|
Malicious Software Removal Tool
Updated:
08/19/2008
The Microsoft Windows Malicious Software
Removal Tool now has it's own
web page devoted solely to explaining it in more detail
than was previously available. The opening paragraph
provides an explanation of the tool, stating;
"The Microsoft Windows Malicious
Software Removal Tool checks computers running Windows XP, Windows
2000, and Windows Server 2003 for infections by specific,
prevalent malicious software—including Blaster, Sasser, and
Mydoom—and helps remove any infection found. When the
detection and removal process is complete, the tool displays
a report describing the outcome, including which, if any,
malicious software was detected and removed."
It's important to note that the Malicious
Software Removal Tool is not a static, one time tool that is
never updated. It is part of the Security Initiative that
includes updates and fixes that are released on the second
Tuesday of each month. For example, in March 2005 there were
no security updates released, but an updated version of the
Malicious Software Removal Tool was released on the second
Tuesday. As new malicious code, worms, trojans, and virus'
are released each month, the tool is updated to scan for and
remove those items.
Important Notes About Malicious Software
Removal Tool
-
The Malicious Software Removal Tool is
in no way a substitute for an antivirus program. It does
not prevent any type of virus, trojan, spyware, worm, or
adware from being introduced onto a system. It has no
blocking capability; it's strictly a removal tool for
systems that have been infected.
-
By default, the Malicious Software
Removal Tool sends a report back to Microsoft detailing
the infection information that was detected. No personal
information is transmitted, but some users may find this
process intrusive and wish to disable the transmissions.
This can be done by adding a registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1
For more information on the registry and
how to back up and restore it safely, see
Backing Up and Restoring the Windows XP Registry
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.2,
March 2005
Started On Tue Mar 15 12:18:39 2005
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool
Finished On Tue Mar 15 12:33:51 2005
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.2,
March 2005
Started On Thu Mar 17 08:59:40 2005
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool
Finished On Thu Mar 17 08:59:52 2005
---------------------------------------------------------------------------------------
Obtaining and Running the Malicious
Software Removal Tool
There are three ways to obtain and make use
of the tool. I'll look at each one and any characteristics
specific to the method.
Clicking the [ Check My PC for Infection
] button will set the process in motion and open the
End-User License Agreement shown below. Clicking the [ I
Agree ] radio button will activate the [ Continue > ]
button and allow the scan of your system to begin.
Once the scan has completed the results
will be displayed in the same area of the web page,
highlighted with a green border. You can see from the
capture below that no infections were found on the
system. Clicking on the name of any of the different
malicious software infections will open a link to the
Malicious Software Encyclopedia where more information
is available.
-
Automatic Delivery of Malicious Software
Removal Tool via Windows Update - This option is only
available to users of Windows XP. If you have Windows
Update configured to run automatically, the most recent
version of Malicious Software Removal Tool will be
downloaded and run as soon as it is released each month.
Once the tool has been successfully download and run, it
is deleted from the system and will not be available for
running again. If you do wish to run it again, you can
use the web page method described above or a third
option is described in the next section.
-
Download and Manually Run Malicious
Software Removal Tool - In the first method above,
the Malicious Software Removal Tool was run from a web
page and in the second method it was run via Windows
Update and then deleted. Both methods require some
degree of internet access, however there may be times
when you want to run the tool on a machine not currently
connected to the internet. If that's the case, go to
Microsoft® Windows® Malicious Software Removal Tool
(KB890830) and download the tool to the hard drive
so it can be run locally. Once the tool has been
installed, it can be run as many times as desired since
it will not be deleted after the initial run. Once the
download has been completed, double click the .exe file
to start the Malicious Software Removal Tool
installation as shown below.
Click the [ Run ] button to start the
Malicious Software Removal Tool
The opening screen for the Malicious
Software Removal Tool. Click [ Next ] to continue.
Depending on your system speed, you'll
probably never see more than a glimpse of this screen during
scanning.
If the system is clean and no malicious
software is detected, you see the screen above.
Clicking "View detailed results of the scan" lists the items
scanned for and the results of the scan as shown below.
|
