Results 1 to 9 of 9

Thread: Microsoft Windows Malicious Software Removal Tool!

  1. #1
    Member fords8's Avatar
    Join Date
    Sep 2002
    Location
    Ma.
    Posts
    92

    Microsoft Windows Malicious Software Removal Tool!

    The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000.
    http://support.microsoft.com/?kbid=890830

    Just in case you do not know about it.

    FAQ: Frequently asked questions

    Q1: Does this tool provide my computer with protection against infection from malicious software like viruses, worms, and Trojan horses?
    A1: No. This tool is strictly a postinfection removal tool.

    Q2: What installer does this tool use?
    A2: The tool does not install or update files on a computer. Therefore the tool does not use an installer, such as Windows Installer or Update.exe. It is packaged within a self-extracting CAB executable to reduce the size of the package.
    Q3: How do I remove this tool?
    A3: The tool does not have to be removed because the tool is never installed. No Programs folder entry or Add/Remove Programs entry is created when the tool is run. However, there may be a temporary folder left in the root of one of your disks. This folder will be removed on next restart.

    Q4: Is this tool digitally signed by Microsoft?
    A4: Yes.

    Q5: What type of information does the log file contain?
    A5: For information about the log file, click the following article number to view the article in the Microsoft Knowledge Base:
    891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment

    Q6: Does this tool require a restart?
    A6: When run from Windows Update or from Automatic Updates, the tool may trigger a restart prompt. However, the prompt is triggered only when the restart is required to remove malicious software.

    Q7: Is this tool a replacement for an antivirus product?
    A7: No. We strongly recommend that you install and use an up-to-date antivirus product. For more information, visit the following Microsoft Protect Your PC Web site:

    http://go.microsoft.com/fwlink/?linkid=37595

    Q8: How does this tool work with the System Restore feature in Windows XP?
    A8: This tool does not create a system restore point, nor does it scan system restore points for malicious software. However, if there is active, prevalent malicious software running on a computer that is stored in a restore point, the removal tool will detect and remove it.

    Q9: Can this tool be redistributed?
    A9: Yes. Per the terms of this tool's EULA, the tool can be redistributed. However, make sure you are redistributing the latest version of the tool.

    Q10: Can the tool run on a computer that is running Microsoft Windows 98, Microsoft Windows Millennium, or Microsoft Windows NT 4.0?
    A10: No.

    Q11: What is the difference between this tool and an antivirus product?
    A11: There are three key differences between the Malicious Software Removal tool and an antivirus product: The tool provides postinfection removal of malicious software. It can only remove malicious software from an already-infected computer. Antivirus products are also able to block malicious software from running on a computer. It is significantly more desirable for malicious software to be blocked from running on a computer than being removed postinfection.
    The tool removes only specific, prevalent malicious software. See "Release information" for the specific list. Specific, prevalent malicious software is a small subset of all the malicious software in the wild today. An antivirus product can remove significantly more-malicious software.
    The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running. The tool cannot remove malicious software that is not running. An antivirus product can perform this task.

    Q12: When do new versions of the tool become available?
    A12: New versions become available on the second Tuesday of every month. Microsoft may also release an updated version of the tool to supplement these releases if an emergency occurs.

    Q13: Where can I obtain new versions of the tool?
    A13: If you are a Windows XP user, use Windows Update or Automatic Updates. If you are a Windows Server 2003 user or a Windows 2000 user, download the tool from the Download Center, or run the tool from Microsoft.com. See the "Download and setup information" section for more information.

    Q14: How do I know that I am using the latest version of the tool?
    A14: Check Windows Update or Automatic Updates if you are a Windows XP user. Check the Microsoft Download Center if you use Windows Server 2003 or Windows 2000. Also, if the tool is more than 60 days out of date, it will remind you to see whether there is a new version of the tool.

    Q15: I ran the tool, and it found nothing on my computer. But my computer is still exhibiting strange behavior. What should I do now?
    A15: Visit the following Protect Your PC Web site, and then follow the steps:
    http://go.microsoft.com/fwlink/?linkid=37595
    Scan your computer with an up-to-date antivirus product, and then visit the following Microsoft Web site:
    http://www.microsoft.com/spyware

    Q16: Why does my antivirus product take longer to scan my computer than this tool?
    A16: Unlike an antivirus product, the Malicious Software Removal Tool scans only for "active" malicious software. Specifically, the tool does not scan the whole hard disk. This enables it to run fairly quickly. It is highly recommended that you use an up-to-date antivirus product to also scan for inactive malicious software.

    Q17: Will the Microsoft Knowledge Base article number of the tool change with each new version?
    A17: No. The Microsoft Knowledge Base article number for the tool will remain as 890830 for future versions of the tool. The file name of the tool when downloaded from the Microsoft Download Center will change with each release to reflect the month and the year when that version of the tool was released.

    Q18: Is there any way I can request that new malicious software be targeted in the tool?
    A18: Currently, no. Malicious software that is targeted in the tool is based on metrics that track the prevalence and damage of malicious software.

    Q19: How does the Malicious Software Removal Tool relate to Microsoft Windows AntiSpyware (Beta)?
    A19: The Malicious Software Removal Tool is a different release than Microsoft Windows AntiSpyware (Beta). To download this antispyware tool, visit the following Microsoft Web site:
    http://www.microsoft.com/spyware
    The Malicious Software Removal Tool focuses on the detection and removal of malicious software. For example, malicious software includes viruses, worms, and Trojan horses. Windows AntiSpyware (Beta) detects and removes spyware.

    Q20: Does this tool send back any information to Microsoft?
    A20: Yes. If the tool finds an infection or an error, anonymous information is sent back to Microsoft. See the "Reporting component" section for more information.

    Q21: Can I prevent this tool from sending information back to Microsoft?
    A21: Yes. The reporting component can be disabled by setting a specific registry key. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
    891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment

    Q22: Can I determine whether the tool has been run on a computer?
    A22: Yes. By checking a registry key, you can determine whether the tool has been run on a computer and which version was the latest version that was used. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
    891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment

    Q23: Why don't I see the tool on Windows Update or Automatic Updates?
    A23: Several scenarios may prevent you from the seeing the tool on Windows Update or Automatic Updates: Only Windows XP users are offered the tool on Windows Update or Automatic Updates.
    If you have already run the current version of the tool (through Windows Update or through Automatic Updates or through either of the other two release mechanisms), it will not be reoffered on Windows Update or Automatic Updates.
    For Automatic Updates, the first time that you run the tool, you must be logged on as a member of the Administrators group to accept the EULA.

    Q24: How does Windows Update and Automatic Updates determine who is offered the tool?
    A24: All Windows XP users who are running the latest version of Windows Update or Automatic Updates and who have not already run the current version of the tool are offered the tool on Windows Update and Automatic Updates.

    Q25: When I ran the tool, it told me that errors were found during the scan. What were the errors, and how do I resolve them?
    A25: You can view the specific errors by reading the log file, named Mrt.log, in your %windir%\Debug folder. For information about the errors, click the following article number to view the article in the Microsoft Knowledge Base:
    891717 You receive an error when you run the Microsoft Windows Malicious Software Removal Tool

    Q26: Will you rerelease the tool even if there are no new security bulletins for a particular month?
    A26: Yes. Even if there are no new security bulletins for a particular month, the Malicious Software Removal Tool will be rereleased with detection/removal support for the latest prevalent malicious software.

    Q27: How do I prevent this tool from being offered to me by using Windows Update or Automatic Updates?
    A27: When you are first offered the Malicious Software Removal Tool through Windows Update or Automatic Updates, you can choose to decline downloading and running the tool by declining the EULA. This decline can apply to just the current version of the tool or to both the current version of the tool and any future versions, depending on the options you choose. If you have already accepted the EULA and if you would prefer not to install the tool through Windows Update, click to clear the check box that corresponds to the tool in the Windows Update UI.

    Q28: After I run the tool through Windows Update or Automatic Updates, where are the tool files stored? Can I rerun the tool?
    A28: After the tool is run through Windows Update or Automatic Updates, it is automatically deleted from the computer. To run the tool without using Windows Update or Automatic Updates, run the tool from the Download Center or from the following Microsoft Web site:
    http://www.microsoft.com/malwareremove

    Q29: Can I run this tool on a Windows Embedded computer?
    A29: Currently, the Malicious Software Removal Tool is not supported on a Windows Embedded computer.

    Q30: Does running of the tool require any security updates to be installed on the computer?
    A30: No. Unlike most previous cleaner tools that were produced by Microsoft, the Malicious Software Removal tool does not require any security update prerequisites. However, it is strongly recommended that all critical updates be installed before using the tool, to help prevent reinfection by malicious software that takes advantage of security vulnerabilities.

    Q31: Why did my taskbar disappear and reappear when I ran the tool?
    A31: If the tool finds malicious software on a computer, the Malicious Software Removal Tool may have to restart Windows Explorer to remove the malicious software. This causes the taskbar to disappear and reappear but does not affect any part of your data.

    Q32: Can I deploy this tool by using SUS or SMS? Is it compatible with MBSA?
    A32: For information about deploying this tool, click the following article number to view the article in the Microsoft Knowledge Base:
    891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment

    Q33: Do I need the previous cleaner tools installed to run the Malicious Software Removal Tool?
    A33: No.

    Q34: Is there a newsgroup available to discuss this tool?
    A34: Yes. You can use the microsoft.public.security.virus newsgroup.

    MS AntiSpyware vs Ad-Aware vs SpyBot

    http://www.flexbeta.net/main/article...ion=show&id=84
    Last edited by fords8; 01-13-05 at 01:38 AM.

  2. #2
    Ft. Couch! morbidpete's Avatar
    Join Date
    Mar 2002
    Location
    W. Warwick RI
    Posts
    7,264
    justread about that yesturday..ya beet me to the post..lol

  3. #3
    Elite Member ghost's Avatar
    Join Date
    Oct 1999
    Location
    Virginia
    Posts
    11,599
    It came down in the automatic update yesterday to all my XP boxes.

  4. #4
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    Not downloading it.

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    2

    Lightbulb

    Anyone care to revisit this thread and answer #'s 3 and 27?

    I'm loading 4 laptops for clients and everytime I get updates, that piece of chit is in there. I have gone to the MS Updates page and unselected and told it to never ask again and lo and behold, one reboot later it is there trying to piggyback in the next load. No biggy for me, most of my rigs are linux boxes, but Googling only finds bright sunshiny reviews of how benign and incompetent it is at doing the job MS couldn't do in the 1st place.

    So, anyone care to expound on #3: how to remove permanently, and #27: How to prevent it sneaking in next batch? This is worse than the WGA, at least now they give you a chance to tell them "No way".

  6. #6
    Junior Member
    Join Date
    Jul 2007
    Posts
    2
    Sigs aren't retro, eh?

  7. #7
    Junior Member
    Join Date
    Nov 2007
    Posts
    23
    Quote Originally Posted by meiny mo View Post
    Anyone care to revisit this thread and answer #'s 3 and 27?

    I'm loading 4 laptops for clients and everytime I get updates, that piece of chit is in there. I have gone to the MS Updates page and unselected and told it to never ask again and lo and behold, one reboot later it is there trying to piggyback in the next load. No biggy for me, most of my rigs are linux boxes, but Googling only finds bright sunshiny reviews of how benign and incompetent it is at doing the job MS couldn't do in the 1st place.

    So, anyone care to expound on #3: how to remove permanently, and #27: How to prevent it sneaking in next batch? This is worse than the WGA, at least now they give you a chance to tell them "No way".


    Disabling Windows Update for Malicious Software Removal Tool:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
    "DontOfferThroughWUAU"=dword:00000001

  8. #8
    R.I.P. Nov 2015 RaisinCain's Avatar
    Join Date
    Jun 2009
    Posts
    1,951
    The tool is and has always been crap and MS's feeble attempt at securing its OS... just like security essentials. Anyone running these "tools isa fool.

  9. #9
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    Quote Originally Posted by RaisinCain View Post
    The tool is and has always been crap and MS's feeble attempt at securing its OS... just like security essentials. Anyone running these "tools isa fool.
    So I guess a lot of us that have massive experience in the field, and do this professionally for a living, is a "fool"...
    Hmmm...nah, I don't think so. Plenty of good business success backing us up. MSE ain't the best...but for a freebie it's OK..and it doesn't cripple the operating system with really bad "false positive" oops's that the other freebie AV apps all have on a nearly yearly basis.

    And I can't begin to count now many times I've seen MSRT file, and remove, remnants of a malware infection after MWB, Spybot, SAS, Hitman, Avast, Eset, Kaspersky, ADWCleaner, <insert a buncha other stuff> have been on a system.

    While it's far from the best utility out there, and it's certainly not one of the first tools that gets run...not even the middle of the pack, as an occasional followup, or at least part of the regular windows updates to run in the background, it's fine.

    time to bury this 2005 thread.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

Similar Threads

  1. Microsoft Security Bulletin
    By fredra in forum Network Security
    Replies: 1
    Last Post: 11-12-03, 08:57 PM
  2. Replies: 19
    Last Post: 03-13-03, 08:10 AM
  3. How to delete IE?
    By YARDofSTUF in forum General Discussion Board
    Replies: 14
    Last Post: 07-13-02, 09:41 PM
  4. Mo beta News, (VIA / Win2K SP2)
    By messiah in forum General Discussion Board
    Replies: 0
    Last Post: 02-26-01, 03:39 PM
  5. Beta News
    By messiah in forum General Discussion Board
    Replies: 1
    Last Post: 02-22-01, 06:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •