Posted by: Ed Tittel
antimalware, antispyware, antivirus, HijackThis, rootkit, Windows Malicious Software Removal Tool (mrt.exe), Windows Update, Windows Vista, Windows Vista troubleshooting
Like clockwork, Microsoft proffers up a new version of the Windows Malicious Software Removal Tools on each and every Patch Tuesday. In January, 2009, that item is described in Knowledge Base article KB890830. This tool is not intended to replace anti-virus or anti-spyware tool, but it can be nice for Vista admins to recognize that the tool gets updated monthly and can more or less be guaranteed to be present on Vista PCs as long as:
- Updates get pushed to Vista desktops regularly
- The list of pushed updates includes the current Windows Malicious Software Removal Tool
Just for grins, I decided to dig up and learn the details involved in using this tool. The name of the executable file is mrt.exe, which is actually the recommended string to launch the tool as well (simply type mrt.exe into the Vista search box, and it’s off and to the races).
Once you fire off this program, it presents a window on the desktop that looks like this:
As it’s running, mrt.exe can consume some resources, however. Check out these screen caps from my Sidebar CPU usage widget and Task Manager’s process window, captured about the same time as the preceding screenshot:
The good thing about mrt.exe is that if admins need to help users cope with possible malware infestations on the road, it’s nearly always safe to assume that this tool will be available on the machine, ready to use to help track down and possibly clean up what ails it. That said, mrt.exe can be the only tool in the clean-up arsenal, where special purpose diagnostic tools such as HijackThis or various rootkit detectors must often play a role, and where special purpose one shot clean up tools from various antimalware vendors must also occasionally be called into play.
But as tools go, this one ain’t bad, and it’s never too far from any Vista machine, either. If there’s one downside to mrt.exe, it’s speed: on a test scan on my production Vista PC (Ultimate, with about 90 GB of files spread across 3 hard disks) the program took over 3 hours to perform a complete, in-depth scan of my system. Savvy admins will have tired road warriors fire this off before an extended break, or before bedtime, to help their charges avoid excessive losses of computing cycles on their traveling machines.