The Windows Malicious Software Removal Tool is intended for use with the operating systems that are listed in the "Applies to" section. Operating systems that are not included in the list were not tested and therefore are not supported. These unsupported operating systems include all versions and editions of embedded operating systems. 

Introduction

Microsoft generally releases Windows Malicious Software Removal Tool (MSRT) monthly as part of Windows Update or as the standalone tool. Use this tool to find and remove specific prevalent threats and reverse the changes they have made (see covered threats). For comprehensive malware detection and removal, consider using Microsoft Safety Scanner.

This tool works in a complementary manner with existing antimalware solutions and can be used on most current Windows versions (see Properties section).

The information contained in this article is specific to the enterprise deployment of the tool. We recommend that you review the following knowledge base article for more information about the tool:

890830 Remove specific prevalent malware with Windows Malicious Software Removal Tool

Download the tool

You can manually download the MSRT from the Microsoft Download Center. The following files are available for download from the Microsoft Download Center:

For 32-bit x86-based systems:

Download icon Download the x86 MSRT package now.


For 64-bit x64-based systems:

Download icon Download the x64 MSRT package now.

Deployment overview

The tool can be deployed in an enterprise environment to enhance existing protection and as part of a defense-in-depth strategy. To deploy the tool in an enterprise environment, you can use one or more of the following methods:

  • Windows Server Update Services

  • Microsoft Systems Management Software (SMS) software package

  • Group Policy-based computer startup script

  • Group Policy-based user logon script

The current version of this tool does not support the following deployment technologies and techniques:

  • Windows Update Catalog

  • Execution of the tool against a remote computer

  • Software Update Services (SUS)

Additionally, the Microsoft Baseline Security Analyzer (MBSA) does not detect execution of the tool. This article includes information about how you can verify execution of the tool as part of deployment.

Code sample

The script and the steps that are provided here are meant to be only samples and examples. Customers must test these sample scripts and example scenarios and modify them appropriately to work in their environment. You must change the ServerName and the ShareName according to the setup in your environment.

The following code sample does the following things:

  • Runs the tool in silent mode

  • Copies the log file to a preconfigured network share

  • Prefixes the log the file name by using the name of the computer from which the tool is run and the user name of the current user

    Note You must set appropriate permissions on the share according to the instructions in the Initial setup and configuration section.

REM In this example, the script is named RunMRT.cmd.
REM The Sleep.exe utility is used to delay the execution of the tool when used as a 
REM startup script. See the "Known issues" section for details.
@echo off
call \\ServerName\ShareName\Sleep.exe 5
Start /wait \\ServerName\ShareName\Windows-KB890830-V5.94.exe /q

copy %windir%\debug\mrt.log \\ServerName\ShareName\Logs\%computername%_%username%_mrt.log

Note In this code sample, ServerName is a placeholder for the name of your server, and ShareName is a placeholder for the name of your share.

Initial setup and configuration

This section is intended for administrators who are using a startup script or a logon script to deploy this tool. If you are using SMS, you can continue to the "Deployment methods" section.

To configure the server and the share, follow these steps:

  1. Set up a share on a member server. Then name the share
    ShareName.

  2. Copy the tool and the sample script, RunMRT.cmd, to the share. See the Code sample section for details.

  3. Configure the following share permissions and NTFS file system permissions:

    • Share permissions:

      1. Add the domain user account for the user who is managing this share, and then click Full Control.

      2. Remove the Everyone group.

      3. If you use the computer startup script method, add the Domain Computers group together with Change and Read permissions.

      4. If you use the logon script method, add the Authenticated Users group together with Change and Read permissions.

    • NTFS permissions:

      1. Add the domain user account for the user who is managing this share, and then click Full Control.

      2. Remove the Everyone group if it is in the list.

        Note If you receive an error message when you remove the Everyone group, click Advanced on the Security tab, and then click to clear the Allow inheritable permissions from parent to propagate to this object check box.

      3. If you use the computer startup script method, grant the Domain Computers group Read & Execute permissions, List Folder Contents permissions, and Read permissions.

      4. If you use the logon script method, grant the Authenticated Users group Read & Execute permissions, List Folder Contents permissions, and Read permissions.

  4. Under the ShareName folder, create a folder that is named "Logs."

    This folder is where the final log files will be collected after the tool runs on the client computers.

  5. To configure the NTFS permissions on the Logs folder, follow these steps.

    Note Do not change the Share permissions in this step.

    1. Add the domain user account for the user who is managing this share, and then click Full Control.

    2. If you use the computer startup script method, give the Domain Computers group Modify permissions, "Read & Execute" permissions, List Folder Contents permissions, Read permissions, and Write permissions.

    3. If you use the logon script method, give the Authenticated Users group Modify permissions, "Read & Execute" permissions, List Folder Contents permissions, Read permissions, and Write permissions.

Deployment methods

Note To run this tool, you must have Administrator permissions or System permissions, regardless of the deployment option that you choose.

How to use the SMS software package

The following example provides step-by-step instructions for using SMS 2003. The steps for using SMS 2.0 resemble these steps.

  1. Extract the Mrt.exe file from the package that is named Windows-KB890830-V1.34-ENU.exe /x.

  2. Create a .bat file to start Mrt.exe and to capture the return code by using ISMIF32.exe.

    The following is an example.

    @echo off
    Start /wait Mrt.exe /q
    If errorlevel 13 goto error13
    If errorlevel 12 goto error12
    Goto end
    
    :error13
    Ismif32.exe –f MIFFILE –p MIFNAME –d ”text about error 13”
    Goto end
    
    :error12
    Ismif32.exe –f MIFFILE –p MIFNAME –d “text about error 12”
    Goto end
    
    :end
    

    For more information about Ismif32.exe, go to the following article in the Microsoft Knowledge Base:

    268791 How a status Management Information Format (MIF) file produced by the ISMIF32.exe file is processed in SMS 2.0

    186415 Status MIF creator, Ismif32.exe is available

  3. To create a package in the SMS 2003 console, follow these steps:

    1. Open the SMS Administrator Console.

    2. Right-click the Packages node, click
      New, and then click Package.

      The
      Package Properties dialog box is displayed.

    3. On the General tab, name the package.

    4. On the Data Source tab, click to select the This package contains source files check box.

    5. Click Set, and then choose a source directory that contains the tool.

    6. On the Distribution Settings tab, set the Sending priority to High.

    7. On the Reporting tab, click Use these fields for status MIF matching, and then specify a name for the MIF file name field and for the
      Name field.

      Version and Publisher are optional.

    8. Click OK to create the package.

  4. To specify a Distribution Point (DP) to the package, follow these steps:

    1. In the SMS 2003 console, locate the new package under the Packages node.

    2. Expand the package. Right-click Distribution Points, point to New, and then click Distribution Points.

    3. Start the New Distribution Points Wizard. Select an existing Distribution Point.

    4. Click Finish to exit the wizard.

  5. To add the batch file that was previously created to the new package, follow these steps:

    1. Under the new package node, click the Programs node.

    2. Right-click Programs, point to
      New, and then click Program.

    3. Click the General tab, and then enter a valid name.

    4. At the Command line, click
      Browse to select the batch file that you created to start Mrt.exe.

    5. Change Run to
      Hidden. Change After to No action required.

    6. Click the Requirements tab, and then click This program can run only on specified client operating systems.

    7. Click All x86 Windows XP.

    8. Click the Environment tab, click
      Whether a user is logged in the Program can run list. Set the Run mode to Run with administrative rights.

    9. Click OK to close the dialog box.

  6. To create an advertisement to advertise the program to clients, follow these steps:

    1. Right-click the Advertisement node, click New, and then click
      Advertisement.

    2. On the General tab, enter a name for the advertisement. In the Package field, select the package that you previously created. In the Program field, select the program that you previously created. Click Browse, and then click the All System collection or select a collection of computers that only includes Windows Vista and later versions.

    3. On the Schedule tab, leave the default options if you want the program to only run one time. To run the program on a schedule, assign a schedule interval.

    4. Set the Priority to High.

    5. Click OK to create the advertisement.

How to use a Group Policy-based computer startup script

This method requires you to restart the client computer after you set up the script and after you apply the Group Policy setting.

  1. Set up the shares. To do this, follow the steps in the
    Initial setup and configuration section.

  2. Set up the startup script. To do this, follow these steps:

    1. In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click
      Properties.

    2. Click the Group Policy tab.

    3. Click New to create a new Group Policy Object (GPO), and type MRT Deployment for the name of the policy.

    4. Click the new policy, and then click Edit.

    5. Expand Windows Settings for Computer Configuration, and then click Scripts.

    6. Double-click Logon, and then click Add.

      The Add a Script dialog box is displayed.

    7. In the Script Name box, type
      \\ServerName\ShareName\RunMRT.cmd.

    8. Click OK, and then click Apply.

  3. Restart the client computers that are members of this domain.

How to use a Group Policy-based user logon script

This method requires that the logon user account is a domain account and is a member of the local administrator's group on the client computer.

  1. Set up the shares. To do this, follow the steps in the
    Initial setup and configuration section.

  2. Set up the logon script. To do this, follow these steps:

    1. In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click
      Properties.

    2. Click the Group Policy tab.

    3. Click New to create a new GPO, and then type MRT Deployment for the name.

    4. Click the new policy, and then click
      Edit.

    5. Expand Windows Settings for User Configuration, and then click Scripts.

    6. Double-click Logon, and then click Add. The Add a Script dialog box is displayed.

    7. In the Script Name box, type
      \\ServerName\ShareName\RunMRT.cmd.

    8. Click OK, and then click Apply.

  3. Log off and then log on to the client computers.

In this scenario, the script and the tool will run under the context of the logged-on user. If this user does not belong to the local administrators group or does not have sufficient permissions, the tool will not run and will not return the appropriate return code. For more information about how to use startup scripts and logon scripts, go to the following article in the Microsoft Knowledge Base:

198642 Overview of logon, logoff, startup, and shutdown scripts in Windows 2000

322241 How to assign scripts in Windows 2000

Additional information that is relevant to enterprise deployment

How to examine return codes

You can examine the return code of the tool in your deployment logon script or in your deployment startup script to verify the results of execution. See the Code sample section for an example of how to do this.

The following list contains the valid return codes.

0

=

No infection found

1

=

OS Environment Error

2

=

Not running as an Administrator

3

=

Not a supported OS

4

=

Error Initializing the scanner. (Download a new copy of the tool)

5

=

Not used

6

=

At least one infection detected. No errors.

7

=

At least one infection was detected, but errors were encountered.

8

=

At least one infection was detected and removed, but manual steps are required for a complete removal.

9

=

At least one infection was detected and removed, but manual steps are required for complete removal and errors were encountered.

10

=

At least one infection was detected and removed, but a restart is required for complete removal

11

=

At least one infection was detected and removed, but a restart is required for complete removal and errors were encountered

12

=

At least one infection was detected and removed, but both manual steps and a restart is required for complete removal.

13

=

At least one infection was detected and removed, but a restart is required. No errors were encountered.

How to parse the log file

The Malicious Software Removal Tool writes details about the result of its execution in the %windir%\debug\mrt.log log file.

Notes

  • This log file is available only in English.

  • Starting with version 1.2 of the removal tool (March 2005), this log file uses Unicode text. Before version 1.2, the log file used ANSI text.

  • The log file format has changed with version 1.2, and we recommend that you download and use the latest version of the tool.

    If this log file already exists, the tool appends to the existing file.

  • You can use a command script that resembles the previous example to capture the return code and to collect the files to a network share.

  • Because of the switch from ANSI to Unicode, version 1.2 of the removal tool will copy any ANSI versions of the Mrt.log file in the %windir%\debug folder to Mrt.log.old in the same directory. Version 1.2 also creates a new Unicode version of the Mrt.log file in that same directory. Like the ANSI version, this log file will be appended to each month's release.

The following example is an Mrt.log file from a computer that was infected with the MPnTestFile worm:

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9300.0)
Started On Tue Jul 30 23:34:49 2013


Quick Scan Results:
-------------------
Threat Detected: Virus:Win32/MPnTestFile.2004 and Removed!
 Action: Remove, Result: 0x00000000
 regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\v5mpn
 runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\v5mpn
 file://c:\temp\mpncleantest.exe
 SigSeq: 0x00002267735A46E2

Results Summary:
----------------
Found Virus:Win32/MPnTestFile.2004 and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 30 23:35:39 2013


Return code: 6 (0x6) 

 


The following is an example log file where no malicious software is found.

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9300.0)
Started On Thu Aug 01 21:15:43 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 01 21:16:28 2013


Return code: 0 (0x0)
 


The following is a sample log file in which errors are found.


For more information about warnings and errors that are caused by the tool, go to the following article in the Microsoft Knowledge Base:

891717 How to troubleshoot an error when you run the Microsoft Windows Malicious Software Removal Tool Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9300.0) Started On Fri Aug 02 16:17:49 2013 Scan Results: ------------- Threat Detected: Virus:Win32/MPTestFile.2004, partially removed. Operation failed. Action: Clean, Result: 0x8007065E. Please use a full antivirus product ! ! file://d:\temp\mpcleantest.7z->mpcleantest.exe SigSeq: 0x00001080D2AE29FC containerfile://d:\temp\mpcleantest.7z Results Summary: ---------------- Found Virus:Win32/MPTestFile.2004, partially removed. Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 02 16:18:09 2013 Return code: 7 (0x7)

Known issues

Known issue 1

When you run the tool by using a startup script, error messages that resemble the following error message may be logged in the Mrt.log file:
 

Error: MemScanGetImagePathFromPid(pid: 552) failed.
0x00000005: Access is denied.


Note The pid number will vary.

This error message occurs when a process is just starting or when a process has been recently stopped. The only effect is that the process that is designated by the pid is not scanned.

Known issue 2

In some rare cases, if an administrator chooses to deploy the MSRT by using the /q quiet switch (also known as silent mode), this may not completely resolve cleaning for a small subset of infections in situations in which additional cleaning is required after a restart. This has been observed only in the removal of certain rootkit variants.

FAQ

Q1. When I test my startup or logon script to deploy the tool, I don't see the log files that are being copied to the network share that I set up. Why?

A1. This is frequently caused by permissions issues. For example, the account that the removal tool was run from does not have Write permission to the share. To troubleshoot this, first make sure that the tool ran by checking the registry key. Alternatively, you can look for the presence of the log file on the client computer. If the tool successfully ran, you can test a simple script and make sure that it can write to the network share when it runs under the same security context in which the removal tool was run.

Q2. How do I verify that the removal tool has run on a client computer?

A2. You can examine the value data for the following registry entry to verify the execution of the tool. You can implement such an examination as part of a startup script or a logon script. This process prevents the tool from running multiple times.

Subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT
Entry name:
Version

Every time that the tool is run, the tool records a GUID in the registry to indicate that it has been executed. This occurs regardless of the results of the execution. The following table lists the GUID that corresponds to each release.

ID

Title

October 2021

4E7B66E3-987E-4788-BBB3-A5030922FC8D

September 2021

2A9893F6-6CFA-4C4E-8CDC-F6C06E9ADAFD

August 2021

2B0ABF61-2643-4716-9B15-4813BC505DF4

July 2021

8AE004C7-42D7-4FEC-9ABE-48A7E4C1CBC8

June 2021

E3A0B6EE-FE26-44C1-96DB-2BFDB5BDB305

May 2021

8586F868-D88E-461F-8C9F-85D50FCBCC84

April 2021

439B1947-E9BC-40E0-883D-517613D95818

March 2021

3DC01EF0-0E9D-4D88-8BC7-A3F3801FAB49

February 2021

45EEFC65-BFCF-458A-8760-ECC7ACEC73A2

January 2021

0AAB5944-A7BC-4D17-9A3A-2FAB07286EE9

November 2020

F7A1FB98-0884-4986-884D-FFBEA881A2A1

September 2020

E0118D9B-6F80-4A16-92ED-A8EB4851C84C

May 2020

EFB903C3-1459-4C91-B79D-B7438E15C972

March 2020

71562B8C-C50D-4375-91F3-8EE0DD0EF7E3

February 2020

9CCD5E4F-11C8-4064-8C37-6D1BA8C1ED37

January 2020

38281425-A1C7-400F-AE79-EFE8C1E9E38F

December 2019

6F46913B-8294-43FD-8AA8-46984911C881

November 2019

1ED49A70-3903-4C40-B575-93F3DD50B283

October 2019

E63797FA-851A-4E25-8DA1-D453DD437525

August 2019

96F83121-A86A-497A-8B18-7F1BBAE6448D

July 2019

FCF0D56B-99A4-4A39-BAC8-2ED52EF10FEC

June 2019

10188A60-F140-42EF-984F-E4B3CA369BD1

May 2019

A8F12582-E642-4070-91E6-D6CF31796C0B

April 2019

7C55425A-FBE7-44D0-A226-6FF46F085EAF

March 2019

5DCD306C-136C-4C03-B0E4-3C1E78DE5A19

February 2019

3A57513A-D489-4B41-A40D-5ACD998F294A

January 2019

8F732BDE-182D-4A10-B8CE-0C538C878F87

December 2018

FD672828-AC76-41B9-95E0-6F5859BDDB74

November 2018

F1E75593-4ACF-4C29-BD2D-0F495D7B8396

October 2018

D84C2D59-B81F-4163-BC39-3CDDD8BB68BC

September 2018

18674908-417F-4139-A22C-F418420D2B7B

August 2018

6600605A-7534-41BF-B117-579EA0F5997D

July 2018

3A88B54D-626C-4DBE-BBB3-4EE0E666A730

June 2018

968E16D7-8605-4BA4-9BE5-86127A0FAC87

May 2018

02683B53-543A-4200-8D43-B69C3B3CE0E9

April 2018

62F357BA-9FC0-4CED-A90C-457D02B33DEE

March 2018

C43B8734-0004-446C-8F37-FD8AD3F3BCF0

February 2018

CED42968-8B11-4886-8477-8F22956192B0

January 2018

C6BD56EC-B2C1-4D20-B94D-234F8A9C5733

December 2017

3D287184-25B3-4DDC-ADD3-A93C626CD7EB

November 2017

AAF1DA7A-77D4-4997-9C0C-38E0CFA6AB92

October 2017

9209C00F-BD62-4CB8-9702-C4B9A4F8D560

September 2017

FE854017-795E-4685-95CE-3CCB1FFD743D

August 2017

1D3AE7A6-F7BA-4787-A240-284C46162AFA

July 2017

2A9D9E6C-14F4-4E84-B9B5-B307DDACA125

June 2017

28BE7B9C-E473-4A73-8770-83AB99A596F8

May 2017

E43CFF1D-46DB-4239-A583-3828BB9EB66C

April 2017

507CBE5F-7915-416A-9E0E-B18FEA08237D

March 2017

F83889D4-A24B-44AA-8E34-BCDD8912FAD7

February 2017

88E3BAB3-52CF-4B15-976E-0BE4CFA98AA8

January 2017

A5E600F5-A3CE-4C8E-8A14-D4133623CDC5

December 2016

F6945BD2-D48B-4B07-A7FB-A55C4F98A324

November 2016

E36D6367-DF23-4D09-B5B1-1FC38109F29C

October 2016

6AC744F7-F828-4CF8-A405-AA89845B2D98

September 2016

2168C094-1DFC-43A9-B58E-EB323313845B

August 2016

0F13F87E-603E-4964-A9B4-BF923FB27B5D

July 2016

34E69BB2-EFA0-4905-B7A9-EFBDBA61647B

June 2016

E6F49BC4-1AEA-4648-B235-1F2A069449BF

May 2016

156D44C7-D356-4303-B9D2-9B782FE4A304

April 2016

6F31010B-5919-41C2-94FB-E71E8EEE9C9A

March 2016

3AC662F4-BBD5-4771-B2A0-164912094D5D

February 2016

DD51B914-25C9-427C-BEC8-DA8BB2597585

January 2016

ED6134CC-62B9-4514-AC73-07401411E1BE

December 2015

EE51DBB1-AE48-4F16-B239-F4EB7B2B5EED

November 2015

FFF3C6DF-56FD-4A28-AA12-E45C3937AB41

October 2015

4C5E10AF-1307-4E66-A279-5877C605EEFB

September 2015

BC074C26-D04C-4625-A88C-862601491864

August 2015

74E954EF-6B77-4758-8483-4E0F4D0A73C7

July 2015

82835140-FC6B-4E05-A17F-A6B9C5D7F9C7

June 2015

20DEE2FA-9862-4C40-A1D4-1E13F1B9E8A7

May 2015

F8F85141-8E6C-4FED-8D4A-8CF72D6FBA21

April 2015

7AABE55A-B025-4688-99E9-8C66A2713025

March 2015

CEF02A7E-71DD-4391-9BF6-BF5DEE8E9173

February 2015

92D72885-37F5-42A2-B199-9DBBEF797448

January 2015

677022D4-7EC2-4F65-A906-10FD5BBCB34C

December 2014

386A84B2-5559-41C1-AC7F-33E0D5DE0DF6

November 2014

7F08663E-6A54-4F86-A6B5-805ADDE50113

October 2014

5612279E-542C-454D-87FE-92E7CBFDCF0F

September 2014

98CB657B-9051-439D-9A5D-8D4EDF851D94

August 2014

53B5DBC4-54C7-46E4-B056-C6F17947DBDC

July 2014

43E0374E-D98E-4266-AB02-AE415EC8E119

June 2014

07C5D15E-5547-4A58-A94D-5642040F60A2

May 2014

91EFE48B-7F85-4A74-9F33-26952DA55C80

April 2014

54788934-6031-4F7A-ACED-5D055175AF71

March 2014

​254C09FA-7763-4C39-8241-76517EF78744

February 2014

FC5CF920-B37A-457B-9AB9-36ECC218A003

January 2014

7BC20D37-A4C7-4B84-BA08-8EC32EBF781C

December 2013

AFAFB7C5-798B-453D-891C-6765E4545CCC

November 2013

BA6D0F21-C17B-418A-8ADD-B18289A02461

October 2013

21063288-61F8-4060-9629-9DBDD77E3242

September 2013

462BE659-C07A-433A-874F-2362F01E07EA

August 2013

B6345F3A-AFA9-42FF-A5E7-DFC6C57B7EF8

July 2013

9326E352-E4F2-4BF7-AF54-3C06425F28A6

June 2013

4A25C1F5-EA3D-4840-8E14-692DD6A57508

May 2013

3DAA6951-E853-47E4-B288-257DCDE1A45A

April 2013

7A6917B5-082B-48BA-9DFC-9B7034906FDC

March 2013

147152D2-DFFC-4181-A837-11CB9211D091

February 2013

ED5E6E45-F92A-4096-BF7F-F84ECF59F0DB

January 2013

A769BB72-28FC-43C7-BA14-2E44725FED20

December 2012

AD64315C-1421-4A96-89F4-464124776078

November 2012

7D0B34BB-97EB-40CE-8513-4B11EB4C1BD6

October 2012

8C1ACB58-FEE7-4FF0-972C-A09A058667F8

September 2012

02A84536-D000-45FF-B71E-9203EFD2FE04

August 2012

C1156343-36C9-44FB-BED9-75151586227B

July 2012

3E9B6E28-8A74-4432-AD2A-46133BDED728

June 2012

4B83319E-E2A4-4CD0-9AAC-A0AB62CE3384

May 2012

D0082A21-13E4-49F7-A31D-7F752F059DE9

April 2012

3C1A9787-5E87-45E3-9B0B-21A6AB25BF4A

March 2012

84C44DD1-20C8-4542-A1AF-C3BA2A191E25

February 2012

23B13CB9-1784-4DD3-9504-7E58427307A7

January 2012

634F47CA-D7D7-448E-A7BE-0371D029EB32

December 2011

79B9D6F6-2990-4C15-8914-7801AD90B4D7

November 2011

BEB9D90D-ED88-42D7-BD71-AE30E89BBDC9

October 2011

C0177BCC-8925-431B-AC98-9AC87B8E9699

September 2011

E775644E-B0FF-44FA-9F8B-F731E231B507

August 2011

F14DDEA8-3541-40C6-AAC7-5A0024C928A8

July 2011

3C009D0B-2C32-4635-9B34-FFA7F4CB42E7

June 2011

DDE7C7DD-E76A-4672-A166-159DA2110CE5

May 2011

852F70C7-9C9E-4093-9184-D89D5CE069F0

April 2011

0CB525D5-8593-436C-9EB0-68C6D549994D

March 2011

AF70C509-22C8-4369-AEC6-81AEB02A59B7

February 2011

B3458687-D7E4-4068-8A57-3028D15A7408

January 2011

258FD3CF-9C82-4112-B1B0-18EC1ECFED37

December 2010

4E28B496-DD95-4300-82A6-53809E0F9CDA

November 2010

5800D663-13EA-457C-8CFD-632149D0AEDD

October 2010

32F1A453-65D6-41F0-A36F-D9837A868534

September 2010

0916C369-02A8-4C3D-9AD0-E72AF7C46025

August 2010

E39537F7-D4B8-4042-930C-191A2EF18C73

July 2010

A1A3C5AF-108A-45FD-ABEC-5B75DF31736D

June 2010

308738D5-18B0-4CB8-95FD-CDD9A5F49B62

May 2010

18C7629E-5F96-4BA8-A2C8-31810A54F5B8

April 2010

D4232D7D-0DB6-4E8B-AD19-456E8D286D67

March 2010

076DF31D-E151-4CC3-8E0A-7A21E35CF679

February 2010

76D836AA-5D94-4374-BCBF-17F825177898

January 2010

ED3205FC-FC48-4A39-9FBD-B0035979DDFF

December 2009

A9A7C96D-908E-413C-A540-C43C47941BE4

November 2009

78070A38-A2A9-44CE-BAB1-304D4BA06F49

October 2009

4C64200A-6786-490B-9A0C-DEF64AA03934

September 2009

B279661B-5861-4315-ABE9-92A3E26C1FF4

August 2009

91590177-69E5-4651-854D-9C95935867CE

July 2009

F530D09B-F688-43D1-A3D5-49DC1A8C9AF0

June 2009

8BD71447-AAE4-4B46-B652-484001424290

May 2009

AC36AF73-B1E8-4CC1-9FF3-5A52ABB90F96

April 2009

276F1693-D132-44EF-911B-3327198F838B

March 2009

BDEB63D0-4CEC-4D5B-A360-FB1985418E61

February 2009

C5E3D402-61D9-4DDF-A8F5-0685FA165CE8

January 2009

2B730A83-F3A6-44F5-83FF-D9F51AF84EA0

December 2008

9BF57AAA-6CE6-4FC4-AEC7-1B288F067467

December 2008

9BF57AAA-6CE6-4FC4-AEC7-1B288F067467

November 2008

F036AE17-CD74-4FA5-81FC-4FA4EC826837

October 2008

131437DE-87D3-4801-96F0-A2CB7EB98572

September 2008

7974CF06-BE58-43D5-B635-974BD92029E2

August 2008

F3889559-68D7-4AFB-835E-E7A82E4CE818

July 2008

BC308029-4E38-4D89-85C0-8A04FC9AD976

June 2008

0D9785CC-AEEC-49F7-81A8-07B225E890F1

May 2008

0A1A070A-25AA-4482-85DD-DF69FF53DF37

April 2008

F01687B5-E3A4-4EB6-B4F7-37D8F7E173FA

March 2008

24A92A45-15B3-412D-9088-A3226987A476

February 2008

0E918EC4-EE5F-4118-866A-93f32EC73ED6

January 2008

330FCFD4-F1AA-41D3-B2DC-127E699EEF7D

December 2007

73D860EC-4829-44DD-A064-2E36FCC21D40

November 2007

EFC91BC1-FD0D-42EE-AA86-62F59254147F

October 2007

52168AD3-127E-416C-B7F6-068D1254C3A4

September 2007

A72DDD48-8356-4D06-A8E0-8D9C24A20A9A

August 2007

0CEFC17E-9325-4810-A979-159E53529F47

July 2007

4AD02E69-ACFE-475C-9106-8FB3D3695CF8

June 2007

234C3382-3B87-41ca-98D1-277C2F5161CC

May 2007

15D8C246-6090-450f-8261-4BA8CA012D3C

April 2007

57FA0F48-B94C-49ea-894B-10FDA39A7A64

March 2007

5ABA0A63-8B4C-4197-A6AB-A1035539234D

February 2007

FFCBCFA5-4EA1-4d66-A3DC-224C8006ACAE

January 2007

2F9BC264-1980-42b6-9EE3-2BE36088BB57

December 2006

621498ca-889b-48ef-872b-84b519365c76

November 2006

1d21fa19-c296-4020-a7c2-c5a9ba4f2356

October 2006

79e385d0-5d28-4743-aeb3-ed101c828abd

September 2006

ac3fa517-20f0-4a42-95ca-6383f04773c8

August 2006

37949d24-63f1-4fdc-ad24-5dc3eb3ad265

July 2006

5df61377-4916-440f-b23f-321933b0afd3

June 2006

7cf4b321-c0dd-42d9-afdf-edbb85e59767

May 2006

ce818d5b-8a25-47c0-a9cd-7169da3f9b99

April 2006

d0f3ea76-76c8-4287-8cdf-bdfee5e446ec

March 2006

b5784f56-32ca-4756-a521-ca57816391ca

February 2006

99cb494b-98bf-4814-bff0-cf551ac8e205

January 2006

250985ee-62e6-4560-b141-997fc6377fe2

December 2005

F8FEC144-AA00-48B8-9910-C2AE9CCE014A

November 2005

1F5BA617-240A-42FF-BE3B-14B88D004E43

October 2005

08FFB7EB-5453-4563-A016-7DBC4FED4935

September 2005

33B662A4-4514-4581-8DD7-544021441C89

August 2005 A

4066DA74-2DDE-4752-8186-101A7C543C5F

August 2005

3752278B-57D3-4D44-8F30-A98F957EC3C8

July 2005

2EEAB848-93EB-46AE-A3BF-9F1A55F54833

June 2005

63C08887-00BE-4C9B-9EFC-4B9407EF0C4C

May 2005

08112F4F-11BF-4129-A90A-9C8DD0104005

April 2005

D89EBFD1-262C-4990-9927-5185FED1F261

March 2005

F8327EEF-52AA-439A-9950-CE33CF0D4FDD

February 2005

805647C6-E5ED-4F07-9E21-327592D40E83

January 2005

E5DD9936-C147-4CD1-86D3-FED80FAADA6C

Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft?

A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.

Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1

Q4. In the March 2005 release, data in the Mrt.log file appears to have been lost. Why was this data removed, and is there a way for me to retrieve it?

A4. Starting with the March 2005 release, the Mrt.log file is being written as a Unicode file. To make sure of compatibility, when the March 2005 version of the tool is run, if an ANSI version of the file is on the system, the tool will copy the contents of that log to Mrt.log.old in %WINDIR%\debug and create a new Unicode version of Mrt.log. Like the ANSI version, this Unicode version will be appended to with each successive execution of the tool.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×