MS Recovery Tool
MS Recovery Tool is a computer Trojan that came from the same family as MS Removal Tool. This type of threat was grouped as a rogue anti-virus program because it will promote itself as a legitimate security product, where in fact it was a program that displays fake alerts and warning messages to deceive its victims. Additionally, MS Recovery Tool will run a virus scan once it was installed completely on the compromised computer. It has the capability to modify system settings and add an entry to Windows registry that will make itself to load automatically. Dropped files are hardly detectable because it will contain random characters that and installed on random folders.
Usually, MS Recovery Tool will be spread through Trojan infection. The Trojan will act as a browser hijacker that will point victims Internet search to unsolicited and malicious web sites. These site will run an online scan on visitors computer and declare that the system is infected. A prompt to remove threats will appear and when executed, MS Recovery Tool will be downloaded into the computer and execute itself. Once inside the computer, continuous pop-up alerts are displayed. Some of this are:
MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool.
MS Removal Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
Since this rogue program will provide nothing but annoyances on victims computer, it is advise to remove MS Recovery Tool with the help of real anti-malware programs. A scan by legitimate anti-virus application can also help remove system files created by this malicious application.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | Microsoft Recovery Tool |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of MS Recovery Tool Infection?
It will modify Windows Registry and add the following entries:
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “(random)”
The threat will drop the following malicious files:
c:\Documents and Settings\All Users\Application Data\(random)\
c:\Documents and Settings\All Users\Application Data\(random)\(random)
c:\Documents and Settings\All Users\Application Data\(random)\(random).exe
How to Remove MS Recovery Tool Manually
1. Restart your computer in SafeMode
- Press F8 on keyboard as soon as you turn on the computer
- Select SafeMode to start the computer loading only minimal resources
2. Delete Windows registry entries the malware created. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run
- Type in the field, regedit
- Find registry entries mentioned above and delete if necessary
3. Files related to MS Recovery Tool must be deleted:
- Browse and delete malicious files detected above.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.
4. Run Antivirus Program
- You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats.
- Thoroughly scan the computer and clean or delete all detected threats.
How to Easily Remove MS Recovery Tool
1. Print this procedure as we need to close all running programs later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update the program
- Launch the program
7. The tool will run and update itself after installation. Close it after the update.
8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
9. Click on the icon and start to Perform Full Scan to begin scanning your computer for MS Recovery Tool related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.
14. MS Recovery Tool and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from a full version of anti-malware program..