Updated: 09/25/2011

The Microsoft Windows Malicious Software Removal Tool now has it's own web page devoted solely to explaining it in more detail than was previously available. The opening paragraph provides an explanation of the tool, stating;

"The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed."

It's important to note that the Malicious Software Removal Tool is not a static, one time tool that is never updated. It is part of the Security Initiative that includes updates and fixes that are released on the second Tuesday of each month. For example, in March 2005 there were no security updates released, but an updated version of the Malicious Software Removal Tool was released on the second Tuesday. As new malicious code, worms, trojans, and virus' are released each month, the tool is updated to scan for and remove those items.

Important Notes About Malicious Software Removal Tool

The Malicious Software Removal Tool is in no way a substitute for an antivirus program. It does not prevent any type of virus, trojan, spyware, worm, or adware from being introduced onto a system. It has no blocking capability; it's strictly a removal tool for systems that have been infected.
By default, the Malicious Software Removal Tool sends a report back to Microsoft detailing the infection information that was detected. No personal information is transmitted, but some users may find this process intrusive and wish to disable the transmissions. This can be done by adding a registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1

For more information on the registry and how to back up and restore it safely, see Backing Up and Restoring the Windows XP Registry

After a scan is complete, a log file is created in %windir%\Debug called Mrt.log that is cumulative and contains the results from scans. An example is shown below;

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.2, March 2005
Started On Tue Mar 15 12:18:39 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 15 12:33:51 2005
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.2, March 2005
Started On Thu Mar 17 08:59:40 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 17 08:59:52 2005
---------------------------------------------------------------------------------------

Take a look at Deployment of the Microsoft Windows Malicious Software Removal Tool in an Enterprise Environment for other examples of the log file and what information it contains when system threats are identified and removed.
Also see: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000. The link contains a lot of general information about the tool and an extensive list of Frequently Asked Questions.

Obtaining and Running the Malicious Software Removal Tool

There are three ways to obtain and make use of the tool. I'll look at each one and any characteristics specific to the method.

Running Malicious Software Removal Tool from Webpage - As long as you are running one of the supported operating systems the tool can be run directly from the Malicious Software Removal Tool web page. Visiting the page will display the following interface.

Clicking the [ Check My PC for Infection ] button will set the process in motion and open the End-User License Agreement shown below. Clicking the [ I Agree ] radio button will activate the [ Continue > ] button and allow the scan of your system to begin.

Once the scan has completed the results will be displayed in the same area of the web page, highlighted with a green border. You can see from the capture below that no infections were found on the system. Clicking on the name of any of the different malicious software infections will open a link to the Malicious Software Encyclopedia where more information is available.

Automatic Delivery of Malicious Software Removal Tool via Windows Update - This option is only available to users of Windows XP. If you have Windows Update configured to run automatically, the most recent version of Malicious Software Removal Tool will be downloaded and run as soon as it is released each month. Once the tool has been successfully download and run, it is deleted from the system and will not be available for running again. If you do wish to run it again, you can use the web page method described above or a third option is described in the next section.
Download and Manually Run Malicious Software Removal Tool - In the first method above, the Malicious Software Removal Tool was run from a web page and in the second method it was run via Windows Update and then deleted. Both methods require some degree of internet access, however there may be times when you want to run the tool on a machine not currently connected to the internet. If that's the case, go to Microsoft® Windows® Malicious Software Removal Tool (KB890830) and download the tool to the hard drive so it can be run locally. Once the tool has been installed, it can be run as many times as desired since it will not be deleted after the initial run. Once the download has been completed, double click the .exe file to start the Malicious Software Removal Tool installation as shown below.

Click the [ Run ] button to start the Malicious Software Removal Tool

The opening screen for the Malicious Software Removal Tool. Click [ Next ] to continue.

Depending on your system speed, you'll probably never see more than a glimpse of this screen during scanning.

If the system is clean and no malicious software is detected, you see the screen above.
Clicking "View detailed results of the scan" lists the items scanned for and the results of the scan as shown below.

TEG Vista Main

TEG Win 7 Main

TEG Win 8 Main

Slipstreamed XP/SP2 CD
How to create including
burning instructions for
Nero and Roxio

Slipstreamed XP/SP3 CD

Be sure to visit TEG on
Vista and Windows 7

Service Pack 2
Articles Archive

Guide to Simple File Sharing
Share Folders, Files, and Printers in XP Home and Professional

Virtual Memory Paging File
Size - Optimize
Defragment - Monitor

Common Solutions

Consider A Donation

Basic How To Articles
for XP Newbies

- Managing Starting / Stopping XP
- Managing Desktop Components
- Managing Basic Hardware Settings
- Managing Folders and Files
- Managing Applications

System Services Guide

Troubleshooting Shutdown Issues

XP File Management
Tips to organize Quick Launch, Search, and Windows Explorer for easier, efficient use.

Protecting System and Data Via NTBackup
Backup w/ Wizard
Backup w/ Adv. Mode

Windows Update Catalog
Windows Update Catalog offers centralized XP and .NET Critical Updates, Service Pack, and Hardware Driver Downloads

Automatic Update

Advertise with TEG
Rate Card

XP Power Toys
Power Toys Download

Clean or Upgrade
XP Installation?
Which is better?

Consider A Donation

Bare Bones Troubleshooting
Tried everything and can't get XP to install? Take a look here.

The 'System Volume Information' Folder
What is it and why is it taking up room on your hard drive(s)?

Microsoft Management Console
A Guide to Understanding and Using This Often Overlooked but Useful XP Feature

Registry Tweaks and Edits

Backing Up and Restoring the XP Registry

Accessing The Different Methods of Repair Available in Windows XP

Generate File Listings from IE Context Menu

The "Send To" Menu Command
Add your own frequently accessed locations to make this context menu more useful.

Consider A Donation

Create A Personalized Boot Logo Screen

Using XP Disk Cleanup Utility

Using Disk Defragmenter Utility

Common Solutions

Tips and Solutions Arranged by XP Control Panel Groupings

- Reminder -

For many months now I've been posting a reminder about 'Patch Tuesday' or 'Second Tuesday' as it has come to be known when Microsoft releases the latest round of updates for Windows XP and other products.

If you're using a Microsoft operating system (and it's likely you are or you wouldn't be on this site) it's once again time to head for Windows Update for the latest round of Critical and Security updates.

As always, I strongly suggest you read about any update prior to installation, especially updates carrying a less than 'Critical' rating, and have a current system and data backup available in case it's necessary to restore the system to a pre-patch condition.

More info at Microsoft Security Bulletin Advance Notification

Custom Search

Important Information
The Elder Geek sites contain many articles and suggestions for modifying the Windows operating system. I've tried these tweaks and tips on many systems. Sometimes they work, sometimes not. The point is, ensure you have a current, tested backup of all system and data files and understand how to restore the system in case something goes very wrong. You can still yell at me, but I assume no responsibility for your actions and use of the information and disclaim any legal responsibility for any consequences of such actions.

Copyright © 2002/2003/2004/2005/2006/2007/2008/2009/2010/2011, Jim Foley/The Elder Geek, All Rights Reserved Worldwide
Reproduction, in any form, of information on this site is prohibited without express written permission.
Microsoft is in no way affiliated with, nor offers endorsement of, this site.