Use this tool to find and remove specific prevalent threats and reverse the changes they have made see covered threats. For comprehensive malware detection and removal, consider using Microsoft Safety Scanner.
This tool works in a complementary manner with existing antimalware solutions and can be used on most current Windows versions see Properties section. The information contained in this article is specific to the enterprise deployment of the tool. We recommend that you review the following knowledge base article for more information about the tool:.
The following files are available for download from the Microsoft Download Center:. Download the x86 MSRT package now. Download the x64 MSRT package now. The tool can be deployed in an enterprise environment to enhance existing protection and as part of a defense-in-depth strategy. To deploy the tool in an enterprise environment, you can use one or more of the following methods:.
The current version of this tool does not support the following deployment technologies and techniques:. This article includes information about how you can verify execution of the tool as part of deployment. The script and the steps that are provided here are meant to be only samples and examples.
Customers must test these sample scripts and example scenarios and modify them appropriately to work in their environment. You must change the ServerName and the ShareName according to the setup in your environment. The following code sample does the following things:. Prefixes the log the file name by using the name of the computer from which the tool is run and the user name of the current user Note You must set appropriate permissions on the share according to the instructions in the Initial setup and configuration section.
Note In this code sample, ServerName is a placeholder for the name of your server, and ShareName is a placeholder for the name of your share. This section is intended for administrators who are using a startup script or a logon script to deploy this tool. If you are using SMS, you can continue to the "Deployment methods" section. To configure the server and the share, follow these steps:. Set up a share on a member server. Then name the share ShareName.
Copy the tool and the sample script, RunMRT. See the Code sample section for details. Add the domain user account for the user who is managing this share, and then click Full Control. If you use the computer startup script method, add the Domain Computers group together with Change and Read permissions.
If you use the logon script method, add the Authenticated Users group together with Change and Read permissions. Remove the Everyone group if it is in the list. Note If you receive an error message when you remove the Everyone group, click Advanced on the Security tab, and then click to clear the Allow inheritable permissions from parent to propagate to this object check box.
Under the ShareName folder, create a folder that is named "Logs. Note Do not change the Share permissions in this step. Note To run this tool, you must have Administrator permissions or System permissions, regardless of the deployment option that you choose. The following example provides step-by-step instructions for using SMS The steps for using SMS 2. Create a. The following is an example.
For more information about Ismif Right-click the Packages node, click New , and then click Package. The Package Properties dialog box is displayed. On the Data Source tab, click to select the This package contains source files check box. Click Set , and then choose a source directory that contains the tool. On the Distribution Settings tab, set the Sending priority to High.
Version and Publisher are optional. In the SMS console, locate the new package under the Packages node. Expand the package. Right-click Programs , point to New , and then click Program. At the Command line , click Browse to select the batch file that you created to start Mrt.
Change Run to Hidden. A In some cases, when specific viruses are found on a system, the cleaner tool tries to repair infected Windows system files. Although this action removes the malicious software from these files, it may also trigger the Windows File Protection feature.
If you see the Windows File Protection window, we strongly recommend that you follow the directions and insert your Microsoft Windows CD. This will restore the cleaned files to their original, pre-infection state.
A The tool does use a file that is named Mrtstub. If you verify that the file is signed by Microsoft, the file is a legitimate component of the tool. Double-click the Mrt. Windows More The MSRT differs from an antivirus product in three important ways: The tool removes malicious software from an already-infected computer.
Malicious software family Tool version date and number Caspetlod July V 5. A April V 5. A October 5. ARXep June 5. ARXbxep June 5. A March 4. AT November 3. AU August 3. C August 3. B August 3. A August 3. B August 1. A August 1. MC August A 1. MB August A 1. MA August A 1. A August A 1. O August A 1. E August A 1. D August A 1. C August A 1. B August A 1.
A1: Yes. Q4: How do I know that I'm using the latest version of the tool? Q5: Will the Microsoft Knowledge Base article number of the tool change with each new version? Q6: Is there any way I can request that new malicious software be targeted in the tool?
Q7: Can I determine whether the tool has been run on a computer? A8: Several scenarios may prevent you from seeing the tool on Microsoft Update, Windows Update, or Automatic Updates: If you have already run the current version of the tool from Windows Update, Microsoft Update, Automatic Updates, or from either of the other two release mechanisms, it will not be reoffered on Windows Update or Automatic Updates.
A9: The tool is offered to all supported Windows and Windows Server versions that are listed in the "Summary" section if the following conditions are true: The users are running the latest version of Windows Update or Windows Update Automatic Updates.
The users have not already run the current version of the tool. Q When I look in the log file, it tells me that errors were found during the scan. How do I resolve the errors? Q Will you rerelease the tool even if there are no new security bulletins for a particular month? Can I rerun the tool? Q Does running this tool require any security updates to be installed on the computer? Is it compatible with MBSA? A Yes, the tool is available in 24 languages.
Q I found the Mrtstub. Is the Mrtstub. Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions. Too technical. Not enough information. Not enough pictures. Any additional feedback? Submit feedback. Thank you for your feedback!
In the left pane, click Change settings. Specific prevalent malicious software is a small subset of all the malicious software that exists today. The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running on the computer. The tool cannot remove malicious software that is not running. However, an antivirus product can perform this task. The Malicious Software Removal Tool runs in quiet mode in the background.
If it detects malicious software on your computer, the next time that you log on to your computer as a computer administrator, a balloon will appear in the notification area to make you aware of the detection. If the tool finds malicious software, you may be prompted to perform a full scan. We recommend that you perform this scan. A full scan performs a quick scan and then a full scan of the computer, regardless of whether malicious software is found during the quick scan.
This scan can take several hours to complete because it will scan all fixed and removable drives. However, mapped network drives are not scanned. If malicious software has modified infected files on your computer, the tool prompts you to remove the malicious software from those files.
If the malicious software modified your browser settings, your homepage may be changed automatically to a page that gives you directions on how to restore these settings. You can clean specific files or all the infected files that the tool finds. Be aware that some data loss is possible during this process.
Also, be aware that the tool may be unable to restore some files to the original, pre-infection state. The removal tool may request that you restart your computer to complete the removal of some malicious software, or it may prompt you to perform manual steps to complete the removal of the malicious software.
0コメント