Helping people with computers... one answer at a time.
Microsoft's Malicious Software Removal Tool is downloaded and updated periodically by Windows Update. It's not an complete anti-malware solution.
This Malicious Software Removal Tool which Microsoft sends around every month; usually, I download this tool and have it installed automatically, but I really do not know what it is doing. Is it doing it automatically or does it have to be activated?
I once downloaded this tool as a separate item and then I could run it on it's own, however, I ended up in Windows Defender. Does that mean that this tool is a part of Windows Defender and sort of an update? I could not find anything about this in all my computer books.
•
Microsoft's "Malicious Software Removal Tool" is somewhat mysterious. It shows up in Windows updates, apparently gets installed, and then ...
Nothing?
Not quite. Let's look at what Microsoft says, how I interpret it, and just what the MSRT does.
•
Here it is, straight from the horses mouth:
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software-including Blaster, Sasser, and Mydoom-and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
But what does that mean? Is it an anti-virus tool? Anti-spyware? Do you still need those if you have this?
My take is that it's a little of each, but not a replacement for either.
First, realize that the definitions of "spyware" and "virus" are somewhat arbitrary, and blurry. Many things we think of as one are really the other, or even some blend of both.
That's why the term "malware" is actually more accurate: malicious software. The term covers both.
I believe that the MSRT exists in part because even after all this time many people do not run anti-malware tools. They should, but they don't. The MSRT focuses on the most prevalent, the most malicious, and removes them when found. It doesn't scan regularly, look for updates or monitor or anything like that, it just runs, looks for a specific and pre-defined set of known threats and removes them.
And it's part of Windows Update so that more people will get it, automatically, when they take updates to Windows.
It's unclear exactly how often MSRT runs - the wording on the site actually implies that it only runs once a month, presumably when it's updated.
One thing that is clear is that it reports back to Microsoft what it finds. Note that this is anonymous - nothing about you or your system is included. It's used by Microsoft to track the rates at which various malware are being found. Once again, quoting Microsoft:
The Malicious Software Removal Tool will send basic information to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence. No identifiable personal information that is related to you or to the computer is sent together with this report.
The MSRT does not have to be activated, it just runs when it runs.
It's not a replacement for anti-virus and anti-spyware software. You still need to make sure that you have appropriate anti-malware tools installed and running in addition to whatever the MSRT might be doing.
Article C3577 - November 28, 2008 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
December 2, 2008 9:24 PM
Nelson Webber wrote: "I wonder if one could run it if one wished. Also, any idea where it might be found?"
Yes:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
N.B. that's just for this month, though -- the Knowledgebase number changes with each edition, and the corresponding URL along with it.
Hope that helps! :)
December 2, 2008 10:22 PM
The MRT is an 'On-Demand' scanner. It is pretty efective:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121161&source=rss_topic125
It is offered via the Microsoft Windows Update site once per month and it will scan your OS at the time it is downloaded/re-booted.
It also can be run at any time whenever you like.
Click Start==>Run... then type (or copy/paste) "MRT.exe" (w/out quotation marks) into the box, then click the 'OK' button.
Follow the prompts.
Or
%windir%\system32\MRT.exe
Command Line Switches...
/q or /quiet -- execute without GUI
/? or /help -- displays command line switches
/n -- detect mode only
/f -- force a full scan
/f:y -- force a full scan and automatically clean infections found
MRT is much like McAfee's Stinger. It has a limited sub-set target list. However unlike Stinger it is updated monthly and is downloaded on Patch-Tuesday as well as can be manually downloaded.
MRT can be used as a valuable supplemental 'On-Demand' scanner.
December 6, 2008 6:30 PM
Malicious Software Removal Tool can be downloaded and run separately. Go to the default home page and download it. Each month it has the newest version. Once downloaded you can run it anytime you want, as many times as you want. I run it once a week when I do my full Norton Antivirus and Windows Defender scans.
http://www.microsoft.com/security/malwareremove/default.mspx
December 7, 2008 9:51 PM
Thanks for the article. Thx. to Kyle and Kenneth, too, this was very helpful!I wondered when this tool scanned myself. Now I know how to use it and where to get it.
December 16, 2008 3:21 PM
Whether MSRT is or isnt part of Windows Defender, WD is a great program. Its set out well has extra features ( I know the features are native to Xp ) but for those that dont know that , theyre introduced to them by WD. Its free, its Windows, it works great, so whats the problem?