Malicious Software Removal Tool: Difference between revisions
Content deleted Content added
No edit summary |
No edit summary |
||
| (274 intermediate revisions by more than 100 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Software Tool}} |
|||
[[Image:mrtscreenshotmay07.jpg|left|thumb|A screenshot of Windows Malicious Software Removal Tool, running under Windows XP.]][[Image:Windowsmrticon.png|thumb|right|The Windows Malicious Software Removal Tool Icon]]The '''Windows Malicious Software Removal Tool''' is freely-distributed [[Computer software|software]] developed by [[Microsoft]] for their [[Microsoft Windows|Windows]] operating system. The software was originally released by Microsoft in January 2005. It is updated on the second [[Patch Tuesday|Tuesday]] of every month via [[Windows Update]], at which point it is run automatically in the background and reports if malicious software is found. To run it manually at other times, one can download the tool from Microsoft and to start "mrt.exe" from the [[Cmd.exe|command interface]], by going to the system32 folder, or by using the [[Run command]] in the [[Start Menu]]. |
|||
{{Infobox software |
|||
The software was released by Microsoft as a basic [[Computer virus|virus]] removal tool<ref name="itpro">{{Cite web|url=http://www.windowsitpro.com/Article/ArticleID/45410/45410.html|title=Windows IT Pro - "What's the Microsoft Windows Malicious Software Removal Tool?"|accessdate=2006-07-05|year=2005|author=John Savill}}</ref> in January 2005. The company claims that the software does not directly compete with established [[Antivirus software|anti-virus]] programs such as [[Norton AntiVirus]] and [[McAfee Antivirus]], but simply provides basic antivirus security to as many users as possible. Because the software is distributed via Microsoft's Windows Update service, it is seen by the majority of the company's customers who are connected to the [[Internet]].{{Fact|date=November 2007}} |
|||
| name = Malicious Software Removal Tool |
|||
| logo = Windowsmrticon.png |
|||
| logo size = 32px |
|||
| screenshot = MSRT Screenshot.png |
|||
| screenshot size = 300px |
|||
| developer = [[Microsoft]] |
|||
| released = {{start date and age|2005|01|13|df=yes}} |
|||
| latest release version = 5.130 |
|||
| latest release date = {{start date and age|2024|11|12|df=yes}}<ref name="ms-web-download">{{Cite web |
|||
|url=https://www.microsoft.com/en-us/download/details.aspx?id=9905 |
|||
|title = Windows Malicious Software Removal Tool 64-bit |
|||
|website = microsoft.com |
|||
|publisher = [[Microsoft]] |
|||
|access-date = 2024-01-11 |
|||
}}</ref> |
|||
| operating system = [[Windows 7]] and later |
|||
| platform = |
|||
| size = 65.8 [[Megabyte|MB]] |
|||
| language = English, Portuguese, Arabic, Chinese, Czech, Danish, Dutch, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Spanish, Swedish and Turkish |
|||
| genre = [[Anti-virus|On-demand scanner]] |
|||
| license = [[Freeware]] |
|||
| website = {{URL|https://support.microsoft.com/en-us/help/890830/}} |
|||
}} |
|||
'''Microsoft Windows Malicious Software Removal Tool''' ('''MSRT''') is a [[freeware]] [[anti-virus|second-opinion malware scanner]] that [[Microsoft]]'s [[Windows Update]] downloads and runs on [[Windows]] computers each month, independent of the installed antivirus software. First released on January 13, 2005,<ref name="MSRT microsoft report" /> MSRT does not offer [[anti-virus#Real-time protection|real-time protection]]. It scans its host computer for specific, widespread [[malware]], and tries to eliminate the infection. Outside its monthly deployment schedule, it can be separately downloaded from Microsoft.<ref name="ms-web-support1">{{cite web |
|||
In a report released by Microsoft in June 2006,<ref name="report">{{Cite web|url=http://go.microsoft.com/fwlink/?linkid=67998|title=The Windows Malicious Software Removal Tool: Progress Made, Trends Observed|accessdate=2006-07-05|publisher=Microsoft|year=2006}}</ref> the company claimed that the tool has removed 16 million instances of malicious software from 5.7 million of 270 million total unique Windows computers since its release in January 2005. The report also states that, on average, the Windows Malicious Software Removal Tool removes malicious software from 1 in every 313 computers it runs on. |
|||
|url=http://support.microsoft.com/kb/890830 |
|||
|title=Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830) |
|||
|work=Support |
|||
|publisher=Microsoft |
|||
|date=8 December 2009 |
|||
}}</ref><ref name="ms-web-download" /><ref>{{cite web |
|||
|url = http://www.windowsitpro.com/Article/ArticleID/45410/45410.html |
|||
|title = What's the Microsoft Windows Malicious Software Removal Tool? |
|||
|website = Windows IT Pro |
|||
|year = 2005 |
|||
|first = John |
|||
|last = Savill |
|||
|url-status = dead |
|||
|archiveurl = https://web.archive.org/web/20170511181730/http://windowsitpro.com/windows/q-whats-microsoft-windows-malicious-software-removal-tool |
|||
|archivedate = 2017-05-11 |
|||
}}</ref> |
|||
== Availability == |
|||
It is interesting to note that, in order for Microsoft to have these statistics, the Windows Malicious Software Removal Tool must report back to Microsoft about its actions. It does this without users' knowledge or permission. |
|||
Since its January 13, 2005,<ref name="MSRT microsoft report">{{cite web |
|||
|url=http://www.microsoft.com/en-us/download/details.aspx?id=14591 |
|||
|title=Windows Malicious Software Removal Tool: Progress Made, Trends Observed |
|||
|accessdate=10 March 2010 |
|||
|quote=Microsoft delivered the first version of the MSRT on January 13, 2005 in 24 languages to users of Windows 2000, Windows XP, and Windows Server 2003 computers. |
|||
|publisher=Microsoft}}</ref> Microsoft releases the updated tool every second Tuesday of every month (commonly called "[[Patch Tuesday]]") through Windows Update, at which point it runs once automatically in the background and reports if malicious software is found. The tool is also available as a standalone download.<ref name="ms-web-download" /> |
|||
Since support for [[Windows 2000]] ended on July 13, 2010, Microsoft stopped distributing the tool to Windows 2000 users via Windows Update. The last version of the tool that could run on Windows 2000 was 4.20, released on May 14, 2013. Starting with version 5.1, released on June 11, 2013, support for Windows 2000 was dropped altogether. Although [[Windows XP]] support ended on April 8, 2014, updates for the Windows XP version of the Malicious Software Removal Tool would be provided until August, 2016; version 5.39. The latest version of MSRT for [[Windows Vista]] is 5.47, released on 11 April 2017. |
|||
Despite Microsoft ending general support for the [[Windows 7]] operating system in 2020, updates are still provided to Windows 7 users via the standard Windows Update delivery mechanism.<ref name="ms-web-support1" /> |
|||
== Operation == |
|||
MSRT does not install a [[Shortcut (computing)|shortcut]] in the Start menu. Hence, users must manually execute <code>%windir%\System32\MRT.exe</code>. The tool records its results in a log file located at <code>%windir%\debug\mrt.log</code>.<ref name="ms-web-support1" /> |
|||
The tool reports anonymized data about any detected infections to Microsoft.<ref name="ms-web-support1" /> MSRT's [[EULA]] discloses this reporting behavior and explains how to disable it.<ref>{{cite web |
|||
|url=http://support.microsoft.com/kb/891716 |
|||
|title=Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment |
|||
|website=Support |
|||
|publisher=Microsoft |
|||
|date=8 December 2009 |
|||
|accessdate=22 December 2009 |
|||
|quote=Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft? A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers [~snip~]}}</ref> |
|||
== Impact == |
|||
In a June 2006 Microsoft report,<ref name="MSRT microsoft report" /> the company claimed that the tool had removed 16 million instances of malicious software from 5.7 million of 270 million total unique Windows computers since its release in January 2005. The report also stated that, on average, the tool removes malicious software from 1 in every 311 computers on which it runs. On May 19, 2009, Microsoft claimed that the software has removed [[Keystroke logging|password stealer]] threats from 859,842 machines.<ref>{{cite web |
|||
|url=https://arstechnica.com/microsoft/news/2009/05/microsoft-cleans-password-stealer-tools-from-859842-pcs.ars |
|||
|title=Microsoft cleans password stealer tools from 859,842 PCs |
|||
|work=[[Ars Technica]] |
|||
|publisher=[[Condé Nast]] |
|||
|first=Emil |
|||
|last=Protalinski |
|||
|date=22 May 2009}}</ref> |
|||
In August 2013, the Malicious Software Removal Tool deleted old, vulnerable versions of the [[Tor (anonymity network)|Tor]] client to end the spread of the [[Sefnit]] botnet (which mined for [[bitcoin]]s without the host owner's approval and later engaged in [[click fraud]]). Approximately two million hosts had been cleaned by October;<ref>{{cite web |
|||
|last=McHugh |
|||
|first=Molly |
|||
|url=https://www.dailydot.com/debug/tor-botnet-microsoft-malware-remove/ |
|||
|title=Microsoft's secret battle against the Tor botnet |
|||
|website=The Daily Dot |
|||
|date=2014-01-17 |
|||
|accessdate=2014-02-10 |
|||
}}</ref><ref name="Sefnit">{{cite web |
|||
|url=http://www.v3.co.uk/v3-uk/news/2297027/microsoft-uncovers-sefnit-trojan-return-after-groupon-click-fraud-scam |
|||
|title=Microsoft uncovers Sefnit Trojan return after Groupon click-fraud scam - IT News from |
|||
|website=V3.co.uk |
|||
|date=26 September 2013 |
|||
|url-status = dead |
|||
|archive-url = https://web.archive.org/web/20140807035506/http://www.v3.co.uk/v3-uk/news/2297027/microsoft-uncovers-sefnit-trojan-return-after-groupon-click-fraud-scam |
|||
|archive-date = 7 August 2014 |
|||
|first = Alastair |
|||
|last = Stevenson |
|||
}}</ref><ref>{{cite web |
|||
|url = https://blogs.technet.microsoft.com/mmpc/2014/01/09/tackling-the-sefnit-botnet-tor-hazard/ |
|||
|title = Tackling the Sefnit botnet Tor hazard |
|||
|website = Microsoft Malware Protection Center Threat Research & Response Blog |
|||
|publisher = [[Microsoft]] |
|||
|date = 9 January 2014 |
|||
|archive-url = https://web.archive.org/web/20160308062408/https://blogs.technet.microsoft.com/mmpc/2014/01/09/tackling-the-sefnit-botnet-tor-hazard/ |
|||
|url-status = dead |
|||
|archive-date = 8 March 2016 |
|||
}}</ref> although this was slightly less than half of the estimated infections, the rest of the suspected machines presumably did not have their automatic Windows Updates enabled or manually run.<ref name="Sefnit" /> |
|||
==References== |
==References== |
||
{{reflist}} |
|||
<references/> |
|||
==Further reading== |
|||
{{refbegin}} |
|||
* {{cite web |
|||
|url = http://blogs.computerworld.com/what_you_dont_know_about_the_windows_malicious_software_removal_tool |
|||
|title = What you don't know about the Windows Malicious Software Removal Tool |
|||
|work = Computerworld Blogs |
|||
|publisher = Computerworld Inc |
|||
|date = 6 February 2009 |
|||
|accessdate = 13 July 2011 |
|||
|first = Michael |
|||
|last = Horowitz |
|||
|url-status = dead |
|||
|archiveurl = https://web.archive.org/web/20110718182734/http://blogs.computerworld.com/what_you_dont_know_about_the_windows_malicious_software_removal_tool |
|||
|archivedate = 18 July 2011 |
|||
}} |
|||
{{refend}} |
|||
==External links== |
==External links== |
||
* {{Official website}} |
|||
* [http://www.microsoft.com/security/malwareremove/default.mspx Windows Malicious Software Removal Tool] on Microsoft.com |
|||
* [http://support.microsoft.com/kb/890830 Microsoft knowledge base article] |
|||
{{Microsoft Security Products}} |
|||
[[Category:Microsoft software]] |
[[Category:Microsoft software]] |
||
[[Category:Spyware removal]] |
[[Category:Spyware removal]] |
||
[[Category:2005 software]] |
|||
{{windows-stub}} |
|||
Latest revision as of 23:54, 12 November 2024
 | |
 | |
| Developer(s) | Microsoft |
|---|---|
| Initial release | 13 January 2005 |
| Stable release | 5.130
/ 12 November 2024[1] |
| Operating system | Windows 7 and later |
| Size | 65.8 MB |
| Available in | English, Portuguese, Arabic, Chinese, Czech, Danish, Dutch, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Spanish, Swedish and Turkish |
| Type | On-demand scanner |
| License | Freeware |
| Website | support |
Microsoft Windows Malicious Software Removal Tool (MSRT) is a freeware second-opinion malware scanner that Microsoft's Windows Update downloads and runs on Windows computers each month, independent of the installed antivirus software. First released on January 13, 2005,[2] MSRT does not offer real-time protection. It scans its host computer for specific, widespread malware, and tries to eliminate the infection. Outside its monthly deployment schedule, it can be separately downloaded from Microsoft.[3][1][4]
Availability
[edit]Since its January 13, 2005,[2] Microsoft releases the updated tool every second Tuesday of every month (commonly called "Patch Tuesday") through Windows Update, at which point it runs once automatically in the background and reports if malicious software is found. The tool is also available as a standalone download.[1]
Since support for Windows 2000 ended on July 13, 2010, Microsoft stopped distributing the tool to Windows 2000 users via Windows Update. The last version of the tool that could run on Windows 2000 was 4.20, released on May 14, 2013. Starting with version 5.1, released on June 11, 2013, support for Windows 2000 was dropped altogether. Although Windows XP support ended on April 8, 2014, updates for the Windows XP version of the Malicious Software Removal Tool would be provided until August, 2016; version 5.39. The latest version of MSRT for Windows Vista is 5.47, released on 11 April 2017.
Despite Microsoft ending general support for the Windows 7 operating system in 2020, updates are still provided to Windows 7 users via the standard Windows Update delivery mechanism.[3]
Operation
[edit]MSRT does not install a shortcut in the Start menu. Hence, users must manually execute %windir%\System32\MRT.exe. The tool records its results in a log file located at %windir%\debug\mrt.log.[3]
The tool reports anonymized data about any detected infections to Microsoft.[3] MSRT's EULA discloses this reporting behavior and explains how to disable it.[5]
Impact
[edit]In a June 2006 Microsoft report,[2] the company claimed that the tool had removed 16 million instances of malicious software from 5.7 million of 270 million total unique Windows computers since its release in January 2005. The report also stated that, on average, the tool removes malicious software from 1 in every 311 computers on which it runs. On May 19, 2009, Microsoft claimed that the software has removed password stealer threats from 859,842 machines.[6]
In August 2013, the Malicious Software Removal Tool deleted old, vulnerable versions of the Tor client to end the spread of the Sefnit botnet (which mined for bitcoins without the host owner's approval and later engaged in click fraud). Approximately two million hosts had been cleaned by October;[7][8][9] although this was slightly less than half of the estimated infections, the rest of the suspected machines presumably did not have their automatic Windows Updates enabled or manually run.[8]
References
[edit]- ^ a b c "Windows Malicious Software Removal Tool 64-bit". microsoft.com. Microsoft. Retrieved 2024-01-11.
- ^ a b c "Windows Malicious Software Removal Tool: Progress Made, Trends Observed". Microsoft. Retrieved 10 March 2010.
Microsoft delivered the first version of the MSRT on January 13, 2005 in 24 languages to users of Windows 2000, Windows XP, and Windows Server 2003 computers.
- ^ a b c d "Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830)". Support. Microsoft. 8 December 2009.
- ^ Savill, John (2005). "What's the Microsoft Windows Malicious Software Removal Tool?". Windows IT Pro. Archived from the original on 2017-05-11.
- ^ "Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment". Support. Microsoft. 8 December 2009. Retrieved 22 December 2009.
Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft? A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers [~snip~]
- ^ Protalinski, Emil (22 May 2009). "Microsoft cleans password stealer tools from 859,842 PCs". Ars Technica. Condé Nast.
- ^ McHugh, Molly (2014-01-17). "Microsoft's secret battle against the Tor botnet". The Daily Dot. Retrieved 2014-02-10.
- ^ a b Stevenson, Alastair (26 September 2013). "Microsoft uncovers Sefnit Trojan return after Groupon click-fraud scam - IT News from". V3.co.uk. Archived from the original on 7 August 2014.
- ^ "Tackling the Sefnit botnet Tor hazard". Microsoft Malware Protection Center Threat Research & Response Blog. Microsoft. 9 January 2014. Archived from the original on 8 March 2016.
Further reading
[edit]- Horowitz, Michael (6 February 2009). "What you don't know about the Windows Malicious Software Removal Tool". Computerworld Blogs. Computerworld Inc. Archived from the original on 18 July 2011. Retrieved 13 July 2011.
