Microsoft Security Essentials a Virus?

[St9o7]

I don't recall installing this program. I have tried to uninstall it with a third party program called Revo Uninstaller. It did not work, so I switched to the Windows Uninstaller. It said the program was removed, but after a few days, the program was back in my computer.


There is a file folder on my computer called "Microsoft Security Client", should I delete it or not because that is where the program is stored, I think.


I would attach screen shots of the images, but the Max File size is 200KB, not enough.

So, is this program a virus or not, and if so, How should I remove it permanently?


Please be concise in your answers please.


Any help is appreciated. Thank you.

[DavidR]

Sounds like a rogue fake AV.

Check out this link for info and removal instructions, http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert.

[ANHTHU5991]

folder called "Microsoft Security Client" stores information of microsoft security essential. It's seem that you have problem with the process of removing this program.
Why don't you try using appremover from http://www.appremover.com/ OR your uninstaller 7.
The former is very effective

[nmb]

folder called "Microsoft Security Client" stores information of microsoft security essential. It's seem that you have problem with the process of removing this program.
Why don't you try using appremover from http://www.appremover.com/ OR your uninstaller 7.
The former is very effective

Rogues cannot be removed with such uninstallers. It needs some better tools.  If you read Sir DavidR's post, you can see that he has given link to a site which gives the detailed description of how to remove the rogue anit-virus.

[polonus]

Hi ANHTHU5991,

If it would be so easy as you tried to describe, we would not need this forum section here. In that case one could in many cases just use the repair function from the initial install and/or a system restore to a known clean/uncompromised situation, But there must be a reason why a simple HJT or Freefixer fix or the occasional MBAM and SAS full scans are not working (anymore) against the newer rogue av's. Malcreants morph their malcreations all the time, they use all sort of clever techniques so the vendor tools and the common anti-malware solutions cannot fix these malcreations initially. Why is it that common av solutions only detect 23% of all Zeus bot infections. Yesterday I spotted a rogue av installer where the initial big chunk of JS was being obfuscated-protected with an online obfuscation-protection tool, and there are dozens of such services online (that can be used for good and also as shown in this case for malicious purposes). Do you know that there is even malware that won't run in a VM and if you try to analyze with Anubis for instance it cannot/won't open it.
So cleansing of this type of malware should best be done by people who were specially trained to do so, like for instance essexboy (ASAP), oldman. The special tools (Combo-fix) and scanners they use have to be upgraded and renewed all the time, because the fight against malware is an ongoing battle, and not an easy task for those "out in the trenches",

polonus

[Hermite15]

folder called "Microsoft Security Client" stores information of microsoft security essential. It's seem that you have problem with the process of removing this program.
Why don't you try using appremover from http://www.appremover.com/ OR your uninstaller 7.
The former is very effective

Rogues cannot be removed with such uninstallers. It needs some better tools.  If you read Sir DavidR's post, you can see that he has given link to a site which gives the detailed description of how to remove the rogue anit-virus.

if it's a rogue... >>> the "Microsoft Security Client" is a legit MSE folder,but yeah the OP says he never installed MSE so... yeah it could be a rogue

[ANHTHU5991]

thanks a lot

[nmb]

if it's a rogue... >>> the "Microsoft Security Client" is a legit MSE folder,but yeah the OP says he never installed MSE so... yeah it could be a rogue

Hi logos,

How have you been?

It should be a rogue since the Microsoft security essentials program folder is C:\Program Files\Microsoft Security Essentials\, isn't it?

[Hermite15]

if it's a rogue... >>> the "Microsoft Security Client" is a legit MSE folder,but yeah the OP says he never installed MSE so... yeah it could be a rogue

Hi logos,

How have you been?

It should be a rogue since the Microsoft security essentials program folder is C:\Program Files\Microsoft Security Essentials\, isn't it?

no, at least on W7/64, the folder in program files is called ""Microsoft Security Client" (I just did a quick install/uninstall to check that)

[nmb]

no, at least on W7/64, the folder in program files is called ""Microsoft Security Client" (I just did a quick install/uninstall to check that)

Yup, As also seen here.

I wonder why they(MS) use a different name?

But did you find MsMpEng.exe there? Because the image of the OP doesn't contain it, but does contain some valid files or at least valid names

[Hermite15]

I didn't check the content but yeah the executable should obviously be there too