection Scan, it repeatedly
    >>> displays the following alert: Virus name: Downloader.Trojan File:
    >>> C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
    >>>
    >>> As I haven't seen this before, I believe it results from the tool.
    >>> Any suggestions on how to stop this from happening (other than not
    >>> running the realtime scan) or how to remove the tool?
    >>>
    >>> Thanks...
    >>>
    >>> A
    >>> Any suggestions on how to
    >>> 4 posts
    >>>
    >>>
    >>>
    >>> "operaflute" wrote:
    >>>
    >>>> Hello Forum-
    >>>> I just got the "Malicious Software Tool" via WU. I understand that
    >>>> it is supposed to run silently and then go away, but I never saw a
    >>>> EULA to agree to, so did it run?
    >>>> I ran it from the web, just for kicks, and came up clean, but
    >>>> wondering if the monthly updates will work for me via WU...
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Sure enough - it ran twice. Once from the AU, once when I did it from the
    web page. Came up clean both time. Would be nice to see some sort of UI
    confimation of the process, though, even if it comes via AU...

    "Wesley Vogel" wrote:

    > See what the mrt.log says...
    >
    > Paste this in the Start | Run box...
    >
    > %windir%\debug\mrt.log
    >
    > Click OK
    >
    > --
    > Hope this helps. Let us know.
    > Wes
    >
    > In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
    > operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
    > > I should have said that I got it through AU, not WU. I thought that
    > > I would get a EULA the first time (as opposed to each month) But as
    > > posted in an earlier post, I guess there is no EULA via AU.
    > > Thanks
    > >
    > > "Wesley Vogel" wrote:
    > >
    > >> Coincidental, I'll bet. The Malicious Software Tool runs and if it
    > >> finds nothing the tool is deleted.
    > >>
    > >> g0l2d.dll is probably the virus.
    > >>
    > >> Downloader.Trojan
    > >>
    > http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html
    > >>
    > >> --
    > >> Hope this helps. Let us know.
    > >> Wes
    > >>
    > >> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
    > >> harvey611 <harvey611@hotmail.com> hunted and pecked:
    > >>> I have a different problem with Malicious Software Tool. When
    > >>> running Norton Antivirus Realtime Protection Scan, it repeatedly
    > >>> displays the following alert: Virus name: Downloader.Trojan File:
    > >>> C:\WINDOWS\system32\g0l2d.dll Location: C:\WINDOWS\system32.
    > >>>
    > >>> As I haven't seen this before, I believe it results from the tool.
    > >>> Any suggestions on how to stop this from happening (other than not
    > >>> running the realtime scan) or how to remove the tool?
    > >>>
    > >>> Thanks...
    > >>>
    > >>> A
    > >>> Any suggestions on how to
    > >>> 4 posts
    > >>>
    > >>>
    > >>>
    > >>> "operaflute" wrote:
    > >>>
    > >>>> Hello Forum-
    > >>>> I just got the "Malicious Software Tool" via WU. I understand that
    > >>>> it is supposed to run silently and then go away, but I never saw a
    > >>>> EULA to agree to, so did it run?
    > >>>> I ran it from the web, just for kicks, and came up clean, but
    > >>>> wondering if the monthly updates will work for me via WU...
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    operaflute wrote:

    > Hello Forum-
    > I just got the "Malicious Software Tool" via WU. I understand
    > that it is supposed to run silently and then go away, but I
    > never saw a EULA to agree to, so did it run?
    Hi

    When KB890830 runs from WU or AU, it runs in unattended mode, so no
    EULA is presented to the end user.

    After the scan is complete, the tool creates a file Mrt.log that
    contains the results of the scan. The file is in the %windir%\Debug
    folder (%windir% is typically C:\Windows).

    Check the content of Mrt.log to see when the tool have been run, and
    the result.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Apparently no news is good news. The darn thing had me running around
    trying to see what happened also.

    [[Q2. How do I verify whether the removal tool has run on a client computer?

    A2. You can examine the following registry key to verify the execution of
    the tool. Note that you can implement such a check as part of a startup or
    logon script. This will prevent the tool from running multiple times.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT with value named
    "Version".

    Every time the tool is executed, independent of the results of the
    execution, the tool will record a GUID to the registry to indicate that it
    has been executed. The following table lists the GUID corresponding to each
    release.

    Release Value Data
    January 2005 E5DD9936-C147-4CD1-86D3-FED80FAADA6C ]]

    Deployment of the Microsoft Windows Malicious Software Removal Tool in an
    enterprise environment
    http://support.microsoft.com/default.aspx?scid=kb;en-us;891716

    --
    Hope this helps. Let us know.
    Wes

    In news:96AD750B-78AF-4E1A-99B7-056F5BF10BAE@microsoft.com,
    operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
    > Sure enough - it ran twice. Once from the AU, once when I did it
    > from the web page. Came up clean both time. Would be nice to see
    > some sort of UI confimation of the process, though, even if it comes
    > via AU...
    >
    > "Wesley Vogel" wrote:
    >
    >> See what the mrt.log says...
    >>
    >> Paste this in the Start | Run box...
    >>
    >> %windir%\debug\mrt.log
    >>
    >> Click OK
    >>
    >> --
    >> Hope this helps. Let us know.
    >> Wes
    >>
    >> In news:1F52A20C-E8B8-4185-9162-651172AEB3CA@microsoft.com,
    >> operaflute <operaflute@discussions.microsoft.com> hunted and pecked:
    >>> I should have said that I got it through AU, not WU. I thought that
    >>> I would get a EULA the first time (as opposed to each month) But as
    >>> posted in an earlier post, I guess there is no EULA via AU.
    >>> Thanks
    >>>
    >>> "Wesley Vogel" wrote:
    >>>
    >>>> Coincidental, I'll bet. The Malicious Software Tool runs and if it
    >>>> finds nothing the tool is deleted.
    >>>>
    >>>> g0l2d.dll is probably the virus.
    >>>>
    >>>> Downloader.Trojan
    >>>>
    >>
    http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html
    >>>>
    >>>> --
    >>>> Hope this helps. Let us know.
    >>>> Wes
    >>>>
    >>>> In news:67023D90-4457-4FAC-8B03-927088F6E76B@microsoft.com,
    >>>> harvey611 <harvey611@hotmail.com> hunted and pecked:
    >>>>> I have a different problem with Malicious Software Tool. When
    >>>>> running Norton Antivirus Realtime Protection Scan, it repeatedly
    >>>>> displays the following alert: Virus name: Downloader.Trojan
    >>>>> File: C:\WINDOWS\system32\g0l2d.dll Location:
    >>>>> C:\WINDOWS\system32.
    >>>>>
    >>>>> As I haven't seen this before, I believe it results from the tool.
    >>>>> Any suggestions on how to stop this from happening (other than not
    >>>>> running the realtime scan) or how to remove the tool?
    >>>>>
    >>>>> Thanks...
    >>>>>
    >>>>> A
    >>>>> Any suggestions on how to
    >>>>> 4 posts
    >>>>>
    >>>>>
    >>>>>
    >>>>> "operaflute" wrote:
    >>>>>
    >>>>>> Hello Forum-
    >>>>>> I just got the "Malicious Software Tool" via WU. I understand
    >>>>>> that it is supposed to run silently and then go away, but I
    >>>>>> never saw a EULA to agree to, so did it run?
    >>>>>> I ran it from the web, just for kicks, and came up clean, but
    >>>>>> wondering if the monthly updates will work for me via WU...
Ask a new question

Read More

Security Microsoft Software Windows XP