Unlocking the Malicious Software Removal Tool

Last Updated on September 7, 2016 by Dave Farquhar

When Microsoft’s monthly security patches come down, if you’ve ever clicked on the button to see what it’s installing, you may have noticed the Malicious Software Removal Tool.

If you’re wondering, it’s a rudimentary antimalware tool that removes selected vermin from your system. It doesn’t remove all known malware. And I don’t know exactly how Microsoft decides what to remove and when. But given the number of people who don’t run any kind of antimalware software, it probably seemed like a good idea when they rolled it out in 2005. And in the first 15 months they pushed the tool out with the monthly patches, it removed 16 million instances of malicious software. Not bad.

The tool has some power that you can unlock that normally isn’t exercised when you do your monthly updates.

Note: In a corporate environment, you may not get the Malicious Software Tool automatically if you’re managing Windows updates yourself. Microsoft has instructions for deploying it to your enterprise.

Malicious Software Removal Tool
This little-known tool gives you an extra layer of malware protection you probably didn’t know you had.

To run it manually, go to Start, Run, and type MRT and hit OK. If you want, create a shortcut to it, you can do that too. Just right-click on your desktop, select New -> Shortcut, type mrt, click Next, then Finish. Now you can run it on demand. And you can drag the shortcut to your start menu if you want.

If you want to know what it’s done in the past, just open its log, which will usually be at c:\windows\debug\mrt.log. You can create a shortcut to it, too, if you want.

When you run it manually, you get a user interface that allows you to do a quick scan (the default), a full scan, or scan a specific directory.

I need to stress that this is no substitute for regular antivirus/antimalware software. It’s just extra insurance, since nothing catches everything. Extra insurance is a good thing.

There have been a couple of cases where a friend called me because something had taken over their system. I had them unplug from the network and boot into safe mode. I had them run mrt.exe, and use another computer to download McAfee’s Stinger tool and then run that. The tandem cleaned the system up enough that he was able to get regular antivirus software up and running again.

If a system is really sick, my infamous “free reign” post is a better first step. But you can never have too many tools in your toolbox, right?

Frankly, if I was really concerned about a system, I’d set up a scheduled task that runs mrt.exe /f /q to force a quiet, full scan. I’d run it on a fairly regular basis. Perhaps weekly, maybe even daily, depending on the person’s level of talent. That’s a partial remedy for people who use file sharing services too much.

And for your own personal use, you can create a shortcut containing mrt.exe /f /q and drag that into your startup folder. That forces the Malicious Software Removal Tool to do a full scan every time you boot. It’s much more thorough than the default quick scan that happens every month when you install your patches.

If you found this post informative or helpful, please share it!