Remove MS Antivirus/msa.exe (Removal Info)

By john.obed on Aug 25, 2008 | Reply

Antivirus 2008,2009 is always pop up from my pc and give some false alert, because I already had antispyrway and antivirus install in my pc to which I trust. I want to get rid of antivirus 2008 which keep poping up every now and then.It’s really annoying. please I need help to remove it.

By brianm523 on Aug 27, 2008 | Reply

My sister just got this on her machine yesterday, along with the Windows Antivirus 2009. I suspect they were bundled together, but can’t say for sure. I was able to get rid of the Windows AV2009, but a couple of hours after that was done, this one showed up, and now I can’t even open the “Run” option in the start menu to get to a command prompt. I’m going to try to run it tomorrow in safe mode and attempt to remove all the files that way. Wish me luck…

By chris on Aug 27, 2008 | Reply

Just did a systems restore, converting back to a couple of weeks ago and things seem fine so far.

By anthony on Aug 30, 2008 | Reply

Gosh! MS Antivirus popups does not go away regardless of what I tried. Please help!

By TomS on Sep 2, 2008 | Reply

MS Antivirus is nearly impossible to remove with my limited knowledge. I would be glad if someone can offer me an easier solution. I can’t deal with MS Antivirus junks anymore.

By Tiki on Sep 2, 2008 | Reply

Only if you guys don’t surf porn then you wouldn’t have got MS Antivirus

By PAUL on Sep 3, 2008 | Reply

it propper messed up my PC
wouldnt let me go on to any internet sites, just kept bringing up there adverts.
and loads of popups saying download this antivirus program… stupied ******* they gave the virus to me in the first place!!!!!

removed my compter, start menu, restricted access to take manager too!!!

i restarted the pc… went into safe mode with networking, into administrator (not my username as that was infected still)

chose a system restore point which was 6days ago. then let it restart… then folowed the steps above to be safe… not much was there. if anything at all.. and everything seems ok now!¬!!!!!!!!!!!!!
PHEWWWW!!

By Heather on Sep 6, 2008 | Reply

Need help getting this off your computer? Email me I can help you. Missy_queen@yahoo.com.
Please put antivirus2008 in subject line so I will open it and not delete it.

By Meteor on Sep 7, 2008 | Reply

I couldn’t uninstall ms antivirus.

By kiti on Sep 8, 2008 | Reply

IS there any other way to manually remove the virus if I can’t access the registries or the task manager… not even your C drive..??

By kersey on Sep 22, 2008 | Reply

Ms antivirus is a joke. I could not move the mouse anymore. The light is on and on.

By John on Sep 27, 2008 | Reply

Hehe… stop watching p*rns! I don’t have any sympathy on your guys. MS Antivirus would not get into your computer without a reason. Enjoy!

By SHOTUTOO on Sep 28, 2008 | Reply

SCREW U TIKI

By Chito on Oct 4, 2008 | Reply

Ha ha yeah tiki. We don’t need moral counseling, we just need the penicillin.

By baz on Apr 11, 2009 | Reply

Tiki…I got it looking for a crack….um not what you typically think of the types of crack us men look for. But software crack serial etc. So, kindly keep your hypocritical female mind from thinking too much and shut it!

By Brian Davison on May 23, 2009 | Reply

So TIKI, how did you find out that this was only on porn sites then?

By Brian Davison on May 23, 2009 | Reply

Ps it’s my son’s computer that’s infected

By Brahema on Jun 3, 2009 | Reply

I have this MS thing on my pc … but i cant find any of “msa” files … i just have (msa.exe) in C:\WINDOWS\msa.exe ..
i always try to stop msa.exe from the Task Manager ..(it can be helped)it return in a short time .. what shoud i do with it .. PLZ help

By Gabe on Jun 11, 2009 | Reply

I’m confused.

I have a process that runs even after i kill it sometimes called msa.exe *32 (I’m on vista x64 btw) and as far as I can tell, this only does one thing: it makes sound clips from advertisers start randomly playing in the background. I kill it, it stops, then the process is back but it usually takes 30-45 minutes for it to begin with the advertising again. Is this the same msa.exe as here, or is it some hoax/adware kinda thing?

PS I found the source of the process, it’s a file called msa.exe in the C:/Windows/ directory. I am afraid to delete it on the off chance it has made a system process or something dependent on it.

By Malachy on Jun 22, 2009 | Reply

I got this some way I do not know of, when I’m doing something on my computer a sound from like the radio or something comes up and when I go onto internet explorer I get the MS Antivirus advertisement and I go to task manager I see msa.exe, b.exe or rarely I get c.exe and I’m wondering if they are somewhat related so I’m hoping this will get rid of both of them.

PS You’re sexy.

By Chris on Jul 2, 2009 | Reply

Ok, I just completely removed it from my computer. Followed the above directions, but to remove it from C:\WINDOWS\ you have to kill it from task manager real quick. Kill it, then right away delete it from the windows directory before it can start up again. Don’t worry, this isn’t a critical system file and you’re computer wont mess up. Then delete the reg entries listed above, and you’re good to go.

By Chris on Jul 2, 2009 | Reply

Oh, and by the way, yes I got the a.exe, b.exe, and c.exe also. To remove those, kill them from the task manager, then navigate to this directory: C:\Documents and Settings\Current_User\Local Settings\Temp. Obviously in current user its gonna be the user name in xp or vista that these processes are staring under. Then find a.exe, b.exe, and c.exe and delete them. Then those won’t start up anymore either. Hop I helped.

By Gene on Jul 5, 2009 | Reply

I don’t surf porn sites and still managed to get it, despite all the protection one might reasonably be expected to have.

By boogs on Jul 12, 2009 | Reply

I got the msa virus after looking at questionable material on the web, i finally removed it by going into safe mode and deleting file msa.exe in my C/windows section i found the msa.exe application was created at the time when i was looking at the “questionable material”. i have windows vista and accessed safe mode by repetedly tapping the f8 key during start up. the file deleted with no problem. i also bought an updated nortons program. i hope this helps anyone else with this issue. P.S. i wish law enforcement would catch these jacka$$’s and put them in the general population with the gangbangers and pediphiles and teach the virus hackers a lesson!!! good luck to all.

By Gary on Jul 16, 2009 | Reply

“Ok, I just completely removed it from my computer. Followed the above directions, but to remove it from C:\WINDOWS\ you have to kill it from task manager real quick. Kill it, then right away delete it from the windows directory before it can start up again. Don’t worry, this isn’t a critical system file and you’re computer wont mess up. Then delete the reg entries listed above, and you’re good to go.”

^^ This worked. Thank you Chris

By ron on Jul 18, 2009 | Reply

Porn? I just got it from dl-ing a movie from a torrent.

but it seems my registry is not infected, I found none of the values you named above.

thanks for instructions!

By Bhay on Jul 19, 2009 | Reply

You might not find msa.exe in the registry. My pc did not have anything called msa in the registry. In my case it was set as ColdWare in the registry. I am running vista.

To find the real culprit. Run msconfig and see what name msa.exe is running under. Search for that name in the registry, as well as search for all the keys noted above in the article. You might find some, you might not. But its important to remove the keys from the registry. Hope this helps.

By Bhay on Jul 19, 2009 | Reply

Forgot to add another one, in addition to Coldware, I also found one called as Cognac in the registry and also in my C:\Users\\b.exe

I forget the name of the exe file that I had to delete.

My wife downloaded some video and mistakenly pressed a button that installed this malawares. I found these by running msconfig.exe and identifying probable mischevioius ones. In this case, the publishers were unknown. msconfig gives the location of the file as well as the registry key. First I looked on the web for information on these unknown fella’s, once it was verified that these are indeed viruses/malwares/trojans I first kill the process using the Task Manager. Then search the registry for the exe file name, and any associated aliases viz. Cognac, Coldware (seen from msconfig). Note that there might be more than one occurence in the registry. It is important to search the registry completely before claiming victory. Hope this helps.

By Damian on Jul 25, 2009 | Reply

Same here I found about 4 viruses in my computer and about 4 malware programs everything crashed. I went to safe mode it would not let me so I did it like that and all manually it took me a week but I managed to clean it all. It would not even let me go to the internet so I used another laptop my anti spyware and antivirus could not work until I found these two final viruses cognac and ColdWAre but I had to read a lot of sources in order to be sure they were!!
Good Luck to everyone! and be patient!

By Cecilia on Aug 9, 2009 | Reply

I managed to find and remove the msa.exe file with Chris’ help (thanks!), and also emptied the temp folder to be on the safe side, since I found some c.exe and d.exe files that looked nasty. I can’t, however, find neithr the other files you’re supposed to delete nor the registry values listed in the article – do you reckon I’m safe to go? I actually haven’t been experiencing any popups or anything yet, could it be that AVG discovered the virus before it had actually done any harm? Feedback appreciated, I’m still a little worried

By Psyrix on Aug 18, 2009 | Reply

a good thing i did was create a .bat file to delete everything in my temp folder and history folders everytime i shut down….it also speeds up boot by about 2-3 seconds….

RD /S /q “C:\Documents and Settings\UserName\Local Settings\History”
RD /S /q “C:\Documents and Settings\Default User\Local Settings\History”

U get the idea of those….just create a new file text file on ur desktop, and when u save it. save it as a delete-temp.bat or however u want.

Goto > Run
gpedit.msc

a window will pop up, on the right click on
Computer Configuration > Windows Settings >
Scripts (Startup/Shutdown) > Shutdown

Then add the .bat file you created…..
and BTW im doing this on XP Pro….not sure if same for Vista or not….

By Tomahawk903 on Aug 27, 2009 | Reply

I managed to find and remove the msa.exe file with Chris’ help (thanks!), and also emptied the temp folder to be on the safe side, since I found some c.exe and d.exe files that looked nasty. I can’t, however, find neithr the other files you’re supposed to delete

First. Let me say it took a while for me to figure out on how to remove the msa.exe files ( and all files started with the m**.exe files from the windows directory. depending on which operating system you are running you need to reboot and go into safe mode.safe mode is achieved when you hit F-10 on start up after system goes into safe mode find where your files are located and manually delete them from the directory that they were installed.if you cant find them do a search before you go into safe mode and write it down.delete files and delete AND EMPTY THE RECYCLE BIN from safe mode. Restart your computer. The first thing you want to do when your computer restarts is to Empty the RECYCLE BIN. they should be in there when you restart.

By alan on Sep 1, 2009 | Reply

I downloaded this and thought it was a crack for my program.
It also copies files to the users local settings temp folder too, delete exe’s for the same date from there also.

By Mickey on Sep 2, 2009 | Reply

i only had those pop-ups and no antivirus but i managed to get rid of them by going to task manager, and closed msa.exe from processes then deleting msa.exe from c:\windows

By MarkR on Sep 2, 2009 | Reply

I hate guys that claim you only got this virus because you look at porn. That couldnt be farther from the truth. I got it on my laptop that is used for NOTHING but World of Warcraft, so Unless the virus was uploaded in the WoW updater, I dont know how I got it. So stop assuming it is because we look at porn, I dont and Still got the virus, easy to fix though…

By khadija on Sep 4, 2009 | Reply

I got this by downloading what I thought was a crack for Clue Classic, the computer adaptation of the board game. Not porn by any means! unless your imagination is a little perverted. I saved it onto my desktop, and when I ran it, it vanished.

Anyway, I had a.exe, b.exe, c.exe, etc. files on my computer along with msa.exe and msb.exe. They were in my windows folder and were created when I tried to download the crack. I basically did what Chris recommended.

By delia on Sep 11, 2009 | Reply

take it off it took away tons of popups!

By aldi on Sep 22, 2009 | Reply

i found my msa.exe virus and deleted it, but when i went looking in the different fields in the registry values, i had trouble finding what i was looking for… they were labled under the name “nord bull” … dont know if that helps any one….

By Kara on Sep 23, 2009 | Reply

Dealing with this at the moment. Got it trying to download a movie via rapidshare. Stupidly ran something called e.exe which set it off. Found two process taking up most of my capacity: b.exe and msa.exe. Also found something called PopRock in my CCleaner startup list. Followed these instructions — also found registry values under NordBull. Not all registry values were there. Never had anything called MSAntivirus specifically — mostly terminology was “msa” or “PopRock” or “nordbull.” Also found a.exe, b.exe and c.exe in the same temp folder.

Symptoms: Got pop-up ads via Internet Explorer, which I never use. Tried to use IE to do a scan from Microsoft’s site, and now IE doesn’t work at all. Search results seem to be hijacked in FireFox. And those two processes really ate up my CPU usage. Also, when I did a search for “msa.exe” through windows, it instantly came back with nothing — suggesting the virus told windows not to perform that search. This sucker doesn’t want to be found.

By Esoteric Style on Oct 10, 2009 | Reply

Just found this spyware/virus/whatever on my girlfriend’s laptop. It was linked to free trial of Corel VideoStudio. The above instructions were accurate, as were most of the comments.

We found it in her registry under “PopRock” and “nordbull,” and found a.exe, b.exe., and c.exe in the users/temp folder. msa.exe was in the /windows/ folder.

It seems that if you act fast enough, and shut them down through task manager fast enough, you can remove the whole virus before it gets too serious. She got tipped off to the program very quickly when the first pop-ups showed up, and I did a google search to find this article. All told, it was only on her system for about 15 minutes, but that was long enough for it to install itself in three or four places.

By Kire on Oct 25, 2009 | Reply

It’s still on your machine..

By natanael on Oct 27, 2009 | Reply

just edit with empty code in registry that linked to msa.exe / poprock…

dull,,hmm,about nordbull? mybe youre right! it’s also suscipicios files…

how abaout avast? can they find it?

By natanael on Oct 27, 2009 | Reply

i got this virus,when i try 2 looking into

http://l-o-w-e-i-m-a-g-e-s
that shit is…yesterday,i have turn off the smart screen filter in IE 8 for some reasons…

By natanael on Oct 27, 2009 | Reply

in ope*ra or other browser..it;s maybe looks like normal other website

By macanannym on Nov 6, 2009 | Reply

Sweet. Stupid virus has been bugging me for a while, and I am pretty good at this. What really helped me was the new proc mon and taskmgr from microsoft’s sysinternals. (AND AVG)

By Hi Volt on Nov 7, 2009 | Reply

Had issue with browser starting up on it’s own opening ads. I used The free version of Malwarebytes and it found msa.exe files etc., deleted the files. Seems fine now.

By Cryssi on Dec 8, 2009 | Reply

for baz:

Umm, ya… I’m a ‘female’ and I thought Tiki was an idiot. You however actually managed to offend me with a 9 month old comment (j@ck@55).

By Kam on Dec 15, 2009 | Reply

I didn’t have the Anti virus thing, I searched for it, and viewed hidden files, nothing. I’m not complaining, the only problem I was having was Msa.exe, Which is deleted. Thank you for this instructional piece.

Hmm… Maybe Trend Micro got the other files.

By biggerdeal on Dec 29, 2009 | Reply

Is this the msa virus? I think I may have downloaded this but not sure. Supposed to be some 70s and 80s comedy.

By Hans on Jan 1, 2010 | Reply

In case of a dual boot system: start in the other partition and delete the file(s) you want to delete.

By anon on Jan 13, 2010 | Reply

I know where I got this virus from and it wasn’t porn. I was trying to download a torrent for a game and it gave me that virus. So all the people who say stop watching porn, not all of us are that silly lol

By proxim on Jan 27, 2010 | Reply

go grab ad aware and it will fix everyhting for you

By ryan on Jan 29, 2010 | Reply

Hello, I’ve been infected by MSA to the worst it gets in the passed, and I learned what the dll’s that were injected into most of the core files did, and I read msa’s source code via ollydbg32 (aka Assembly; or asm)and it got to the point where it was triggering BSoD errors on boot-up so I had a long chain of events to get rid of it. (this was 2 years ago) I got it once again today, and took me about 30 seconds to delete it, I know how this virus works, and where it tries to hide. *email me if you need any help: * BTW it will help if you download Teamviewer 5 (google it) it is a remote control type of thing so if you can’t figure out what to do, I can control you OS for a short period of time to remove it for you. P.S. I’m 13 so don’t curse xD

By ryan on Jan 29, 2010 | Reply

bugelskiller..@..g..m..a..i..l..c..o..m (remove dots)

By ryan on Jan 29, 2010 | Reply

the file didn’t really “disappear”, more-so it went into hidden file mode (right click a file and hit properties, check the hidden file box), to view hidden files open up any folder, and hit tools>folder options, click the “view” tab, scroll down till u see show hidden files and folders, and all hidden files like the one that disappeared on your pc will show up. (unless they are OS files, there is a way to show these to but figure it out yourself.) ~~byebye~~

By Falkin on Feb 21, 2010 | Reply

Got this beast a few hours ago, got a little bit leery, but my Virus prog. didn’t find anything. Then the IE started, I’m always using firefox… I asked a good friend, worried about this, he gave me this site, I followed the instructions and hope I killed it Nothing in the Task-Manager, I’m going on to look after it next few hours, if it’s there again. Hope it will not appear…

Good thing that it wasn’t on my system for long time, only a few hours, and I deleted it from the Task Manager right after ”downloading”. I didn’t find most of the files that were named in the instructions, and think it hadn’t the time to infect whole areas of my system? Let’s hope this is the truth :,D

Greets from Germany.

By Begood on Feb 23, 2010 | Reply

The same for me. I only use Chrome and IE was starting itself today. I found a file msa.exe modified today in my system so I killed the process and deleted the file.

My antivirus didn’t see anything so i search “msa.exe” on the web (”google est ton ami” a french expression) and found this page. Others file indicated here are not present in my HD.

I hope I have stop the infection right in time…
Sorry for my bad english.