MSRemovalTool

Detected by Microsoft Defender Antivirus

Aliases: Win32/Winwebsec (other) Rogue:Win32/Winwebsec (other) System Tool (other) MS Removal Tool (other)

Summary

MS Removal Tool is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "MS Removal Tool".

Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

Additional remediation instructions for MS Removal Tool

Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below:

To remove this threat, refer to the following Microsoft KB Article:

How to remove the MS Removal Tool from your computer

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.