Author Topic: MICROSOFT Malicious Software Removal Tool  (Read 19740 times)

0 Members and 1 Guest are viewing this topic.

S.Z.Craftec

  • Guest
MICROSOFT Malicious Software Removal Tool
« on: January 11, 2005, 10:58:07 PM »
2 New updates for Windows XP are available for download from the Microsoft web site... one of them is Malicious Software Removal Tool...

Read about it in here:
http://support.microsoft.com/?kbid=890830

Quote from FAQ (few very important facts):

Q1: Does this tool provide my computer with protection against infection from malicious software like viruses, worms, and Trojan horses?
A1: No. This tool is strictly a postinfection removal tool.

Q7: Is this tool a replacement for an antivirus product?
A7: No. We strongly recommend that you install and use an up-to-date antivirus product. For more information, visit the following Microsoft Protect Your PC Web site:

http://go.microsoft.com/fwlink/?linkid=37595

Q8: How does this tool work with the System Restore feature in Windows XP?
A8: This tool does not create a system restore point, nor does it scan system restore points for malicious software. However, if there is active, prevalent malicious software running on a computer that is stored in a restore point, the removal tool will detect and remove it.

Q9: Can this tool be redistributed?
A9: Yes. Per the terms of this tool's EULA, the tool can be redistributed. However, make sure you are redistributing the latest version of the tool.

Q10: Can the tool run on a computer that is running Microsoft Windows 98, Microsoft Windows Millennium, or Microsoft Windows NT 4.0?
A10: No.

Q11: What is the difference between this tool and an antivirus product?
A11: There are three key differences between the Malicious Software Removal tool and an antivirus product: • The tool provides postinfection removal of malicious software. It can only remove malicious software from an already-infected computer. Antivirus products are also able to block malicious software from running on a computer. It is significantly more desirable for malicious software to be blocked from running on a computer than being removed postinfection. 
• The tool removes only specific, prevalent malicious software. See "Release information" for the specific list. Specific, prevalent malicious software is a small subset of all the malicious software in the wild today. An antivirus product can remove significantly more-malicious software.
• The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running. The tool cannot remove malicious software that is not running. An antivirus product can perform this task.


Q12: When do new versions of the tool become available?
A12: New versions become available on the second Tuesday of every month. Microsoft may also release an updated version of the tool to supplement these releases if an emergency occurs.

Q14: How do I know that I am using the latest version of the tool?
A14: Check Windows Update or Automatic Updates if you are a Windows XP user. Check the Microsoft Download Center if you use Windows Server 2003 or Windows 2000. Also, if the tool is more than 60 days out of date, it will remind you to see whether there is a new version of the tool.

Q16: Why does my antivirus product take longer to scan my computer than this tool?
A16: Unlike an antivirus product, the Malicious Software Removal Tool scans only for "active" malicious software. Specifically, the tool does not scan the whole hard disk. This enables it to run fairly quickly. It is highly recommended that you use an up-to-date antivirus product to also scan for inactive malicious software.

Q20: Does this tool send back any information to Microsoft?
A20: Yes. If the tool finds an infection or an error, anonymous information is sent back to Microsoft. See the "Reporting component" section for more information.

Q21: Can I prevent this tool from sending information back to Microsoft?
A21: Yes. The reporting component can be disabled by setting a specific registry key. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment


Q29: Can I run this tool on a Windows Embedded computer?
A29: Currently, the Malicious Software Removal Tool is not supported on a Windows Embedded computer.

Q30: Does running of the tool require any security updates to be installed on the computer?
A30: No. Unlike most previous cleaner tools that were produced by Microsoft, the Malicious Software Removal tool does not require any security update prerequisites. However, it is strongly recommended that all critical updates be installed before using the tool, to help prevent reinfection by malicious software that takes advantage of security vulnerabilities.

Q33: Do I need the previous cleaner tools installed to run the Malicious Software Removal Tool?
A33: No.

Q34: Is there a newsgroup available to discuss this tool?
A34: Yes. You can use the microsoft.public.security.virus newsgroup.
« Last Edit: January 12, 2005, 12:16:17 AM by S.Z.Craftec »

Offline darkparrot

  • Sr. Member
  • ****
  • Posts: 228
  • Mmm! Parrot pie!
Re: MICROSOFT Software Removal Tool
« Reply #1 on: January 12, 2005, 12:06:17 AM »
Interesting. Thanks.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 42781
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MICROSOFT Malicious Software Removal Tool
« Reply #2 on: January 12, 2005, 12:23:24 AM »
I like the fact that it can remove it from a restore point.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re: MICROSOFT Malicious Software Removal Tool
« Reply #3 on: January 12, 2005, 04:01:03 AM »
After the install, where the heck does MS put this tool?  I can't find it!

Tipton
"I have lived through alot of horrible things in my life.......some of which actually happened"

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: MICROSOFT Malicious Software Removal Tool
« Reply #4 on: January 12, 2005, 04:25:32 AM »
After the install, where the heck does MS put this tool?  I can't find it!

I look like a monkey to found and I can't too  :(
The best things in life are free.

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re: MICROSOFT Malicious Software Removal Tool
« Reply #5 on: January 12, 2005, 04:33:30 AM »
After the install, where the heck does MS put this tool?  I can't find it!

I look like a monkey to found and I can't too  :(

From what I gather from other sources, it actually does not get installed at all. It just gets ran when you accept the download. I am still a bit confused on this.

Tipton
"I have lived through alot of horrible things in my life.......some of which actually happened"

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: MICROSOFT Malicious Software Removal Tool
« Reply #6 on: January 12, 2005, 04:44:59 AM »
From what I gather from other sources, it actually does not get installed at all. It just gets ran when you accept the download. I am still a bit confused on this.

Ok but it must be saved to disk sooner or later to be run...
The recovery file applications cannot found them...  ::)
It seems to be shread (erased) after run  :(
The best things in life are free.

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re: MICROSOFT Malicious Software Removal Tool
« Reply #7 on: January 12, 2005, 04:56:06 AM »
From what I gather from other sources, it actually does not get installed at all. It just gets ran when you accept the download. I am still a bit confused on this.

Ok but it must be saved to disk sooner or later to be run...
The recovery file applications cannot found them...  ::)
It seems to be shread (erased) after run  :(

Exactly! It gets removed from your system after it is ran. Right after I installed it along with the other critical MS patch, I found it's exe under LocalDisk C. Later, it was gone!

Tipton
"I have lived through alot of horrible things in my life.......some of which actually happened"

Offline watchthisspace

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 637
  • Avast! What the pros use
Re: MICROSOFT Malicious Software Removal Tool
« Reply #8 on: January 12, 2005, 06:20:46 AM »
Thanks for the heads up Sash  :)

Offline Negeltu

  • Sr. Member
  • ****
  • Posts: 350
Re: MICROSOFT Malicious Software Removal Tool
« Reply #9 on: January 12, 2005, 09:09:08 AM »
But it specifically says it can be redistributed... therefore I take it that it is NOT delled after running.  :)

S.Z.Craftec

  • Guest
Re: MICROSOFT Malicious Software Removal Tool
« Reply #10 on: January 12, 2005, 12:04:56 PM »
Guys, guys  ::) You don't read instructions and info... read here:

Quote
Usage information
When the Malicious Software Removal Tool runs, it performs the following functions. Except where noted, the tool has the same behavior independent of what command-line switches you use or how you download and run the tool. Note that the tool is not actually installed on a computer. Therefore, no entry is created for it in the Programs folder or in Add/Remove Programs.

Notes• When you download the tool from Windows Update or from Automatic Updates, the tool always runs in quiet mode.
• When you run the tool from our Web site at http://www.microsoft.com, the tool always displays a user interface (UI).
• When you download the tool from the Microsoft Download Center, the tool ordinarily displays a UI when it runs. However, if you supply the /Q command-line switch, it runs in quiet mode.

Recording scan data
After the scan is complete, the tool creates a log file that contains the results of the scan. The name of the file is Mrt.log. The file is in the %windir%\Debug folder.
• This log file is available in English only.

Standalone program can be downloaded here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Quote
Command-line switches
The Malicious Software Removal Tool supports two command-line switches: • /Q or /quiet - Use quiet mode. This option suppresses the user interface of the tool. 
• /? - Display a dialog box that lists the command-line switches.

You can run it, check your system, and then you can re-run it additional million times if you want... but, be sure that you always download latest version, because... read this:

Quote
A new version of this tool is released on the second Tuesday of every month. These new versions will be available from the Microsoft Download Center—this page—as well as from Windows Update / Automatic Updates. It is recommended that Windows XP users use Windows Update / Automatic Updates to download the tool. If you are using any other version of Windows for which this tool is supported, please download the tool from this page or run the online version of the tool at least once a month to ensure that you are using the latest version of this software.

Also, there is online version of the tool:
Quote
An online version of the tool is also available. Click here: http://www.microsoft.com/security/malwareremove/default.mspx

All other information can be found in here:
http://support.microsoft.com/?kbid=890830  ;)

It can be redistributed... of course if you download latest version of the program...
Quote
Q9: Can this tool be redistributed?
A9: Yes. Per the terms of this tool's EULA, the tool can be redistributed. However, make sure you are redistributing the latest version of the tool.

Cheers !
« Last Edit: January 12, 2005, 12:08:19 PM by S.Z.Craftec »

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re: MICROSOFT Malicious Software Removal Tool
« Reply #11 on: January 12, 2005, 05:00:11 PM »
Thanks Sasha! I was able to find my mrtlog. I suppose the best method would be to just run this tool via windows update, so you know that it is using the most recent up to date release. Of course the downloadable version is nice to have to run on other systems out of the house.

Tipton
"I have lived through alot of horrible things in my life.......some of which actually happened"

S.Z.Craftec

  • Guest
Re: MICROSOFT Malicious Software Removal Tool
« Reply #12 on: January 12, 2005, 07:38:07 PM »
Exactly Tipton ! IMHO, automatic checking through standard Windows update is great, maybe the best method. User doesn't have to do anything, everything is done automaticaly. Online version is also useful, of course downloadable version too.

Cheers !

Offline JohnW

  • Newbie
  • *
  • Posts: 17
Re: MICROSOFT Malicious Software Removal Tool
« Reply #13 on: February 07, 2005, 05:36:17 PM »
Just came across this topic by accident.

It seems to me very significant that the product can remove a virus from a System Restore point.

Avast (and other checkers) were never able to do this.

Can the latest versions remove from System Restore or does MS know something that they're not letting on

J

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82563
  • No support PMs thanks
Re: MICROSOFT Malicious Software Removal Tool
« Reply #14 on: February 07, 2005, 06:27:04 PM »
System Restore's System Volume Information and the _restore points are windows protected storage. Windows is protecting it, so I would say they should know how to remove that protection, remove a restore point and enable protection again.

We mere mortals usually have to disable system restore (which gets rid of all restore points not just an infected one), resolve any other issues and then enable system restore.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/