Malicious software removal tool has changed

A full scan performs a quick scan and then a full scan of the computer, regardless of whether malicious software is found during the quick scan. This scan can take several hours to complete because it will scan all fixed and removable drives. However, mapped network drives are not scanned. If malicious software has modified infected files on your computer, the tool prompts you to remove the malicious software from those files.

If the malicious software modified your browser settings, your homepage may be changed automatically to a page that gives you directions on how to restore these settings.

You can clean specific files or all the infected files that the tool finds. Be aware that some data loss is possible during this process. Also, be aware that the tool may be unable to restore some files to the original, pre-infection state.

The removal tool may request that you restart your computer to complete the removal of some malicious software, or it may prompt you to perform manual steps to complete the removal of the malicious software. To complete the removal, you should use an up-to-date antivirus product. The Malicious Software Removal Tool will send basic information to Microsoft if the tool detects malicious software or finds an error.

This information will be used for tracking virus prevalence. The tool will check your computer in the background and stay silent if everything is fine. All you need to do is ensure the update is installed from Windows Update. This tool is nowhere near a replacement for an antivirus. The tool performs a Quick scan when you run it in the background, but you can also perform a Full scan or Customized scan to scan your entire system or specific folders if you run it manually.

After the tool runs — either manually or automatically in the background — it will create a log file you can view. You can open this file in Notepad or any other text editor to see the results of the scan. In the early hours of February 24th GMT, Windows' automatic updates installed an update on my Windows 7 machine that included a definition update to the Malicious Software Removal Tool.

The Malicious Software Removal Tool or KB is a Windows malware-protection offering that updates and runs once a month, and proceeds to remove any threats it finds without user confirmation. After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software including Blaster, Sasser, and Mydoom and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer.

A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft. This tool is not a replacement for an antivirus product. The Microsoft Knowledge Base article number for the tool will remain as for future versions of the tool.

The file name of the tool when it is downloaded from the Microsoft Download Center will change with each release to reflect the month and the year when that version of the tool was released. A6: Currently, no. Malicious software that is targeted in the tool is based on metrics that track the prevalence and damage of malicious software.

A7: Yes. By checking a registry key, you can determine whether the tool has been run on a computer and which version was the latest version that was used. If you have already run the current version of the tool from Windows Update, Microsoft Update, Automatic Updates, or from either of the other two release mechanisms, it will not be reoffered on Windows Update or Automatic Updates.

For Automatic Updates, the first time that you run the tool, you must be logged on as a member of the Administrators group to accept the license terms. A9: The tool is offered to all supported Windows and Windows Server versions that are listed in the "Summary" section if the following conditions are true:.

A Yes. Even if there are no new security bulletins for a particular month, the Malicious Software Removal Tool will be rereleased with detection and removal support for the latest prevalent malicious software. A When you are first offered the Malicious Software Removal Tool from Microsoft Update, Windows Update, or Automatic Updates, you can decline downloading and running the tool by declining the license terms. This action can apply to only the current version of the tool or to both the current version of the tool and any future versions, depending on the options that you choose.

If you have already accepted the license terms and prefer not to install the tool through Windows Update, clear the checkbox that corresponds to the tool in the Windows Update UI.

A If it is downloaded from Microsoft Update or from Windows Update, the tool runs only one time each month. A No. Unlike most previous cleaner tools that were produced by Microsoft, the MSRT has no security update prerequisites. However, we strongly recommend that you install all critical updates before you use the tool, to help prevent reinfection by malicious software that takes advantage of security vulnerabilities.

You can use the microsoft. A In some cases, when specific viruses are found on a system, the cleaner tool tries to repair infected Windows system files. Although this action removes the malicious software from these files, it may also trigger the Windows File Protection feature. If you see the Windows File Protection window, we strongly recommend that you follow the directions and insert your Microsoft Windows CD.

This will restore the cleaned files to their original, pre-infection state. A The tool does use a file that is named Mrtstub. If you verify that the file is signed by Microsoft, the file is a legitimate component of the tool. Double-click the Mrt. Windows More The MSRT differs from an antivirus product in three important ways: The tool removes malicious software from an already-infected computer.

Malicious software family Tool version date and number Caspetlod July V 5. A April V 5. A October 5. ARXep June 5. ARXbxep June 5. A March 4. AT November 3. AU August 3. C August 3. B August 3. A August 3. B August 1. A August 1. MC August A 1. MB August A 1. MA August A 1. A August A 1. O August A 1. E August A 1. D August A 1. C August A 1. B August A 1. A1: Yes. Q4: How do I know that I'm using the latest version of the tool?

Q5: Will the Microsoft Knowledge Base article number of the tool change with each new version? The tool can be deployed in an enterprise environment to enhance existing protection and as part of a defense-in-depth strategy. To deploy the tool in an enterprise environment, you can use one or more of the following methods:. The current version of this tool does not support the following deployment technologies and techniques:.

This article includes information about how you can verify execution of the tool as part of deployment. The script and the steps that are provided here are meant to be only samples and examples. Customers must test these sample scripts and example scenarios and modify them appropriately to work in their environment.

You must change the ServerName and the ShareName according to the setup in your environment. The following code sample does the following things:. Prefixes the log the file name by using the name of the computer from which the tool is run and the user name of the current user Note You must set appropriate permissions on the share according to the instructions in the Initial setup and configuration section.

Note In this code sample, ServerName is a placeholder for the name of your server, and ShareName is a placeholder for the name of your share.

This section is intended for administrators who are using a startup script or a logon script to deploy this tool. If you are using SMS, you can continue to the "Deployment methods" section. To configure the server and the share, follow these steps:. Set up a share on a member server. Then name the share ShareName. Copy the tool and the sample script, RunMRT. See the Code sample section for details. Add the domain user account for the user who is managing this share, and then click Full Control.

If you use the computer startup script method, add the Domain Computers group together with Change and Read permissions. If you use the logon script method, add the Authenticated Users group together with Change and Read permissions.

Remove the Everyone group if it is in the list. Note If you receive an error message when you remove the Everyone group, click Advanced on the Security tab, and then click to clear the Allow inheritable permissions from parent to propagate to this object check box. Under the ShareName folder, create a folder that is named "Logs. Note Do not change the Share permissions in this step. Note To run this tool, you must have Administrator permissions or System permissions, regardless of the deployment option that you choose.

The following example provides step-by-step instructions for using SMS The steps for using SMS 2. Create a. The following is an example. For more information about Ismif Right-click the Packages node, click New , and then click Package.

The Package Properties dialog box is displayed. On the Data Source tab, click to select the This package contains source files check box. Click Set , and then choose a source directory that contains the tool. On the Distribution Settings tab, set the Sending priority to High. Version and Publisher are optional.