Microsoft Windows Malicious Software Removal Tool

Each time I switch on my computer I am getting the following unrequested pop-up for some time now :-

User Account Control

Do you want this programme to make changes to your computer?

Programme Name: Microsoft Windows malicious Software Tool

Verified Publisher: Microsoft Windows

FURTHER DETAILS:

Issued To: Microsoft Windows

Issued By: Microsoft Windows Verification PCA

Valid From: 27/7/2014 to 23/1/2015

Version 3

Programme Location: *C:\windows\System 32\MRT.exe''/R/RE

Reading the various Micosoft Community answers to similar questions, I am unsure as to whether this unrequested pop-up is genuine or fake.

I have also been getting monthly phone calls from persons claiming to be from Microsoft, warning that I have viruses on my computer and asking me to turn on my computer and follow their instructions. The police have advised that this is a scam.

So to play safe how do I stop this persistent pop-up which could also be a scam?

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hello there,

In my personal opinion, I would say the Microsoft Windows Malicious Software Removal Tool is legitimate. Do you remember downloading it either from the Microsoft website or through Windows Updates?

In regards to the Microsoft phone calls, they are scams. Microsoft will NEVER call you. Feel free to take a look at the article below about the scam calls.

Microsoft phone scam: don't be a victim

http://www.pcadvisor.co.uk/how-to/security/3378798/microsoft-phone-scam-dont-be-victim/

Thanks,

Legaede

27 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

If this is a scam (or otherwise malicious software)... it's already got a firm hold in your computer.

Reasoning:

  • It has somehow infiltrated System32, a folder that you need Administrator access to save into, and both SYSTEM and TrustedInstaller access to modify.
  • It has modified the certificate-checking system / copied a legitimate certificate from a legitmate program inside itself

Now, if this is legitimate, and installed via Automatc Updates / Microsoft Update, (which this program does every 14 days on a Tuesday), it may have been put in that folder and been given the certificate by Microsoft.

However, I've only seen this program run as soon as it is downloaded by the update program (on Windows 8.1.1, by the way), so this may be fake... but if it is, then it's likely that, considering the points above, it wouldn't need to ask you and is currently doing to your computer whatever viruses do to computers.

To conclude: it is probably 100% legit.

But it might be a good idea to check it with your antivirus first; perform the good ol' Full System Scan.

Who knows? Maybe my OS will become known. Maybe it will become existent.

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Assuming Win7 64-bit with Internet Explorer 11 (IE11) installed...

Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting my post:

1a. When (approx. date) did you purchase the computer?

1b. Did Win7 64-bit come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade the computer to Win7?

2. What is the full name of your installed anti-virus application or security suite and when (approx. date) does your current subscription expire? What anti-spyware applications (other than Defender) are installed? What third-party firewall (if any)?

3. Has a(nother) Norton application or a McAfee application EVER been installed on the computer since you bought it?

4. Did a Norton free-trial or a McAfee free-trial [PICK ONE] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

5. Is KB3023266, KB3021674, KB3022777, KB3019215, KB3008923, and/or KB3013126 listed in Installed Updates (not Update History)? [1]

6. Assuming Java is installed => Is Java Version 8 Update 31 (or higher) or Java Version 7 Update 75 (or higher) installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://java.com/en/download/uninstallapplet.jsp [2]

7. Is Adobe Flash Player v16.0.0.296 (or higher) installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://www.adobe.com/software/flash/about/

8a. When (exact date) was Internet Explorer 11 installed according to Installed Updates?


8b. What Update Version & KB number are displayed in the second line of text in IE11's Help | About [Alt+H+A] tab; e.g., Update Version: XX.0.54 (KB1231231) ?

8c. Is Firefox, Chrome or any other alternate browser installed?

9. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; System Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Registry Booster; McAfee QuickClean; Glary Utilities; AVG PC TuneUp; Norton Registry Cleaner; PCTools Optimiser; SpeedUpMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner's Registry Cleaner component)?

==============================================
[1] Start | Control Panel | Programs and Features | View installed updates (in left-hand menu)

[2] No need to install Java if it's not already installed!

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

This UAC pop-up is precisely what is displayed if you manually run the MRT.exe program from the location listed in the dialog box by clicking it.

What isn't clear is why this prompt is being displayed when the MRT runs automatically, which I've discovered in the recent past now seems to be normal operation.  In the distant past this only ran once immediately after download during the monthly Windows Update, which appears to have changed.

I found a couple other instances in forums where this UAC message was displayed, but no real explanation why it was happening.

If I were you I'd allow it once to see if it stops after that.  If not then I'd look deeper into why it may be operating that way.

Rob

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi PA Bear MS MVP,
Sorry but questions are a bit tedious considering my situation is quite straightforward.
Main points are that I bought the computer about 4 years ago with Windows 7 64-bit and Norton antivirus pre-installed.
I did not renew the annual Norton contract and downloaded Microsoft Security Essentials antivirus software instead.
My computer has run in this simple way, with no other antivirus downloads, for years.
The problem pop-up (every time I boot up the computer) has come a few months ago completely out of the blue without my doing anything to request it. 

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks,

I  have performed a full system scan and nothing was detected.

But I would still rather play safe and stop the pop-up from persistently appearing, if possible? since I never requested it in the first place.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

...I bought the computer about 4 years ago with Windows 7 64-bit and Norton antivirus pre-installed.
I did not renew the annual Norton contract and downloaded Microsoft Security Essentials antivirus software instead.

Had the preinstalled Norton free-trial period already expired by the time you replaced it with MSE?

Did you (a) uninstall the Norton application AND THEN (b) download/run the Norton Removal Tool & reboot (c) BEFORE you installed MSE?

  • Fact: Norton (and McAfee) applications are notorious for not uninstalling (or upgrading) cleanly.

Your answers to #5 through #9 would be appreciated so I'd have a better idea of what's wrong (and right) about the computer-in-question.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Related references may include:

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I have also notified police

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Reply In reply to deleted message
I am not sure if this is a scam or not so no not at the moment until I get kind of reassuring that this is ligite

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I have also notified police

OK...

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated November 24, 2019 Views 9,971 Applies to: