Malicious Software Removal Tool

Category: Security

I already have a firewall, anti-virus, and anti-spyware protection. Do I really need the Malicious Software Removal Tool that Microsoft is recommending for me to download?

Malicious Software Removal Tool

What is the Malicious Software Removal Tool?

The Windows Malicious Software Removal Tool (MSRT) is a component of Microsoft Windows XP, Vista, and Windows 7. It does not run on older systems, such as Windows 98, Windows Millennium Edition, or Microsoft Windows NT 4.0. It's installed automatically with the rest of the operating system and updated regularly via Windows Update. It does just what its name says, and that's all it does. Then it deletes itself until the next time you update Windows.

The Malicious Software Removal Tool does not ward off infections by malware (malicious software) as programs such as Norton Internet Security and Avast! Antivirus do. It only detects infections that already exist on your system and removes them. Malware (viruses, spyware and other nasties) may have already done damage by the time MSRT snuffs it, so you should have preventive anti-malware programs installed as well.

Furthermore, MSRT detects only some of the many malware specimens that exist in the wild. It relies upon a database of known malware programs and their digital "signatures," patterns of bits and bytes that comprise a program. This database is updated often, but there will always be a large body of new malware being written that MSRT does not recognize yet. That's another reason not to rely upon MSRT exclusively for protection.

Another limitation of MSRT is that it only detects malware that is actively running in RAM on your computer. If a malware program is lying dormant on your hard drive it will escape MSRT's notice.

Do You Really Need the Malicious Software Removal Tool?

If this sounds pretty lame to you, you're in good company. There are lots of free antivirus programs available that do a much better, more proactive job. So why does MSRT exist, and why does Microsoft push it onto every Windows user via default installation and Automatic Update? Basically, MSRT is a just a perfunctory patch for Windows' wretched reputation as a security sieve.

Microsoft was taking a lot of heat from the entire computing industry in the mid-2000s. Its software was notoriously vulnerable to malware through many programming loopholes. The company vowed to improve the security of Windows, Internet Explorer, the Internet Information Server (Microsoft's basic Web server software), and its other products. MSRT is one of the bones that Microsoft threw to users complaining about lack of security.

But Microsoft did not want to offend its partners in the security business, such as Norton. So it did not make MSRT a serious competitor for commercial antivirus programs. It's a fig leaf, despite the company's claims that MSRT has eradicated tens of millions of malware copies from users' computers. As of May, 2009, Microsoft claims that MSRT has removed password-stealing malware from 859,542 Windows-using computers. That's nice, but just a drop in the bucket, really.

You needn't be concerned about MSRT wasting computer resources or disk space. The program takes up only 10 MB on a hard drive and that only temporarily. When you update Windows, MSRT is downloaded to a temporary directory. You are asked to accept its licensing agreement. Then MSRT runs a scan of your system for malware and removes what it can. Finally, it deletes itself. It doesn't run again until the next Windows update.

Bottom line, MSRT is better than nothing for those who have nothing. But it won't add much additional protection to systems that already have anti-virus and anti-spyware software in place.

Got something to say about the Malicious Software Removal Tool? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Dec 2009


For Fun: Buy Bob a Snickers.

Prev Article:
Copy DVD to Hard Drive

The Top Twenty
Next Article:
eSATA External Hard Drives

Most recent comments on "Malicious Software Removal Tool"

Posted by:

Mary
03 Dec 2009

Under the heading of anecdotal information:
Some web gurus (supposedly) having inside Microsoft information indicate that MSRT will eventually be phased out. Microsoft now has it's own free anti-malware tool called Security Essentials:

http://www.microsoft.com/security_essentials/

MSE is a full anti-virus, anti-spyware, anti-malware tool that's easy to use and extremely light on system resources. It uses less than 11.5MB HD space on my laptop. No telling how long before MSRT is phased out because MS seems to be devoting most of it's resources to Win 7 and MSE.


Posted by:

redmaledeer
03 Dec 2009

From what you say, and from Microsoft's description of MSRT, MSRT removes malware it finds. Does it ask the user's permission to do this before removing, or does it remove malware without asking? Does it at least tell you what it has removed? I am always wary about protective programs which remove with asking the user.

Thanks.


Posted by:

BoB in Toronto, Canada
03 Dec 2009

MSRT is an extra layer or preventative double check so nothing can slip through. It's a small, quick monthly verification that everything's OK!


Posted by:

John
03 Dec 2009

The Microsoft MSRT program does not delete itself after running. The program lives in the Windows\System32 folder. The program can be run at anytime by opening the Run dialogue and typing mrt. This is a handy tool to have if a computer that I am working on does not have updated AV software installed. Of course, a better alternative would be to run a portable or bootable, up-to-date AV scanner. But, MRT has helped me out on several occasions.

John


Posted by:

Dixie Rice
03 Dec 2009

Dear Bob: I have been a subscriber for a very long time and rely on your newsletter for a lot of information. Just recently when I log onto your site from my email newsletter I have just received, the WebOfTrust Warning comes up! I ignore it naturally, but thought you should know about it. Thanks for all the help and do continue. Dixie Rice

EDITOR'S NOTE: Sounds more like a WebOfFalsePositives. Thanks for the heads up.


Posted by:

shadowfalcon
04 Dec 2009

Yeah, how do you get rid of it then!?


Posted by:

Pierre
04 Dec 2009

I agree with you! Almost 100% I still download, save, and run the MSRT, each time. At the same time I delete last month's version. But then I am paranoid.

So your opinions on:
1) The MS Live Security software.
2) The new dis-improved hotmail.
3) Hey! Look at all the features we removed "New" Microsoft Works.
4) The new Hey! Look at all the features we removed Office 2007.
5) The new Hey! Look at all the features we removed Win 7.
6) MS Defender, which, while it exists for all the same reasons MSRT does... in my opinion, is half-assed good.
7) Will Mirthcosoft EVER be competent?
8) You just replaced Steve Balmer and Uncle Bill. In brief.... What would you do?


Posted by:

Timm
04 Dec 2009

I had always just assumed that MSRT was running silently in the background after updates. It appears I was mistaken as, after reading John's post above, I ran it manually and saw something I had never seen before, i.e., the tool actually scanning. I wonder how many other folks just assumed it was running when it wasn't. Thanks John --and Bob-- for the heads up.


Posted by:

Michael
04 Dec 2009

MSRT is not deleted. See my blog from February for more

What you don't know about the Windows Malicious Software Removal Tool
http://blogs.computerworld.com/what_you_dont_know_about_the_windows_malicious_software_removal_tool

If nothing else, its an easy way to see the last time Windows Update was run.


Posted by:

Handyvan
04 Dec 2009

Snarky bumper-snicker: "I ran the Malicious Software Removal Tool, and it removed Windows."


Posted by:

Dennis Hubbell
04 Dec 2009

Hi BOB Microsoft MSRT works great but dont count on it for your only MPT.After tying Nort,Macf and Windows I found Kaspersky internet security works I agree with John when it find a malware-virus MS
RT will ask KIS to resolve Dennis


Posted by:

Tim
04 Dec 2009

I am running XP Pro and always allow the updates without question. I also have some software called Driver Cure, which a friend whom I rely upon suggests to never allow to run. It keeps giving me warning of drivers that are outdated or otherwise need to be fixed. Is this safe to run and if not, would the MRT safely remove Driver Cure.

EDITOR'S NOTE: I agree with your friend. Not sure if it's harmful, but probably unnecessary at best.


Posted by:

Victor
05 Dec 2009

MSRT is digitally signed by Microsoft and therefore trusted and allowed to run by any antispyware program.
I wonder how many personal info it 'sends home' to Microsoft servers.
By having to accept the licensing agreement you are basically giving Microsoft the permission to snoop all over your system.
That's why I never choose to download this (anti)spyware 'tool'.


Posted by:

DukeW
06 Dec 2009

Don't knock the tool too hard. A friend had managed to get her machine so infected that the usual tools wouldn't even install. In desperation, I tried the MSRT for that month, and could finally get Malwarebytes to install and run. MSFT is probably a perfect demonstration of Microsoft's too little too late mentality, but at least their hearts are in the right place.


Posted by:

Ed
18 Jan 2010

I've used Malwarebytes in the past, and done excellent job on removing these pests.. especially Rouge Antiviruses.


Posted by:

jtdoom
02 Feb 2010

Dear gentlebeings, let us stress that MRT.exe is at least better than nothing. (You will be able to run it in safe mode whereas "some" resident shields do not even initialise.)
MBAM is very useful.
AVG free gets recognised by win7 in all x64 and x86 versions. (albeit it sometimes is seen as not, it usually just means there is a download in the pipeline shortly after powering up a system.)

Avast Free (at this time version 4.8 is not.. and maybe avast 5.0x is still not?) is not detected by win7 x64 bit security advisor, but gets seen as a securty program by the 32bit versions (x86).
Same symptoms, shortly after boot.

These "not protected" also happen in XP 32 and 64 bit, and FAIK, in Vista (which I seldom use), but once again, this sometimes only happens while initialising after a power up. (a good OS system has not made networking connections during boot.)

One really wants active resident programs behind a good firewall (and a router with DMZ is not a true firewall, yet better than no router.)
Kind regards, Jaak. noob at times, smart at nothing.


Posted by:

Shelley
08 Feb 2010

Help! I just ran a scan and found I have a trojan, malware, malicious software...the whole gamut. I'm not really very computer literate so I'm not sure what my next step is in order to remove all of this junk. My biggest problem is I can't connect to any search engine(google, bing, yahoo,etc.) I've been unemployed for over a year and really don't have the funds to purchase an expensive fix. Is there anything free that I can download or what is the most cost effective solution you can suggest. Thanks.

EDITOR'S NOTE: See http://askbobrankin.com/free_antivirus_programs.html and http://askbobrankin.com/free_antispyware_programs.html


Posted by:

Bertrand
03 Apr 2010

My niece was playing on Facebook Messenger and got a message saying the computer was infected with 26 viruses, etc and the only answer was to download a program called Security Tool. Having done this(she's young) it quickly became clear that you couldn't do anything as it kept bringing up a series of dialogue boxes saying " file [blah].exe is trying to access an internet website with your creditcard details - to fix, purchase this programme"

That computer has AVG which is clunky but good; I figured security Tool was the virus and eventually managed (after 3hours of trying) to get rid by finding where the file was and then siccing Malwarebytes' File Assassin on it, which just did the job directly.

I'm pretty impressed with Malwarebytes as nothing else I did was at all useful; I have Kaspersky at home as it doesn't slow the computer quite so much but does anyone else know if it's worth buying Malwarebytes or is the free version enough for most stuff?

Thanks.


Posted by:

Kevin
07 Jul 2014

(I understand this is an old post, but I just found it now...)

Timm - "I had always just assumed that MSRT was running silently in the background after updates. It appears I was mistaken...."

Actually, you are not mistaken... there are two versions of Microsoft Malicious Software Removal Tool (MSRT).

The first version, which is installed and run by Microsoft Update, runs in the background and does not display any interface that indicates it is running/scanning. When it is done scanning, it will then report if a malware infection was found. I don't know if it deletes itself after running.

The second version of MSRT can be downloaded and installed on your PC. It installs as:
C:\Windows\System32\MRT.exe

Running this version of MSRT displays a prompt to accept the license agreement, then prompts for "Quick", "Full", or "Custom" scan, then displays a progress dialog while scanning which is similar to another tool:
"Microsoft Safety Scanner"

After running, it displays a dialog indicating that it has either found no threats; or identifies any threats it may have found, and allows you to remove them all or selectively remove some, or do nothing, as desired. After running, this version remains installed and can be run again anytime.

"Microsoft Safety Scanner" will "expire" after 10 days and must be re-downloaded/installed to run again after 10 days. The downloaded version of MSRT might work the same way.

It is possible that "Microsoft Safety Scanner" and "MSRT" are the same, or nearly the same as the dialogs they display while running are basically the same.

You can find more information and download/install MSRT here:
http://www.microsoft.com/security/pc-security/malware-removal.aspx

A relavent quote from that page:
"Note: The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if a malware infection is found. To run this tool more than once a month, use the version on this web page or install the version that is available at the Microsoft Download Center (http://go.microsoft.com/fwlink/p/?LinkId=40587)."

You can download and run "Microsoft Safety Scanner" here:
http://www.microsoft.com/security/scanner/en-us/default.aspx


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- Malicious Software Removal Tool (Posted: 2 Dec 2009)
Source: http://askbobrankin.com/malicious_software_removal_tool.html
Copyright © 2005 - Bob Rankin - All Rights Reserved