During the month of January 2005, Microsoft apparently
released something called the "Microsoft Windows Malicous
Software Removal Tool", not to be confused with the beta
version of Microsoft Antispyware. I don't recall seeing any
discussion or articles on this software.
This application was announced by KB890830. According to the
info in KB890830, the tool can be installed through Windows
Updates or Automatic Updates, or GPO or SMS. Alternatively,
it can also be run online, or downloaded and run from the
command line or script. A link to the download page can be
found in the KB article.
There is also a website dedicated to the product, and updates
are supposed to be released on the second Tuesday of each
month, probably along with other updates. The current
version works only with Windows XP.
So far, I have noticed four issues of concern:
1. No such updates have been mentioned in this month's
(Feb)advance notice of updates, nor was the tool's release
included in the Jan 2005 summary of security bulletins.
2. KB890830 does NOT describe how to run it from the command
line. The result of installing it from WU, is that we now
have a utility installed that we cannot run. We may be able
to figure it out, but it would have been so much easier if MS
had included the executable filename in the KB article.
3. The download page (
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724
AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en )does not
inlcude the download button, so the tool cannot be downloaded
and saved to disk.
4. The tool did NOT download to our SUS server with other
updates, and install automatically on our client
workstations. Arguably, any updates that work through AU
should have downloaded for distribution via SUS. However, we
only discovered it by going to Windows Updates.
We have not, so far, tried running it from the website.
I thought I would share this information, and hope that
someone could point me in the right direction if I happen to
have overlooked anything, or to be otherwise in error.
However, the situation currently appears to be as described above.
Joe Dance
University of South Carolina
Joe,
http://www.microsoft.com/security/malwareremove/default.mspx
~Rick
_____________________________________________________________________
Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
