In early 2005, Microsoft started releasing a software product called the Microsoft Malicious Software Removal
Tool. Its a monthly update released on the second Tuesday of each month (Patch Tuesday) to help scan user's computers
and remove viruses and malware. MRT uses a signature database they update on a monthly basis. Because this database does not have virus signatures and patterns for EVERY virus in the wild, its meant to just help prevent the infection and spread of the most prevalent issues. For this reason, you should still run antivirus software on your computer even though the Malicious Software Removal Tool is being run on your computer.
Normally, this removal tool is downloaded via Windows Update and runs silently in the background to check for infections on the computer. It runs a quickscan for the worst infections, but what if you would like to use the removal tool to run a more thorough scan of your computer. We'll show you how to manually start the MSRT and how to run a thorough scan for problems.
How to Run the Malicious Software Removal Tool Manually
Follow the steps below to open MSRT and change the default settings.
1) Click on Start, Run
2) Type MRT and Press Enter
3) You'll be presented with the following screen, click on the Next button
4) Normally, the removal tool runs the Quick Scan, but for more thorough results, choose FULL SCAN and click Next
5) Now the Malicious Software Removal Tool will scan your entire hard drive for infections and problems.
6) Once the scan is completed, you should see the following screen if your computer is free of infection.
7) If you click on the View Detailed Results of the Scan option on the Results page you should see which viruses, worms, and trojans the removal tool scanned for and if an infection was found.
8) Click Finish on the Scan Results page to exit the Microsoft Malicious Software Removal Tool
Log File Results
Whether you manually run the removal tool or it runs automatically when downloaded from Windows Updates, you may want to view the scan results log to see what it scanned for and what it found. The log file (mrt.log) will be found in the Windows\Debug folder. If you are running Windows XP or Windows Vista, this file is probably located at
c:\windows\debug\mrt.log
Follow the instructions below to open it.
1) Click on Start, Run
2) Type the following and Press Enter
notepad c:\windows\debug\mrt.log
3) The log file will open in Windows Notepad. Each scan will log its results in the file. If you had an infected file, you will see something like the following in the log file.
Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Sat Sep 15 21:41:52 2007
Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
Found virus: Backdoor:Win32/Nuwar.B!ini in file://C:\Documents and Settings\Mark\spooldr.ini
Found virus: Backdoor:Win32/Nuwar.B!ini in file://C:\Documents and Settings\Mark\Desktop\Virus Info\spooldr.ini
Found virus: Trojan:Win32/Tibs.DC in file://C:\System Volume Information\_restore{3C8729AD-DC07-4E82-8FC5-363FFE9EB86D}\RP14\A0020913.exe
4) Click on the X in the upper right corner to close Notepad
More Information
For more information on the Microsoft Malicious Software Removal Tool visit their help page or click on the following link to go to the home page for the removal tool