Malicious Software Removal Tool
Malicious Software Removal Tool
Article by Marc Liron - Microsoft MVP (2004-2010)
Why Is The Malicious Software Removal Tool Needed..?
It has been estimated that only one third of home users have an up to date anti virus product installed on their PC's.
The many home users without an up to date anti virus program installed, are helping in the spreading of today's viruses, Trojans and worms!
To help remedy this situation, in part, Microsoft have now released the FREE: Malicious Software Removal Tool ...
So What Is the Microsoft Malicious
Software Removal Tool..?
January 2005 sees the debut of a FREE security tool from Microsoft. This new tool will be updated on a monthly basis to include information about recent malicious software threats...
Here is what Microsoft have to say in their own words:
Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003 , Microsoft Windows XP, or Microsoft Windows 2000. The Malicious Software Removal Tool supersedes all virus-cleaner tools that were previously released by Microsoft. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool from the Malicious Software Removal Tool Web site on Microsoft.com.
To run the Malicious Software Removal Tool from either location, you must log on to your computer with an account that is a member of the Administrators group. If you are running Windows XP, you can also run the Malicious Software Removal Tool from the Windows Update Web site or by using Automatic Updates.
...In practice, on the first Tuesday in every month, if you have Automatic Updates switched ON. The new tool will download and run a scan on your computer to see if there is any malicious software running...
The software does not install itself, and runs in "quiet mode" so that you will not actually see it running! When it has finished its scan - the software then removes itself. For those of you concerned about privacy issues, you will be asked to accept an end user licence agreement (EULA) before the scan takes place.
The software also creates a log file, more information on this in the next section.
This tool is updated monthly and contains a list of known threats and any variants.
It is NOT a substitute for having an up to date anti virus product installed, BUT it will help to reduce the amount of infected PC's connected to the Internet.
Far too many folks have "infected" PC's and just are NOT aware of the problems this is causing the rest of us...
As already stated, this tool will be updated to include new malicious threats as they appear. The initial version of the Malicious Software Removal Tool - version January 2005 - includes:
Win32/Berbew - Moderate*
Win32/Doomjuice - Moderate*
Win32/Gaobot - Moderate*
Win32/MSBlast - Critical*
Win32/Mydoom - Moderate*
Win32/Nachi - Critical*
Win32/Sasser - Critical*
Win32/Zindos - Moderate*
* The severity rating refers to the virus alert severity ratings that appear on the following Microsoft Web site:
Only threats that are rated as "Moderate" or "Critical" are considered for inclusion in the removal tool.
Manual Download Of The Removal Tool...
If you do NOT have Automatic Updates installed you can always download the removal tool manually!
Visit this URL:
After downloading the file can be run (it will not install any files) and can then be safely removed afterwards.
A log of the scan, called mrt.log , will be created and stored at:
C:\WINDOWS\Debug (Windows XP)
The contents of my log file can be seen below:
Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Tue Jan 11 10:52:24 2005
Removal Tool Results:
No infection found.
Microsoft Malicious Software Removal Tool Finished On Tue Jan 11 10:52:41 2005
In the next section below, you can see the two screens that are shown when the tool is run manually.
(If you encounter a problem with the tool you may find an answer here: http://support.microsoft.com/?kbid=891717 )
Software Removal Tool:
There is also a free online version of the malicious software removal tool - visit this link:
Supported Operating Systems: (for ALL version of this tool.)
Windows Server 2003
Windows XP Home and Pro
As well as using this tool I strongly recommend that users follow these four simple steps:
One, use an Internet firewall on all PCs
Two, regularly install the latest security updates on all PCs
Three, use up-to-date anti-virus software
Four, use an anti-spyware solution