Microsoft Malicious Software Removal Tool


To totally unlock this section you need to Log-in


Login

Microsoft releases a new version of this tool on the second Tuesday of every month — in other words, on “Patch Tuesday”. It appears as just another patch in Windows Update. If you have your computer set to automatically install Windows updates, it will be installed automatically. If you install updates manually, you’ve probably been installing it as part of the manual update process — it’s considered an important update, not just a recommended one.

Microsoft Malicious Software Removal Tool

After Windows downloads the newest version of the Microsoft Malicious Software Removal (mrt.exe process) tool, it will automatically run it in the background. This tool checks for specific, widespread types of malware and removes them if it finds them. If everything is fine, Windows will run the tool silently in the background without bothering you. If it finds a infection and fixes it, the tool will display a report telling you which malicious software was detected and will be removed after you restart your computer.

Microsoft introduced this tool back in the days of Windows XP, when Windows was very insecure — the first release of Windows XP didn’t even have a firewall enabled by default. Microsoft’s Malicious Software Removal Tool page says “This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom, but even more recent malware like Locky) and helps to remove the infection if it is found.” Note the three types of malware still described here in 2014 — these were widespread worms that infected many Windows XP systems back in 2003 and 2004, ten years ago. Microsoft introduced this tool to purge these widespread worms and other popular types of malware from Windows XP system without antivirus software installed.

Microsoft Malicious Software Removal Tool

You shouldn’t need to worry about this tool. Set Windows to automatically install updates, or have Windows alert you to updates and install it along with the other new security updates when they appear every month. The tool will check your computer in the background and stay silent if everything is fine.

All you need to do is ensure the update is installed from Windows Update. You don’t have to worry about running the tool manually, although you can. This tool doesn’t stay running in the background and scan everything you open, so it’s compatible with other antivirus programs and won’t interfere with them.

Microsoft Malicious Software Removal Tool

This tool is nowhere near a replacement for an antivirus. It only covers specific types of malware, so it won’t purge all infections. It also only quickly scans the normal locations for the malware and won’t scan your entire system. Worse yet, the tool only runs once every month and doesn’t scan in the background. This means your computer could become infected and it wouldn’t be fixed until a month later when a new version of the tool arrives.

The Malicious Software Removal Tool is a weapon Microsoft uses to purge worms and other nasty malware from infected systems so they don’t stay infected for years. It’s not a tool that will help protect you in your day-to-day computer use. If you’d like to see the full list of malware it removes, you can download the tool, run it manually, and click the “View detailed results of the scan” link after running a scan to see all the different types of malware it checked for.

Microsoft Malicious Software Removal Tool

Manually Running the Tool and Viewing Logs

You don’t need to run the tool manually. If you suspect your computer is infected, you’re better off scanning it with a dedicated antivirus program that can detect much more malware. If you really want to run the tool manually, you can download it from Microsoft’s download page and run it like any other .exe file.

When you run the tool in this way, you’ll see a graphical interface. The tool performs a Quick scan when you run it in the background, but you can also perform a Full scan or Customized scan to scan your entire system or specific folders if you run it manually.

Microsoft Malicious Software Removal Tool

After the tool runs — either manually or automatically in the background — it will create a log file you can view. This file is located at %WINDIR%\debug\mrt.log — that’s C:\Windows\debug\mrt.log by default. You can open this file in Notepad or any other text editor to see the results of the scan. If you see a mostly empty log file with no problem reports, the tool didn’t detect any problems.

Microsoft Malicious Software Removal Tool

Using the Malicious Software Removal Tool (MSRT) from the Command Line

The MSRT can be invoked from the Run dialog or the command line using a simple three-letter command. Several options are available. Hit Windows Key + R to open the Run dialog and type mrt /?: this will bring up an information box as shown below. (The same thing happens if you type the command at a command prompt.)

Microsoft Malicious Software Removal Tool

So, you can schedule or run a full scan of the system, silently, using mrt command:

mrt /Q /F:Y

The options are self-explanatory. If you just type mrt by itself, it will bring up a UI that allows you to point and click to select the type of scan you want. At the first UI screen, you can view a list of malicious software that the tool detects and removes. The signatures are updated monthly on patch Tuesday when Microsoft releases the latest version of the tool.

Remember that the MSRT is not a replacement for an anti-virus product; it targets only a limited set of specific, prevalent malware as determined by Microsoft’s security folks. You should use a good anti-virus product.