Click here to get back home

Tell users how to restore files removed by MRT
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Tell users how to restore files removed by MRT Ian 10-07-2008
Get Chitika Premium
Posted by Ian on October 7, 2008, 12:06 pm
Please log in for more thread options

I ran mrt.exe even though I scan with norton corporate. It started removing
or modifying thousands of binaries on the system. Email clients, text
editors, countless apps. I've run checksums on several of these binaries
against the publishers' hashes and they are all identical.

So how the hell do I restore/undo MRT's actions? All I can find in the KB
articles about MRT is that everything is in a log and that MRT "may not be
able to" undo the actions to some files.

If you really can restore or undo what MRT suggests as the KB hints, how the
hell do you do it?! And don't say "system restore point". This should
definitely be posted on your monthly updated KB article guys! Don't you think?

To give you an example, it deleted a multitude of binaries in the VS.NET 8.0
PF group.

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?mid=9920d664-1950-4ed8-8c25-9653ae70cb5d&dg=microsoft.public.security.virus

Posted by Peter Foldes on October 7, 2008, 12:42 pm
Please log in for more thread options

MRT does not remove those type of files. Every you have updated this =
tool it has run and has probably done no harm. Open the start panel of =
MRT and see which names of malware's it does remove. Not even close to =
Binaries.

If those (Binaries)were removed then check another source maybe even =
Norton or your computer.Also your system can be already infected as I =
believe

--=20
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

>I ran mrt.exe even though I scan with norton corporate. It started =
removing=20
> or modifying thousands of binaries on the system. Email clients, text=20
> editors, countless apps. I've run checksums on several of these =
binaries=20
> against the publishers' hashes and they are all identical.
>=20
> So how the hell do I restore/undo MRT's actions? All I can find in the =
KB=20
> articles about MRT is that everything is in a log and that MRT "may =
not be=20
> able to" undo the actions to some files.
>=20
> If you really can restore or undo what MRT suggests as the KB hints, =
how the=20
> hell do you do it?! And don't say "system restore point". This should=20
> definitely be posted on your monthly updated KB article guys! Don't =
you think?
>=20
> To give you an example, it deleted a multitude of binaries in the =
VS.NET 8.0=20
> PF group.
>=20
> ----------------
> This post is a suggestion for Microsoft, and Microsoft responds to the =

> suggestions with the most votes. To vote for this suggestion, click =
the "I=20
> Agree" button in the message pane. If you do not see the button, =
follow this=20
> link to open the suggestion in the Microsoft Web-based Newsreader and =
then=20
> click "I Agree" in the message pane.
>=20
> =
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?m=
id=3D9920d664-1950-4ed8-8c25-9653ae70cb5d&dg=3Dmicrosoft.public.security.=
virus

Posted by Ian on October 7, 2008, 1:58 pm
Please log in for more thread options


Binaries can contain malicious code. That's why they are scanned for patterns
within the code by scanning utilities. I think you're confusing names of
infections with file types. If it didn't remove exe files, why would it scan
them? If you don't think binary files are succeptable to infection, perhaps
you shouldn't be posting here? MRT definitely touched those type of files.
The binaries are specifically mentioned in the mrt.log. I'm very aware of
what norton and windows defender are doing, and they have not touched said
binaries.

"Every you have updated this tool it has run and has probably done no harm."
That's a bold statement. Software is hardly infallible. Search the archives
of this forum to see where users helped Microsoft uncover bugs in this very
tool.

What's disconcerting is that both Defender and NAV don't hit on any of the
10,629 files that MRT touched. Even Internet Explorer and Outlook
Express/MSNIM were broken after the scan.

In any case, this doesn't change the fact that MRT doesn't backup files it
modifies. It could at least be an option or cmd line switch.

"Peter Foldes" wrote:

> MRT does not remove those type of files. Every you have updated this tool it
has run and has probably done no harm. Open the start panel of MRT and see which
names of malware's it does remove. Not even close to Binaries.
>
> If those (Binaries)were removed then check another source maybe even Norton or
your computer.Also your system can be already infected as I believe
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>

Posted by Peter Foldes on October 7, 2008, 5:16 pm
Please log in for more thread options


MRT would not report on Binaries and it will leave them alone and =
definitely not remove them unless they are infected with one of MRT's =
listed malewares that it checks for

In your place I would be looking at Norton with a long hard look.

--=20
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

> Binaries can contain malicious code. That's why they are scanned for =
patterns=20
> within the code by scanning utilities. I think you're confusing names =
of=20
> infections with file types. If it didn't remove exe files, why would =
it scan=20
> them? If you don't think binary files are succeptable to infection, =
perhaps=20
> you shouldn't be posting here? MRT definitely touched those type of =
files.=20
> The binaries are specifically mentioned in the mrt.log. I'm very aware =
of=20
> what norton and windows defender are doing, and they have not touched =
said=20
> binaries.
>=20
> "Every you have updated this tool it has run and has probably done no =
harm."=20
> That's a bold statement. Software is hardly infallible. Search the =
archives=20
> of this forum to see where users helped Microsoft uncover bugs in this =
very=20
> tool.
>=20
> What's disconcerting is that both Defender and NAV don't hit on any of =
the=20
> 10,629 files that MRT touched. Even Internet Explorer and Outlook=20
> Express/MSNIM were broken after the scan.
>=20
> In any case, this doesn't change the fact that MRT doesn't backup =
files it=20
> modifies. It could at least be an option or cmd line switch.
>=20
> "Peter Foldes" wrote:
>=20
>> MRT does not remove those type of files. Every you have updated this =
tool it has run and has probably done no harm. Open the start panel of =
MRT and see which names of malware's it does remove. Not even close to =
Binaries.
>>=20
>> If those (Binaries)were removed then check another source maybe even =
Norton or your computer.Also your system can be already infected as I =
believe
>>=20
>> --=20
>> Peter
>>=20
>> Please Reply to Newsgroup for the benefit of others
>> Requests for assistance by email can not and will not be =
acknowledged.
>>

Posted by David H. Lipman on October 7, 2008, 5:32 pm
Please log in for more thread options



| I ran mrt.exe even though I scan with norton corporate. It started removing
| or modifying thousands of binaries on the system. Email clients, text
| editors, countless apps. I've run checksums on several of these binaries
| against the publishers' hashes and they are all identical.

| So how the hell do I restore/undo MRT's actions? All I can find in the KB
| articles about MRT is that everything is in a log and that MRT "may not be
| able to" undo the actions to some files.

| If you really can restore or undo what MRT suggests as the KB hints, how the
| hell do you do it?! And don't say "system restore point". This should
| definitely be posted on your monthly updated KB article guys! Don't you think?

| To give you an example, it deleted a multitude of binaries in the VS.NET 8.0
| PF group.

If the "binaries" were infected by a virus by appending, prepending, etc., and
the viral
component could NOT be removed then the files will be deleted.

If the "binaries" were trojanized by appending, prepending, etc., and the added
malware
component could NOT be removed then the files will be deleted.

the Malicious Software Removal Tool (MRT) Log is at...

C:\WINDOWS\Debug\mrt.log

Please post the excepts from the log around the date in which this occured
(presumeably
Oct. 2008).

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
MWAV, infected _restore files, and System Restore? January 3, 2006, 11:55 pm
What Internet users need to know. December 3, 2007, 7:01 am
Question for Hotmail (or TrendMicro) Users August 23, 2005, 10:31 am
W32.alcra.c REMOVED FINALLY!!! August 1, 2006, 10:10 pm
Virus removed webpages still restricted. Advice please October 7, 2005, 5:03 am
Tough I removed it, I do not know what it is: dllhost32 data resources September 8, 2006, 5:41 pm
Removed Norton Antivirus and can't connect to internet December 19, 2006, 7:23 pm
How would I have manually removed Trojan-Downloader.Win32.ConHook.bd May 17, 2007, 2:25 pm
System Restore File is a PUP August 1, 2006, 2:05 am
"Restore my Active Desktop" doesn't work June 26, 2005, 7:53 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap