MSRT – Computer Security Articles

MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite

February 22, 2017 admin Antimalware research for IT pros and enthusiasts, BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/SupTab, Chuckenit, Ghokswa, Malicious Software Removal Tool, Microsoft Malicious Software Removal Tool, MSRT, Sasquor, SupTab, Suweezy, Trojan, Trojan:Win32/Chuckenit.A, Trojan:Win32/Ghokswa, Trojan:Win32/Suweezy, Trojan:Win32/Xadupi, Unwanted software, Windows 10, Windows Defender, Xadupi

Credit to Author: msft-mmpc| Date: Wed, 22 Feb 2017 22:45:06 +0000

In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection…

Microsoft Security

MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, browser modifier, BrowserModifier:Win32/Clodaconas, Clodaconas, DNS hijacking, Injecting ads, Microsoft Malicious Software Removal Tool, MSRT, MSRT removes Clodaconas, Unwanted software, Windows 10, Windows Defender

In this month’s Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you’re browsing the internet. It modifies search results pages so that you see unsolicited ads related to your…

Microsoft Security

MSRT November 2016: Unwanted software has nowhere to hide in this month’s release

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, browser modifier with rootkit capabilities, BrowserModifier:Win32/Soctuseer, InstallMonster, Internet Explorer Browser Extensions, Keeping browsing experience in users' hands, Microsoft browser extension policy, Microsoft Edge, Microsoft Malicious Software Removal Tool, MSRT, Objective Criteria, rootkit, Social2Search, Soctuseer, software bundlers, SoftwareBundler:Win32/InstallMonster, SoftwareBundler:Win32/Techrelinst, Techrelinst, Unwanted software, Windows Defender, Windows Defender in Windows 10

We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level. Rootkit capabilities, which make it difficult to detect and remove applications, are usually associated with malware. Yet…

Microsoft Security

MSRT October 2016 release: Adding more unwanted software detections

January 23, 2017 admin BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/SupTab, Checking Windows Defender exclusions, Ghokswa, Microsoft Edge, Microsoft Malicious Software Removal Tool, MSRT, MSRT release October 2016, Objective Criteria, Sasquor, software bundler, SupTab, Suweezy, Trojan, Trojan:Win32/Ghokswa, Trojan:Win32/Suweezy, Trojan:Win32/Xadupi, Uncategorized, Unwanted software, Windows 10, Windows Defender, Xadupi

Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or “extra” software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that…

Microsoft Security

MSRT September 2016 release feature: Prifou

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, browser modifier, BrowserModifier:Win32/Prifou, Microsoft Malicious Software Removal Tool, Microsoft's objective criteria, MSRT, MSRT September 2016, NightClick, Objective Criteria, Prifou, Suweezy, Trojan:Win32/Suweezy, Trojan:Win32/Xadupi, TrojanClicker:Win32/NightClick, Unwanted software, unwanted software objective criteria, Windows Defender, Xadupi

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this September includes detections for: BrowserModifier:Win32/Prifou TrojanClicker:Win32/NightClick Trojan:Win32/Suweezy Trojan:Win32/Xadupi This blog discusses BrowserModifier:Win32/Prifou (Prifou). Windows Defender detects this threat because it limits your choice and control over your browser and operating system. The unwanted behaviors are detailed…

Microsoft Security

MSRT August 2016 release adds Neobar detection

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, browser modifier, browser modifier objective criteria violation, BrowserModifier:Win32/Neobar, Microsoft Malicious Software Removal Tool, MSRT, Neobar, Objective Criteria, SoftwareBundler:Win32/Dlboost, SoftwareBundler:Win32/InstallMonster, Unwanted software

As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses BrowserModifier:Win32/Neobar and its inclusion in MSRT supports our unwanted software family detections in Windows Defender, along…

Microsoft Security

MSRT July 2016 – Cerber ransomware

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Cerber, Cerber infection chain, Exxroute, Locky, Microsoft Malicious Software Removal Tool, MSRT, ransomware, ransomware detection, ransomware mitigation, ransomware recovery

As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows Defender, and our ransomware-dedicated cloud protection features. We started seeing Cerber in February…

Microsoft Security

Limited Periodic Scanning in Windows 10 to Provide Additional Malware Protection

January 23, 2017 admin antivirus scanning, AV scan, cybersecurity, Limited Periodic Scanning, Microsoft Safety Scanner, Microsoft security, Microsoft software security, MSRT, Windows 10, Windows Defender

Every month, Microsoft’s Malicious Software Removal Tool (MSRT) scans more than 500 million Windows devices for malware and malicious software. This tool aids in the detection and removal of malware from 1 to 2 million machines each time, even on those devices running antivirus software. Meanwhile, many Windows customers continue to use the Microsoft Safety…

← Previous