Help2Go
Free Computer Help.
Powered by Volunteers.
- Home
- Tutorials
- Computer Help
- Spyware Help
- All Forums

- Home
- Help! I'm Lost!
- Forums Home
- Tutorials
- Get Computer Help
- Spyware Help
- Help2Go Detective
- SuperAntiSpyware
- Software Picks
- Newsletter
- Testimonials
- Donate
- Search Help2Go
- Search Forums



Malicious Software Removal Wizard : How to remove it
by Oscar Sodani
June 26, 2006

Oscar Sodani is a founder of Help2Go and owner of Help2Go Networks, an IT consulting firm in the Washington D.C. area. Oscar holds the CISSP certification as well as industry certifications from Microsoft, Cisco and Novell.

The Malicious Software Removal Wizard is a scam. They are showing you false information about your system, all in the hope that you will purchase one of their garbage products.
In fact, you have a malware program on your PC that is causing your browser to show you that pop-up message, and we'll show you how to remove it once and for all. All of the programs we will use are free.




You should bookmark or print this page before proceeding. 

 

Step A: Run Online Virus Scanners 

Now run the Panda ActiveScan virus scanner and the Housecall virus scanner as detailed in Step 1 of our guide to Get Rid of Spyware, Adware, and Web Browser Hijackers.

 

Step B: Run HijackThis

Continue with the instructions in the Get Rid of Spyware guide. When you reach Step 5 in that guide you will run a program called HijackThis. In the HijackThis screen, you will be looking for two entries that look like this:

O4 - HKLM\..\Run: [95c514b2.exe] C:\WINDOWS\system32\95c514b2.exe
O4 - HKCU\..\Run: [95c514b2.exe] C:\Documents and Settings\Username\Local Settings\Application Data\95c514b2.exe

Note that the filename will be different - it may not be "95c514b2" - it may be any sequence of random numbers and digits. But the Malicious Software Removal Wizard will always show up as a matched pair of these files - one of them running in your system32 folder, and the other running in your Application Data folder.

Important: If you are not sure that you have identified the proper files, continue with the instructions in the Get Rid of Spyware guide and post your HijackThis log in our Spyware Help forum. If you are sure that you have identified the files, continue with the instructions below:

 

Step C: Delete the Entries

Disconnect from the Internet. Then close all of your web browser windows, including this one (that's why printing out this page is a good idea).

Once you have identified the two O4 entries (from above) in HijackThis, check the boxes next to them and have HijackThis fix them.

Now shutdown and reboot your computer. 

 

Step D: Delete the Files 

Next, we need to find the offending files and delete them. One should be in your C:\Windows\System32 folder. The other will be in C:\Documents and Settings\\Local Settings\Application Data\

Once you delete them, reboot again for safe measure. 

 

You should now be free of Malicious Software Removal Wizard popups - however, you may have additional spyware on your PC. These things tend to travel in packs ;) Go through the rest of the instructions in the Get Rid of Spyware guide to remove any other infections, and to protect your PC from future spyware.


Have a question? Need help? Get free, friendly person-to-person help with your computer questions or spyware questions in our help forums!
[ Back ]
More Tutorials
More Spyware Information
Creative Commons License

(C) 2008 Help2Go - Contact Us