What is the Malicious Software Removal Tool?

In early 2005, Microsoft started releasing a software product called the Microsoft Malicious Software Removal
Tool. Its a monthly update released on the second Tuesday of each month (Patch Tuesday) to help scan user's computers
and remove viruses and malware. MRT uses a signature database they update on a monthly basis. Because this database does not have virus signatures and patterns for EVERY virus in the wild, its meant to just help prevent the infection and spread of the most prevalent issues. For this reason, you should still run antivirus software on your computer even though the Malicious Software Removal Tool is being run on your computer.

Normally, this removal tool is downloaded via Windows Update and runs silently in the background to check for infections on the computer. It runs a quickscan for the worst infections, but what if you would like to use the removal tool to run a more thorough scan of your computer. We'll show you how to manually start the MSRT and how to run a thorough scan for problems.

How to Run the Malicious Software Removal Tool Manually

Follow the steps below to open MSRT and change the default settings.

1) Click on Start, Run
2) Type MRT and Press Enter
3) You'll be presented with the following screen, click on the Next button

Malicious Software Removal Tool Startup Screen

4) Normally, the removal tool runs the Quick Scan, but for more thorough results, choose FULL SCAN and click Next
Malicious Software Removal Tool Scan Options

5) Now the Malicious Software Removal Tool will scan your entire hard drive for infections and problems.

MSRT Scan in Progress

6) Once the scan is completed, you should see the following screen if your computer is free of infection.
MSRT Results Page

7) If you click on the View Detailed Results of the Scan option on the Results page you should see which viruses, worms, and trojans the removal tool scanned for and if an infection was found.
MSRT Detailed Results

8) Click Finish on the Scan Results page to exit the Microsoft Malicious Software Removal Tool

Log File Results

Whether you manually run the removal tool or it runs automatically when downloaded from Windows Updates, you may want to view the scan results log to see what it scanned for and what it found. The log file (mrt.log) will be found in the Windows\Debug folder. If you are running Windows XP or Windows Vista, this file is probably located at

c:\windows\debug\mrt.log

Follow the instructions below to open it.

1) Click on Start, Run
2) Type the following and Press Enter

notepad c:\windows\debug\mrt.log

3) The log file will open in Windows Notepad. Each scan will log its results in the file. If you had an infected file, you will see something like the following in the log file.


Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Sat Sep 15 21:41:52 2007

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
Found virus: Backdoor:Win32/Nuwar.B!ini in file://C:\Documents and Settings\Mark\spooldr.ini
Found virus: Backdoor:Win32/Nuwar.B!ini in file://C:\Documents and Settings\Mark\Desktop\Virus Info\spooldr.ini
Found virus: Trojan:Win32/Tibs.DC in file://C:\System Volume Information\_restore{3C8729AD-DC07-4E82-8FC5-363FFE9EB86D}\RP14\A0020913.exe

4) Click on the X in the upper right corner to close Notepad

More Information

For more information on the Microsoft Malicious Software Removal Tool visit their help page or click on the following link to go to the home page for the removal tool

blog comments powered by Disqus
 
 
 
 
Copyright © PcBerg