What this infection does:
MS Removal Tool is a computer infection from the same family as System Tool. This infection is also categorized as a rogue anti-spyware program as it pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission. When installed, the infection files will be created in a random named folder in C:Documents and SettingsAll UsersApplication Data, in XP, or C:Documents and Settings All Users Application Data, in Windows Vista and Windows 7. It will then be configured to start automatically when you login to your computer.
Once running it will scan your computer and state that there are numerous infections present, but will not allow you to remove them until you purchase the program. It is important to understand that MS Removal Tool is scripted to display fake scan results regardless of whether or not your computer is infected. Therefore, please do not be concerned if this program states you are infected. MS Removal Tool will also terminate any executables that you attempt to run in order to protect itself from being removed. When you attempt to run any program, it will terminate that program’s process and then display a message similar to the following:
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
Just like the scan results, this message is fake and should be ignored.
While MS Removal Tool is running it will also display fake security alerts and warnings from your Windows taskbar. These alerts are designed to scare you into thinking that your computer is severely infected and that you should purchase the program to protect yourself. The text of these messages include:
MS Removal Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
MS Removal Tool Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with MS Removal Tool.
Security Monitor: WARNING!
Attention: System detected a potential hazard TrojanSPM/LX on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system IDS software.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…
This infection will also change the background of your Windows desktop to display the following over-the-top, and almost insensible, warning
credit for article goes to Lawrence Abrams