Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Using Malicious Software Removal Tool (MRT.exe) on Windows

April 15, 2021 Windows 10Windows 7Windows 8Windows Server 2016

Using Malicious Software Removal Tool (MRT.exe) on Windows

If you check what updates are installed on your computer through Windows Update every month, you may have noted the critical update KB890830 (Windows Malicious Software Removal Tool). This update contains the latest version of Windows Malicious Software Removal Tool (MSRT) by Microsoft. This tool can scan and clean your computer for viruses, trojans, worms and other malware. MSRT is available for all supported Windows versions (including Windows 7 which is currently not supported).

Microsoft Windows Malicious Software Removal Tool is not an antivirus and doesn’t protect your computer in real time from all threats. The scope of the tool is to quickly scan a computer for a limited number of the most dangerous malware and threats (in Microsoft opinion) and to remove them.

windows update KB890830 - Windows Malicious Software Removal Tool x64

You can install/update MSRT automatically via Windows Update, or manually download and install the Windows Malicious Software Removal Tool (KB890830) from the Microsoft update catalog (https://www.catalog.update.microsoft.com/Search.aspx?q=KB890830).

Since May 2020, the MSRT update is released once in three months (previously it was monthly).

To use the Windows Malicious Software Removal Tool, run this command:

mrt.exe

3 scan types are available:

  • Quick scan – a quick scan of memory and system files that may be infected the most often. If a virus or a trojan is detected, the tool will offer to perform a full scan;
  • Full scan – a full device scan (it may take up to several hours depending on the number of files on a disk);
  • Customized scan – in this mode you can specify a folder to be scanned.

select type of scan in mrt.exe

Select the scan type you want and wait till the scan is over.

scan the computer for malware with Windows Malicious Software Removal Tool

If no infected files are found, the tool will show the message “No malicious software was detected”. If you click “View detailed results of the scan,” the list of malware which signatures have been looked for will be shown and scan status for each of them.

If any malware has been found, the tool shows one of the following statuses:

  • At least one infection was found and removed;
  • Malicious software was found, but it was not removed. This message is displayed if suspicious files were detected on a computer. To remove them, you should use an antivirus app;
  • Malicious software was detected and partially removed. To remove it completely, you should use an antivirus.

mrt.exe No malicious software was detected

MSRT saves a detailed scan log to the file: %WinDir%\Debug\mrt.log.

Microsoft Windows Malicious Software Removal Tool v5.88, (build 5.88.18031.1)
Started On Wed Apr 14 09:14:53 2021
Engine: 1.1.17900.7
Signatures: 1.333.1197.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update
Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 14 09:20:49 2021
Return code: 0 (0x0)

Malicious Software Removal Tool log - Successfully Submitted Heartbeat Report

Note the last line of the log (Heartbeat Report). As you can see, Malicious Software Removal Tool sends a report to Microsoft (MSFT says it is anonymous). You can disable sending scan reports to Microsoft through the registry. Create a REG_DWORD parameter with the name DontReportInfectionInformation and value 1 under the reg key HKLM\SOFTWARE\Policies\Microsoft\MRT.

reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f

If you want to disable the automatic download and installation of the Malicious Software Removal Tool via Windows Update, run this command:

reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f

MRT.exe has several command line options you can use to scan computers in a corporate network (using SCCM, GPO or similar tools).

Windows Malicious Software Removal Too command line options

  • /Q – to run the tool in quiet mode (in the background without the graphic interface)
  • /N – to enable the detection mode (the tool only scans for malicious software without removing)
  • /F – to start a full computer scan
  • /F:Y – to start a full scan of a computer and remove infected files automatically
Microsoft offers some Windows Malicious Software Removal Tool deployment and use scenarios in an enterprise networks (https://support.microsoft.com/en-us/help/891716/deploy-windows-malicious-software-removal-tool-in-an-enterprise-enviro).

To automatically scan the computer, a special MRT_HB task in the Task Scheduler is used (Task Scheduler Library -> Microsoft -> Windows -> RemovalTools).

MRT_HB task in Task Sheduler to scan the computer for malware

The task runs mrt.exe with /EHB /Q (it is interesting that /EHB options are not described in the official documentation, there is no mention about them in the help).

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Clean Up Large System Volume Information Folder on Windows?
next post
How to Run Windows File Explorer Elevated (as Administrator)?

Related Reading

Configure User’s Folder Redirection with Group Policy

February 3, 2023

Disable Built-in PDF Viewer in Microsoft Edge

February 3, 2023

Join a Windows Computer to an Active Directory...

February 2, 2023

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configure User’s Folder Redirection with Group Policy

    February 3, 2023
  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Allow Multiple RDP Sessions in Windows 10 and 11?
  • How to Repair EFI/GPT Bootloader on Windows 10 or 11?
  • How to Restore Deleted EFI System Partition in Windows?
  • Network Computers are not Showing Up in Windows 10/11
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • How to Create a Wi-Fi Hotspot on your Windows PC?
  • Updating List of Trusted Root Certificates in Windows
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top