Guest Ian Posted October 7, 2008 Posted October 7, 2008 I ran mrt.exe even though I scan with norton corporate. It started removing or modifying thousands of binaries on the system. Email clients, text editors, countless apps. I've run checksums on several of these binaries against the publishers' hashes and they are all identical. So how the hell do I restore/undo MRT's actions? All I can find in the KB articles about MRT is that everything is in a log and that MRT "may not be able to" undo the actions to some files. If you really can restore or undo what MRT suggests as the KB hints, how the hell do you do it?! And don't say "system restore point". This should definitely be posted on your monthly updated KB article guys! Don't you think? To give you an example, it deleted a multitude of binaries in the VS.NET 8.0 PF group. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/communities/newsg....security.virus Quote
Guest Peter Foldes Posted October 7, 2008 Posted October 7, 2008 MRT does not remove those type of files. Every you have updated this tool it has run and has probably done no harm. Open the start panel of MRT and see which names of malware's it does remove. Not even close to Binaries. If those (Binaries)were removed then check another source maybe even Norton or your computer.Also your system can be already infected as I believe -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Ian" <Ian@discussions.microsoft.com> wrote in message news:9920D664-1950-4ED8-8C25-9653AE70CB5D@microsoft.com...<span style="color:blue"> >I ran mrt.exe even though I scan with norton corporate. It started removing > or modifying thousands of binaries on the system. Email clients, text > editors, countless apps. I've run checksums on several of these binaries > against the publishers' hashes and they are all identical. > > So how the hell do I restore/undo MRT's actions? All I can find in the KB > articles about MRT is that everything is in a log and that MRT "may not be > able to" undo the actions to some files. > > If you really can restore or undo what MRT suggests as the KB hints, how the > hell do you do it?! And don't say "system restore point". This should > definitely be posted on your monthly updated KB article guys! Don't you think? > > To give you an example, it deleted a multitude of binaries in the VS.NET 8.0 > PF group. > > ---------------- > This post is a suggestion for Microsoft, and Microsoft responds to the > suggestions with the most votes. To vote for this suggestion, click the "I > Agree" button in the message pane. If you do not see the button, follow this > link to open the suggestion in the Microsoft Web-based Newsreader and then > click "I Agree" in the message pane. > > http://www.microsoft.com/communities/newsg....security.virus</span> Quote
Guest Ian Posted October 7, 2008 Posted October 7, 2008 Binaries can contain malicious code. That's why they are scanned for patterns within the code by scanning utilities. I think you're confusing names of infections with file types. If it didn't remove exe files, why would it scan them? If you don't think binary files are succeptable to infection, perhaps you shouldn't be posting here? MRT definitely touched those type of files. The binaries are specifically mentioned in the mrt.log. I'm very aware of what norton and windows defender are doing, and they have not touched said binaries. "Every you have updated this tool it has run and has probably done no harm." That's a bold statement. Software is hardly infallible. Search the archives of this forum to see where users helped Microsoft uncover bugs in this very tool. What's disconcerting is that both Defender and NAV don't hit on any of the 10,629 files that MRT touched. Even Internet Explorer and Outlook Express/MSNIM were broken after the scan. In any case, this doesn't change the fact that MRT doesn't backup files it modifies. It could at least be an option or cmd line switch. "Peter Foldes" wrote: <span style="color:blue"> > MRT does not remove those type of files. Every you have updated this tool it has run and has probably done no harm. Open the start panel of MRT and see which names of malware's it does remove. Not even close to Binaries. > > If those (Binaries)were removed then check another source maybe even Norton or your computer.Also your system can be already infected as I believe > > -- > Peter > > Please Reply to Newsgroup for the benefit of others > Requests for assistance by email can not and will not be acknowledged. > </span> Quote
Guest Peter Foldes Posted October 7, 2008 Posted October 7, 2008 MRT would not report on Binaries and it will leave them alone and definitely not remove them unless they are infected with one of MRT's listed malewares that it checks for In your place I would be looking at Norton with a long hard look. -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Ian" <Ian@discussions.microsoft.com> wrote in message news:7DAA9493-5492-4163-99DA-DA0F4741932D@microsoft.com...<span style="color:blue"> > Binaries can contain malicious code. That's why they are scanned for patterns > within the code by scanning utilities. I think you're confusing names of > infections with file types. If it didn't remove exe files, why would it scan > them? If you don't think binary files are succeptable to infection, perhaps > you shouldn't be posting here? MRT definitely touched those type of files. > The binaries are specifically mentioned in the mrt.log. I'm very aware of > what norton and windows defender are doing, and they have not touched said > binaries. > > "Every you have updated this tool it has run and has probably done no harm." > That's a bold statement. Software is hardly infallible. Search the archives > of this forum to see where users helped Microsoft uncover bugs in this very > tool. > > What's disconcerting is that both Defender and NAV don't hit on any of the > 10,629 files that MRT touched. Even Internet Explorer and Outlook > Express/MSNIM were broken after the scan. > > In any case, this doesn't change the fact that MRT doesn't backup files it > modifies. It could at least be an option or cmd line switch. > > "Peter Foldes" wrote: > <span style="color:green"> >> MRT does not remove those type of files. Every you have updated this tool it has run and has probably done no harm. Open the start panel of MRT and see which names of malware's it does remove. Not even close to Binaries. >> >> If those (Binaries)were removed then check another source maybe even Norton or your computer.Also your system can be already infected as I believe >> >> -- >> Peter >> >> Please Reply to Newsgroup for the benefit of others >> Requests for assistance by email can not and will not be acknowledged. >></span></span> Quote
Guest David H. Lipman Posted October 7, 2008 Posted October 7, 2008 From: "Ian" <Ian@discussions.microsoft.com> | I ran mrt.exe even though I scan with norton corporate. It started removing | or modifying thousands of binaries on the system. Email clients, text | editors, countless apps. I've run checksums on several of these binaries | against the publishers' hashes and they are all identical. | So how the hell do I restore/undo MRT's actions? All I can find in the KB | articles about MRT is that everything is in a log and that MRT "may not be | able to" undo the actions to some files. | If you really can restore or undo what MRT suggests as the KB hints, how the | hell do you do it?! And don't say "system restore point". This should | definitely be posted on your monthly updated KB article guys! Don't you think? | To give you an example, it deleted a multitude of binaries in the VS.NET 8.0 | PF group. If the "binaries" were infected by a virus by appending, prepending, etc., and the viral component could NOT be removed then the files will be deleted. If the "binaries" were trojanized by appending, prepending, etc., and the added malware component could NOT be removed then the files will be deleted. the Malicious Software Removal Tool (MRT) Log is at... C:\WINDOWS\Debug\mrt.log Please post the excepts from the log around the date in which this occured (presumeably Oct. 2008). -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.