Run A Deep Scan For Malicious Software


Malicious Software Removal ToolIf you ever pay attention to the notices that your PC displays when it's installing updates, you may have noticed references to something called the Malicious Software Removal Tool. This has been part of Windows since Vista, and is designed to detect some of the most well-known instances of malware.

Windows automatically runs the tool regularly on your PC, quietly in the background. Normally you won't notice anything, but you'll get a warning notice if it finds anything suspicious in order that you can take further action.

Although the tool is useful, it doesn't always provide as much protection as it could. You'll only see the warnings about possible malware if you log in as an administrator, and not everyone does that. Also, the tool needs to be updated every month and Windows won't warn you if this fails to happen correctly.

Most crucially, the tool only runs a "quick scan" when it runs automatically in the background. Although it is also capable of running a much longer in-depth scan, this doesn't happen by default.

If you like to ensure that your PC is free of malware, it's a good idea to run the Malicious Software Removal Tool manually on occasion, instead of relying on Windows to take care of things. Running it manually has 2 main advantages. Firstly, it allows you to verify that the tool is up to date. Secondly, you can opt for a full in-depth scan, which will help to detect any hidden malware that has previously been undetected.

To run the tool, use the Windows search box to look for MRT (yes, it's MRT rather than MSRT). Run the command when it appears in the search results. You'll then see a screen from which you can both verify the date it was last updated, and perform an in-depth scan.

Please rate this article: 

Your rating: None
Average: 4.4 (61 votes)


Ran MBAM in safe mode - nothing found. Unable to run Avast in safe mode. Ran Kaspersky Rescue Disk - nothing found. Giving up with MRT - waste of time. Thanks for all the advice and comments.

Started the scan at 08:35 and it finished at 21:21 - the last active window I saw had a count of 101 infected files - but the finished scan window said 'no infections found'. The MRT log (which has daily entries going back to 23rd September) all had return codes of 0 - which I guess means that no infections were found, and the last entry (today's date) says 'no infection found'. Now running a Malwarebytes scan - will report back when finished.

You are doing these scans in safe mode without network support ? That's the important part or they might come back. If malewarebytes finds nothing in safe mode without network support your ok ignore the Microsoft tool all together. If maleware bytes is finding things in this process better get to a store with a good tech for removal of these issues.
Good luck Bob

Thanks for the heads-up - I'll try it over the weekend.

Malwarebytes found one PUP - now running Avast.

Avast scan finished - nothing found (apart from a few CRCs and some files which were open and could not be scanned).

This is all very mystifying. I rebooted the laptop and ran another scan - no infected files found. I rebooted the desktop and am in the middle of rescanning it - at the moment the window is showing 97 infected files (and is still running). I'll post back when the deskstop scan has finished.

snowbound999 Your point is taken , this tool is looking for PUPS and maleware more then viruses and as you noted it does run auto , I personally feel it is more a tool for novices with simple systems . It is expecting to be downloaded as an update run , remove problems and then more or less uninstall itself with little user interface. I can see intermediate and advanced users not liking this too much . My own experience with this tool is it never finds anything as I was a tech and run scans to train myself regularly ( at least I used to ) but I still think fireball needs to do something with the results he had as the levels he had were high . Do you agree?

Slightly confused........ I ran this on a Windows 10 laptop and a Windows 10 desktop. The laptop reported 1 file infection and the desktop reported 97 file infections - but both finished with 'no infection found' (or a message similar to that). Do the infections get automatically cleaned?

This tool finds the infection and automatically removes it . It doesn't ask for permission to keep it simple for beginners . If it found 97 files on the desktop I would be concerned . Get into safe mode ( ask google how or ask a friend) then run this tool again or malewarebytes in safe mode until you get no negative results .

I did a extensive scan on a Windows7 computer here yesterday. After running for 10.5 hours and with the progress bar only 1/6 way across the screen I cancelled the scan. This was after it purportedly found 16 infected files. I say purportedly because cancelling it brought up a screen showing it found none of the infections that the utility scans for.

I then did a quick scan and it again found infected files and this time it completed and again showed the same result screen showing 0 infections found.

The page for MFT indicates:
"If malicious software has modified (infected) files on your computer, the tool prompts you to remove the malicious software from those files. If the malicious software modified your browser settings, your homepage may be changed automatically to a page that gives you directions on how to restore these settings."

The app itself also says "the tool will provide you with a report of the malicious that was detected and removed"

"After the tool runs, there are four main results that the removal tool can report to the user:

No infection was found.
At least one infection was found and was removed.
An infection was found but was not removed. This result will be displayed if suspicious files were found on the computer. To help remove these files, you should use an up-to-date antivirus product.
An infection was found and was partially removed. To complete this removal, you should use an up-to-date antivirus product. "

In neither of the scans did I see any sort of report other than it saying 0 infections. I regularly scan this computer with MBAM.

If this application is indeed deleting files without actually telling the enduser what it is deleting it can lead to issues. I regularly use utils from SysInternals and Nirsoft which some scanners flag .

Why is it that the progress bar is totally useless in this app? A progress should indicate how much more is left to do for the process at hand. It should not go all the way over to the right hand side of the bar and start all over again and repeat this animation over and over again!

I found the MRT.LOG file on my Windows 7 box in C:\Windows\debug and lo and behold it shows 0 infections in all of its scans over the last 24 hours a terminated long scan followed by a quick scan even though both of them indicated during the scanning process that there were 16 infected files or so. Today I ran a quick scan and it said 0 infections found.

Information on how to run this tool and what it does can be found here. MC - Site Manager. if you cannot find in Windows.