Which windows utility program lists errors and issues that need attention?
The Windows Malicious Software Removal Tool (MSRT) helps remove malicious software from computers that are running any of the following operating systems: Show
Microsoft releases the MSRT on a monthly cadence as part of Windows Update or as a standalone tool. Use this tool to find and remove specific prevalent threats and reverse the changes they have made (see covered malware families). For comprehensive malware detection and removal, consider using Windows Defender Offline or Microsoft Safety Scanner. Notes:
More informationHow the MSRT differs from an antivirus productThe MSRT does not replace an antivirus product. It is strictly a post-infection removal tool. Therefore, we strongly recommend that you install and use an up-to-date antivirus product.
For more information about how to protect your computer, go to the Microsoft Safety & Security Center website. You do not have to disable or remove your antivirus program when you install the MSRT. However, if prevalent, malicious software has infected your computer, the antivirus program may detect this malicious software and may prevent the removal tool from removing it when the removal tool runs. In this case, you can use your antivirus program to remove the malicious software. How to download and run the MSRTNote: Starting November 2019, MSRT will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to run MSRT. To learn more, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. The easiest way to download and run the MSRT is to turn on Automatic Updates. Turning on Automatic Updates guarantees that you receive the tool automatically. If you have Automatic Updates turned on, you have already been receiving new versions of this tool. The tool runs in Quiet mode unless it finds an infection. If you have not been notified of an infection, no malicious software has been found that requires your attention. Enabling automatic updatesTo turn on Automatic Updates yourself, follow the steps in the following table for the operating system that your computer is running. If your computer is running: Follow these steps: Windows 10
Note Windows 10 is a service. This means that automatic updates are turned on by default and your PC always has the latest and best features. Windows 8.1
Windows 7
Download the MSRT. You must accept the Microsoft Software License Terms. The license terms are only displayed for the first time that you access Automatic Updates. Note After you accept the one-time license terms, you can receive future versions of the MSRT without being logged on to the computer as an administrator. When the MSRT detects malicious softwareThe MSRT runs in Quiet mode. If it detects malicious software on your computer, the next time that you log on to your computer as a computer administrator, a balloon appears in the notification area to make you aware of the detection. Performing a full scanIf the tool finds malicious software, you may be prompted to perform a full scan. We recommend that you perform this scan. A full scan performs a quick scan and then a full scan of the computer, regardless of whether malicious software is found during the quick scan. This scan can take several hours to complete because it will scan all fixed and removable drives. However, mapped network drives are not scanned. Removing malicious filesIf malicious software has modified (infected) files on your computer, the tool prompts you to remove the malicious software from those files. If the malicious software modified your browser settings, your homepage may be changed automatically to a page that gives you directions on how to restore these settings. Reporting infection information to Microsoft The MSRT sends basic information to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence. No identifiable personal information that is related to you or to the computer is sent together with this report. How to remove the MSRTThe MSRT does not use an installer. Typically, when you run the MSRT, it creates a randomly named temporary directory on the root drive of the computer. This directory contains several files, and it includes the Mrtstub.exe file. Most of the time, this folder is automatically deleted after the tool finishes running or after the next time that you start the computer. However, this folder may not always be automatically deleted. In these cases, you can manually delete this folder, and this has no adverse effect on the computer. How to receive supportHelp protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Help installing updates: Support for Microsoft Update Local support according to your country: International Support. Microsoft Download CenterNote: Starting November 2019, MSRT will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to run MSRT. To learn more, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. You can manually download the MSRT from the Microsoft Download Center. The following files are available for download from the Microsoft Download Center: For 64-bit x64-based systems: Download the x64 MSRT package now.Release Date: December 13, 2022. For more information about how to download Microsoft support files, see How to obtain Microsoft support files from online services. Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file. Deploying the MSRT in an enterprise environmentIf you are an IT administrator who wants more information about how to deploy the tool in an enterprise environment, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. This article includes information about Microsoft Systems Management Server (SMS), Microsoft Software Update Services (MSUS), and Microsoft Baseline Security Analyzer (MBSA). Except where noted, the information in this section applies to all the ways that you can download and run the MSRT:
To run the MSRT, the following conditions are required:
Support for command-line switchesThe MSRT supports the following command line switches. Switch Purpose /Q or /quiet Uses quiet mode. This option suppresses the user interface of the tool. /? Displays a dialog box that lists the command-line switches. /N Runs in detect-only mode. In this mode, malicious software will be reported to the user, but it will not be removed. /F Forces an extended scan of the computer. /F:Y Forces an extended scan of the computer and automatically cleans any infections that are found. Usage and release informationWhen you download the tool from Microsoft Update or from Automatic Updates, and no malicious software is detected on the computer, the tool will run in quiet mode next time. If malicious software is detected on the computer, the next time that an administrator logs on to the computer, a balloon will appear in the notification area to notify you of the detection. For more information about the detection, click the balloon. Release informationThe MSRT is released on the second Tuesday of each month. Each release of the tool helps detect and remove current, prevalent malicious software. This malicious software includes viruses, worms, and Trojan horses. Microsoft uses several metrics to determine the prevalence of a malicious software family and the damage that can be associated with it. This Microsoft Knowledge Base article will be updated with information for each release so that the number of the relevant article remains the same. The name of the file will be changed to reflect the tool version. For example, the file name of the February 2020 version is Windows-KB890830-V5.80.exe, and the file name of the May 2020 version is Windows-KB890830-V5.82-ENU.exe. Covered malware familiesMalicious software family Tool version date and number Backdoor:Win32/RewriteHttp.A November 2022 (v 5.107) Backdoor:APS/Webshell.Y November 2022 (v 5.107) Backdoor:JS/SimChocexShell.A!dha November 2022 (v 5.107) Trojan:Win32/Dopdekaf.A September 2022 (v 5.105) SiennaPurple September 2022 (v 5.105) SiennaBlue September 2022 (v 5.105) Cryptpu July 2022 (v 5.103) CreepyBox July 2022 (v 5.103) CreepyRing July 2022 (v 5.103) BassBreaker July 2022 (v 5.103) Pterodo May 2022 (v 5.101) Decimec April 2022 (v 5.100) SonicVote April 2022 (v 5.100) FoxBlade April 2022 (v 5.100) DesertBlade April 2022 (v 5.100) WhisperGate April 2022 (v 5.100) LasainWpr April 2022 (v 5.100) DynamicOverload April 2022 (v 5.100) Misplice April 2022 (v 5.100) Dizzyvoid April 2022 (v 5.100) Win32/DinoTrain March 2022 (V5.99) Trojan:MSIL/QuietSieve March 2022 (V5.99) Win32/DilongTrash March 2022 (V5.99) Win32/PterodoGen March 2022 (V5.99) VBS/ObfuMerry March 2022 (V5.99) TrojanDropper:Win32/SiBrov.A. February 2022 (V 5.98) Caspetlod July 2021 (V 5.91) CobaltStrike July 2021 (V 5.91) CobaltStrikeLoader July 2021 (V 5.91) TurtleLoader July 2021 (V 5.91) TurtleSimple July 2021 (V 5.91) Kwampirs April 2021 (V 5.88) SiBot April 2021 (V 5.88) GoldMax April 2021 (V 5.88) GoldFinder April 2021 (V 5.88) Exmann April 2021 (V 5.88) Chopper April 2021 (V 5.88) DoejoCrypt April 2021 (V 5.88) SecChecker April 2021 (V 5.88) Trojan:Win32/CalypsoDropper.A!ibt April 2021 (V 5.88) Trojan:Win32/ShadowPad.A!ibt April 2021 (V 5.88) Webshell April 2021 (V 5.88) TwoFaceVar April 2021 (V 5.88) Exploit:Script/SSNewman.A!dha April 2021 (V 5.88) Exploit:Script/SSNewman.C!dha April 2021 (V 5.88) CVE-2021-27065 April 2021 (V 5.88) CVE-2021-26855 April 2021 (V 5.88) CVE-2021-16855 April 2021 (V 5.88) Trojan:Win32/IISExchgSpawnCMD.A April 2021 (V 5.88) Trojan:Win32/CobaltLoader.A April 2021 (V 5.88) Trojan:BAT/CobaltLauncher.A April 2021 (V 5.88) CoinMiner April 2021 (V 5.88) Trojan:PowerShell/PoshExecEnc.A April 2021 (V 5.88) MinerDom April 2021 (V 5.88) Dumroc April 2021 (V 5.88) Chopdrop April 2021 (V 5.88) Jscript.EvalASPNET April 2021 (V 5.88) Backdoor:Win32/Toksor.A April 2021 (V 5.88) Timestomp April 2021 (V 5.88) Ggey April 2021 (V 5.88) Trojan:Win64/Shamian.A!dha April 2021 (V 5.88) Trojan:Win32/Shellcloader.A April 2021 (V 5.88) VirTool:Win32/Positu.A April 2021 (V 5.88) HackTool:PowerShell/LoadHandler.A April 2021 (V 5.88) Solorigate February 2021 (V 5.86) AnchorBot January 2021 (V 5.85) AnchorDNS January 2021 (V 5.85) AnchorLoader January 2021 (V 5.85) BazaarLoader January 2021 (V 5.85) BazaLoder January 2021 (V 5.85) Bazar January 2021 (V 5.85) BazarBackdoor January 2021 (V 5.85) Bazarcrypt January 2021 (V 5.85) BazarLdr January 2021 (V 5.85) BazarldrCrypt January 2021 (V 5.85) Bazzarldr January 2021 (V 5.85) Rotaderp January 2021 (V 5.85) Rotocrypt January 2021 (V 5.85) TrickBotCrypt January 2021 (V 5.85) Vatet January 2021 (V 5.85) Zload January 2021 (V 5.85) ZLoader January 2021 (V 5.85) ZloaderCrypt January 2021 (V 5.85) ZloaderTeams January 2021 (V 5.85) ZloaderVbs January 2021 (V 5.85) Trojan.Win32/Ammyrat September 2020 (V 5.83) Cipduk September 2020 (V 5.83) Badaxis September 2020 (V 5.83) Basicape September 2020 (V 5.83) Mackler September 2020 (V 5.83) Strilix September 2020 (V 5.83) FlawedAmmyy March 2020 (5.81) Littlemetp March 2020 (5.81) Vatet January 2020 (5.79) Trilark January 2020 (5.79) Dopplepaymer January 2020 (5.79) Trickbot October 2019 (5.76) ShadowHammer May 2019 (5.72) Kryptomix April 2019 (5.71) Win32/GraceWire March 2019 (5.70) Win32/ChChes December 2018 (5.67) Win32/RedLeaves December 2018 (5.67) Win32/RedPlug December 2018 (5.67) Win32/RazerPitch December 2018 (5.67) Win32/UpperCider December 2018 (5.67) PowerShell/Wemaeye October 2018 (5.65) PowerShell/Wanascan.A October 2018 (5.65) PowerShell/Wannamine October 2018 (5.65) PowerShell/Lonit October 2018 (5.65) Win32/Plutruption!ARXep June 2018 (5.61) Win32/Plutruption!ARXbxep June 2018 (5.61) Win32/Adposhel May 2018 (5.60) Win32/CoinMiner May 2018 (5.60) PowerShell/Xurito May 2018 (5.60) Win32/Modimer April 2018 (5.59) Win64/Detrahere March 2018 (5.58) Win32/Detrahere March 2018 (5.58) Win32/Floxif December 2017 (5.55) Win32/SilverMob December 2017 (5.55) Win32/PhantomStar December 2017 (5.55) Win32/Autophyte December 2017 (5.55) Win32/FoggyBrass December 2017 (5.55) MSIL/DarkNeuron December 2017 (5.55) Win32/TangentCobra December 2017 (5.55) Win32/Wingbird November 2017 (5.54) Win32/ShadowPad October 2017 (5.53) Win32/Xeelyak October 2017 (5.53) Win32/Xiazai June 2017 (5.49) Win32/WannaCrypt May 2017 (5.48) Win32/Chuckenit February 2017 (5.45) Win32/Clodaconas December 2016 (5.43) Win32/Soctuseer November 2016 (5.42) Win32/Barlaiy November 2016 (5.42) Win32/Sasquor October 2016 (5.41) Win32/SupTab October 2016 (5.41) Win32/Ghokswa October 2016 (5.41) Win32/Xadupi September 2016 (5.40) Win32/Suweezy September 2016 (5.40) Win32/Prifou September 2016 (5.40) Win32/NightClick September 2016 (5.40) Win32/Rovnix August 2016 (5.39) Win32/Neobar August 2016 (5.39) Win32/Cerber July 2016 (5.38) Win32/Ursnif June 2016 (5.37) Win32/Locky May 2016 (5.36) Win32/Kovter May 2016 (5.36) Win32/Samas April 2016 (5.35) Win32/Bedep April 2016 (5.35) Win32/Upatre April 2016 (5.35) Win32/Vonteera March 2016 (5.34) Win32/Fynloski March 2016 (5.34) Win32/Winsec December 2015 (5.31) Win32/Drixed October 2015 (5.29) Win32/Brambul October 2015 (5.29) Win32/Escad October 2015 (5.29) Win32/Joanap October 2015 (5.29) Win32/Diplugem October 2015 (5.29) Win32/Blakamba October 2015 (5.29) Win32/Tescrypt October 2015 (5.29) Win32/Teerac September 2015 (5.28) Win32/Kasidet August 2015 (5.27) Win32/Critroni August 2015 (5.27) Win32/Vawtrak August 2015 (5.27) Win32/Crowti July 2015 (5.26) Win32/Reveton July 2015 (5.26) Win32/Enterak July 2015 (5.26) Win32/Bagopos June 2015 (5.25) Win32/BrobanDel June 2015 (5.25) Win32/OnlineGames June 2015 (5.25) Win32/Gatak June 2015 (5.25) Win32/IeEnablerCby April 2015 (5.23) Win32/Dexter April 2015 (5.23) Win32/Unskal April 2015 (5.23) Win32/Saluchtra April 2015 (5.23) Win32/CompromisedCert March 2015 (5.22) Win32/Alinaos March 2015 (5.22) Win32/NukeSped February 2015 (5.21) Win32/Jinupd February 2015 (5.21) Win32/Escad February 2015 (5.21) Win32/Dyzap January 2015 (5.20) Win32/Emotet January 2015 (5.20) Win32/Zoxpng November 2014 (5.18) Win32/Winnti November 2014 (5.18) Win32/Tofsee November 2014 (5.18) Win32/Derusbi October 2014 (5.17) Win32/Sensode October 2014 (5.17) Win32/Plugx October 2014 (5.17) Win32/Moudoor October 2014 (5.17) Win32/Mdmbot October 2014 (5.17) Win32/Hikiti October 2014 (5.17) Win32/Zemot September 2014 (5.16) Win32/Lecpetex August 2014 (5.15) Win32/Bepush July 2014 (5.14) Win32/Caphaw July 2014 (5.14) Win32/Necurs June 2014 (5.13) Win32/Filcout May 2014 (5.12) Win32/Miuref May 2014 (5.12) Win32/Kilim April 2014 (5.11) Win32/Ramdo April 2014 (5.11) MSIL/Spacekito March 2014 (5.10) Win32/Wysotot March 2014 (5.10) VBS/Jenxcus February 2014 (5.9) MSIL/Bladabindi January 2014 (5.8) Win32/Rotbrow December 2013 (5.7) Win32/Napolar November 2013 (5.6) Win32/Deminnix November 2013 (5.6) Win32/Foidan October 2013 (5.5) Win32/Shiotob October 2013 (5.5) Win32/Simda September 2013 (5.4) Win32/Tupym June 2013 (4.21) Win32/Kexqoud May 2013 (4.20) Win32/Vicenor May 2013 (4.20) Win32/fakedef May 2013 (4.20) Win32/Vesenlosow April 2013 (4.19) Win32/Redyms April 2013 (4.19) Win32/Babonock April 2013 (4.19) Win32/Wecykler March 2013 (4.18) Win32/Sirefef February 2013 (4.17) Win32/Lefgroo January 2013 (4.16) Win32/Ganelp January 2013 (4.16) Win32/Phdet December 2012 (4.15) Win32/Phorpiex November 2012 (4.14) Win32/Weelsof November 2012 (4.14) Win32/Folstart November 2012 (4.14) Win32/OneScan October 2012 (4.13) Win32/Nitol October 2012 (4.13) Win32/Medfos September 2012 (4.12) Win32/Matsnu August 2012 (4.11) Win32/Bafruz August 2012 (4.11) Win32/Kuluoz June 2012 (4.9) Win32/Cleaman June 2012 (4.9) Win32/Dishigy May 2012 (4.8) Win32/Unruy May 2012 (4.8) Win32/Gamarue April 2012 (4.7) Win32/Bocinex April 2012 (4.7) Win32/Claretore April 2012 (4.7) Win32/Pluzoks.A March 2012 (4.6) Win32/Yeltminky March 2012 (4.6) Win32/Hioles March 2012 (4.6) Win32/Dorkbot March 2012 (4.6) Win32/Fareit February 2012 (4.5) Win32/Pramro February 2012 (4.5) Win32/Sefnit January 2012 (4.4) Win32/Helompy December 2011 (4.3) Win32/Cridex November 2011 (4.2) Win32/Carberp November 2011 (4.2) Win32/Dofoil November 2011 (4.2) Win32/Poison October 2011 (4.1) Win32/EyeStye October 2011 (4.1) Win32/Kelihos September 2011 (4.0) Win32/Bamital September 2011 (4.0) Win32/Hiloti August 2011 (3.22) Win32/FakeSysdef August 2011 (3.22) Win32/Dursg July 2011 (3.21) Win32/Tracur July 2011 (3.21) Win32/Nuqel June 2011 (3.20) Win32/Yimfoca June 2011 (3.20) Win32/Rorpian June 2011 (3.20) Win32/Ramnit May 2011 (3.19) Win32/Afcore April 2011 (3.18) Win32/Renocide March 2011 (3.17) Win32/Cycbot February 2011 (3.16) Win32/Lethic January 2011 (3.15) Win32/Qakbot December 2010 (3.14) Virus:Win32/Sality.AT November 2010 (3.13) Worm:Win32/Sality.AT November 2010 (3.13) Win32/FakePAV November 2010 (3.13) Win32/Zbot October 2010 (3.12) Win32/Vobfus September 2010 (3.11) Win32/FakeCog September 2010 (3.11) Trojan:WinNT/Sality August 2010 (3.10) Virus:Win32/Sality.AU August 2010 (3.10) Worm:Win32/Sality.AU August 2010 (3.10) Worm:Win32/Vobfus!dll August 2010 (3.10) Worm:Win32/Vobfus.gen!C August 2010 (3.10) Worm:Win32/Vobfus.gen!B August 2010 (3.10) Worm:Win32/Vobfus.gen!A August 2010 (3.10) Win32/CplLnk August 2010 (3.10) Win32/Stuxnet August 2010 (3.10) Win32/Bubnix July 2010 (3.9) Win32/FakeInit June 2010 (3.8) Win32/Oficla May 2010 (3.7) Win32/Magania April 2010 (3.6) Win32/Helpud March 2010 (3.5) Win32/Pushbot February 2010 (3.4) Win32/Rimecud January 2010 (3.3) Win32/Hamweq December 2009 (3.2) Win32/PrivacyCenter November 2009 (3.1) Win32/FakeVimes November 2009 (3.1) Win32/FakeScanti October 2009 (3.0) Win32/Daurso September 2009 (2.14) Win32/Bredolab September 2009 (2.14) Win32/FakeRean August 2009 (2.13) Win32/FakeSpypro July 2009 (2.12) Win32/InternetAntivirus June 2009 (2.11) Win32/Winwebsec May 2009 (2.10) Win32/Waledac April 2009 (2.9) Win32/Koobface March 2009 (2.8) Win32/Srizbi February 2009 (2.7 ) Win32/Conficker January 2009 (2.6) Win32/Banload January 2009 (2.6) Win32/Yektel December 2008 (2.5) Win32/FakeXPA December 2008 (2.5) Win32/Gimmiv November 2008 (2.4) Win32/FakeSecSen November 2008 (2.4 ) Win32/Rustock October 2008 (2.3) Win32/Slenfbot September 2008 (2.2) Win32/Matcash August 2008 (2.1) Win32/Horst July 2008 (2.0) Win32/Lolyda June 2008 (1.42) Win32/Ceekat June 2008 (1.42) Win32/Zuten June 2008 (1.42) Win32/Tilcun June 2008 (1.42) Win32/Storark June 2008 (1.42) Win32/Taterf June 2008 (1.42) Win32/Frethog June 2008 (1.42) Win32/Corripio June 2008 (1.42) Win32/Captiya May 2008 (1.41) Win32/Oderoor May 2008 (1.41) Win32/Newacc March 2008 (1.39) Win32/Vundo March 2008 (1.39) Win32/Virtumonde March 2008 (1.39) Win32/Ldpinch February 2008 (1.38) Win32/Cutwail January 2008 (1.37) Win32/Fotomoto December 2007 (1.36) Win32/ConHook November 2007 (1.35) Win32/RJump October 2007 (1.34) Win32/Nuwar September 2007 (1.33) Win32/Zonebac August 2007 (1.32) Win32/Virut.B August 2007 (1.32) Win32/Virut.A August 2007 (1.32) Win32/Busky July 2007 (1.31) Win32/Allaple June 2007 (1.30) Win32/Renos May 2007 (1.29) Win32/Funner April 2007 (1.28) Win32/Alureon March 2007 (1.27) Win32/Mitglieder February 2007 (1.25) Win32/Stration February 2007 (1.25) WinNT/Haxdoor January 2007 (1.24) Win32/Haxdoor January 2007 (1.24) Win32/Beenut December 2006 (1.23) Win32/Brontok November 2006 (1.22) Win32/Tibs October 2006 (1.21) Win32/Passalert October 2006 (1.21) Win32/Harnig October 2006 (1.21) Win32/Sinowal September 2006 (1.20) Win32/Bancos September 2006 (1.20) Win32/Jeefo August 2006 (1.19) Win32/Banker August 2006 (1.19) Win32/Nsag July 2006 (1.18) Win32/Hupigon July 2006 (1.18) Win32/Chir July 2006 (1.18) Win32/Alemod July 2006 (1.18) Win32/Fizzer June 2006 (1.17) Win32/Cissi June 2006 (1.17) Win32/Plexus May 2006 (1.16) Win32/Ganda May 2006 (1.16) Win32/Evaman May 2006 (1.16) Win32/Valla April 2006 (1.15) Win32/Reatle April 2006 (1.15) Win32/Locksky April 2006 (1.15) Win32/Zlob March 2006 (1.14) Win32/Torvil March 2006 (1.14) Win32/Atak March 2006 (1.14) Win32/Magistr February 2006 (1.13) Win32/Eyeveg February 2006 (1.13) Win32/Badtrans February 2006 (1.13) Win32/Alcan February 2006 (1.13) Win32/Parite January 2006 (1.12) Win32/Maslan January 2006 (1.12) Win32/Bofra January 2006 (1.12) WinNT/F4IRootkit December 2005 (1.11) Win32/Ryknos December 2005 (1.11) Win32/IRCBot December 2005 (1.11) Win32/Swen November 2005 (1.10) Win32/Opaserv November 2005 (1.10) Win32/Mabutu November 2005 (1.10) Win32/Codbot November 2005 (1.10) Win32/Bugbear November 2005 (1.10) Win32/Wukill October 2005 (1.9) Win32/Mywife October 2005 (1.9) Win32/Gibe October 2005 (1.9) Win32/Antinny October 2005 (1.9) Win32/Zotob September 2005 (1.8) Win32/Yaha September 2005 (1.8) Win32/Gael September 2005 (1.8) Win32/Esbot September 2005 (1.8) Win32/Bobax September 2005 (1.8) Win32/Rbot.MC August 2005 A (1.7.1) Win32/Rbot.MB August 2005 A (1.7.1) Win32/Rbot.MA August 2005 A (1.7.1) Win32/Esbot.A August 2005 A (1.7.1) Win32/Bobax.O August 2005 A (1.7.1) Win32/Zotob.E August 2005 A (1.7.1) Win32/Zotob.D August 2005 A (1.7.1) Win32/Zotob.C August 2005 A (1.7.1) Win32/Zotob.B August 2005 A (1.7.1) Win32/Zotob.A August 2005 A (1.7.1) Win32/Spyboter August 2005 (1.7) Win32/Dumaru August 2005 (1.7) Win32/Bagz August 2005 (1.7) Win32/Wootbot July 2005 (1.6) Win32/Purstiu July 2005 (1.6) Win32/Optixpro July 2005 (1.6) Win32/Optix July 2005 (1.6) Win32/Hacty July 2005 (1.6) Win32/Spybot June 2005 (1.5) Win32/Mytob June 2005 (1.5) Win32/Lovgate June 2005 (1.5) Win32/Kelvir June 2005 (1.5) WinNT/FURootkit May 2005 (1.4) WinNT/Ispro May 2005 (1.4) Win32/Sdbot May 2005 (1.4) Win32/Rbot April 2005 (1.3) Win32/Mimail April 2005 (1.3) Win32/Hackdef** April 2005 (1.3) Win32/Sobig March 2005 (1.2) Win32/Sober March 2005 (1.2) Win32/Goweh March 2005 (1.2) Win32/Bropia March 2005 (1.2) Win32/Bagle March 2005 (1.2) Win32/Zafi February 2005 (1.1) Win32/Randex February 2005 (1.1) Win32/Netsky February 2005 (1.1) Win32/Korgo February 2005 (1.1) Win32/Zindos January 2005 (1.0) Win32/Sasser January 2005 (1.0) Win32/Nachi January 2005 (1.0) Win32/Mydoom January 2005 (1.0) Win32/MSBlast January 2005 (1.0) Win32/Gaobot January 2005 (1.0) Win32/Doomjuice January 2005 (1.0) Win32/Berbew January 2005 (1.0) We maximize customer protection by regularly reviewing and prioritizing our signatures. We add or remove detections as the threat landscape evolves. Note: It is recommended to have an up to date next-gen antimalware product installed for continuous protection. Reporting componentThe MSRT sends information to Microsoft if it detects malicious software or finds an error. The specific information that is sent to Microsoft consists of the following items:
If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent. The additional information includes the following:
You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. Possible scanning resultsAfter the tool runs, there are four main results that the removal tool can report to the user:
Frequently asked questions about the MSRTQ1: Is this tool digitally signed by Microsoft?A1: Yes. Q2: What kind of information does the log file contain?A2: For information about the log file, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. Q3: Can this tool be redistributed?A3: Yes. Per the terms of this tool's license terms, the tool can be redistributed. However, make sure that you are redistributing the latest version of the tool. Q4: How do I know that I'm using the latest version of the tool?A4: If you are a Windows 7 user, use Microsoft Update or the Microsoft Update Automatic Updates functionality to test whether you are using the latest version of the tool. If you have chosen not to use Microsoft Update, and you are a Windows 7 user, use Windows Update. Or, use the Windows Update Automatic Updates functionality to test whether you are using the latest version of the tool. Additionally, you can visit the Microsoft Download Center. Also, if the tool is more than 60 days out of date, the tool reminds you to look for a new version of the tool. Q5: Will the Microsoft Knowledge Base article number of the tool change with each new version?A5: No. The Microsoft Knowledge Base article number for the tool will remain as 890830 for future versions of the tool. The file name of the tool when it is downloaded from the Microsoft Download Center will change with each release to reflect the month and the year when that version of the tool was released. Q6: Is there any way I can request that new malicious software be targeted in the tool?A6: Currently, no. Malicious software that is targeted in the tool is based on metrics that track the prevalence and damage of malicious software. Q7: Can I determine whether the tool has been run on a computer?A7: Yes. By checking a registry key, you can determine whether the tool has been run on a computer and which version was the latest version that was used. For more information, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. Q8: Why do not I see the tool on Microsoft Update, Windows Update, or Automatic Updates?A8: Several scenarios may prevent you from seeing the tool on Microsoft Update, Windows Update, or Automatic Updates:
Q9: How do Microsoft Update, Windows Update, and Automatic Updates determine who the tool is offered to?A9: The tool is offered to all supported Windows and Windows Server versions that are listed in the "Summary" section if the following conditions are true:
Q10: When I look in the log file, it tells me that errors were found during the scan. How do I resolve the errors?A10: For information about the errors, see How to troubleshoot an error when you run the Microsoft Windows Malicious Software Removal Tool. Q11: Will you rerelease the tool even if there are no new security bulletins for a particular month?A11: Yes. Even if there are no new security bulletins for a particular month, the Malicious Software Removal Tool will be rereleased with detection and removal support for the latest prevalent malicious software. Q12: How do I prevent this tool from being offered to me by using Microsoft Update, Windows Update, or Automatic Updates?A12: When you are first offered the Malicious Software Removal Tool from Microsoft Update, Windows Update, or Automatic Updates, you can decline downloading and running the tool by declining the license terms. This action can apply to only the current version of the tool or to both the current version of the tool and any future versions, depending on the options that you choose. If you have already accepted the license terms and prefer not to install the tool through Windows Update, clear the checkbox that corresponds to the tool in the Windows Update UI. Q13: After I run the tool from Microsoft Update, Windows Update, or Automatic Updates, where are the tool files stored? Can I rerun the tool?A13: If it is downloaded from Microsoft Update or from Windows Update, the tool runs only one time each month. To manually run the tool multiple times a month, download the tool from the Download Center or by visiting the Microsoft Safety & Security Center website. Q14: Can I run this tool on a Windows Embedded computer?A14: Currently, the Malicious Software Removal Tool is not supported on a Windows Embedded computer. Q15: Does running this tool require any security updates to be installed on the computer?A15: No. Unlike most previous cleaner tools that were produced by Microsoft, the MSRT has no security update prerequisites. However, we strongly recommend that you install all critical updates before you use the tool, to help prevent reinfection by malicious software that takes advantage of security vulnerabilities. Q16: Can I deploy this tool by using WSUS or SCCM? Is it compatible with MBSA?A16: For information about how to deploy this tool, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. Q17: Do I have to have the previous cleaner tools installed to run the Malicious Software Removal Tool?A17: No. Q18: Is there a newsgroup available to discuss this tool?A18: Yes. You can use the microsoft.public.security.virus newsgroup. Q19: Why does the "Windows File Protection" window appear when I run the tool?A19: In some cases, when specific viruses are found on a system, the cleaner tool tries to repair infected Windows system files. Although this action removes the malicious software from these files, it may also trigger the Windows File Protection feature. If you see the Windows File Protection window, we strongly recommend that you follow the directions and insert your Microsoft Windows CD. This will restore the cleaned files to their original, pre-infection state. Q20: Are localized versions of this tool available?A20: Yes, the tool is available in 24 languages. Q21: I found the Mrtstub.exe file in a randomly named directory on my computer. Is the Mrtstub.exe file a legitimate component of the tool?A21: The tool does use a file that is named Mrtstub.exe for certain operations. If you verify that the file is signed by Microsoft, the file is a legitimate component of the tool. Q22: Can the MSRT run in Safe mode?A22: Yes. If you have run the MSRT before you start the computer to Safe mode, you can access MSRT at %windir%\system32\mrt.exe. Double-click the Mrt.exe file to run the MSRT, and then follow the on-screen instructions. Which utility can be used to check the drive for errors and recover data?Run CHKDSK from your computer
You can use the CHKDSK utility from within Windows, and it'll scan your drive for errors. Here's how to run CHKDSK in Windows 10: Type chkdsk in the search box in your taskbar.
What part of the Windows display shows information about open programs and provides quick access to others?IT 121 CH3a. What type of software is used to control a computer?System software controls a computer's internal functioning, chiefly through an operating system, and also controls such peripherals as monitors, printers, and storage devices.
What is the name of the program that a PC needs to be able to run?What is an operating system? An operating system is the most important software that runs on a computer. It manages the computer's memory and processes, as well as all of its software and hardware.
|