Pity the malware, fool!
May. 18th, 2009 02:34 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
slowfoxY'know, I've often wondered, whilst watching the Microsoft Updates download to the work PC (for Castle Fox is a Linux domain), what on Earth is that 'Malicious Software Removal Tool' that seems to be a perennial feature?
Well, it turns out, it's a user startable program... indeed, I'm not wholly clear if this thing runs by itself at all.
So, assuming that you've been over to Windows Update, and your machine is fully patched and whatever (caveat: I only have XP, can't speak for Vista), you can then launch the Malicious Software Removal Tool from the 'Run' option off the start menu.
Here's the sneaky bit. You or I, dear reader, might assume that the program would be called something helpful - like, 'MaliciousSoftwareRemovalTool.exe', or MSRT.exe to keep it short. Helpfully, however, MS have dropped the 'S' from the abbreviation, so you need to be thinking gold jewellery, Bad Attitude and souped up GMC minivans: MrT.exe (if I'm allowed to be liberal with capitalisation for the mnemonic advantage):
This bothers me slightly - typing 'mrt.exe' in the 'Run' dialogue box will run the first file of that name it comes across within the system's PATH (a definition of which directories Windows will scan when trying to launch a program whose filename hasn't been fully specified {in this case: C:\Windows\System32\mrt.exe}). What's to stop some enterprising malware artist constructing a trojan horse called mrt.exe that either overwrites the MS version, or manages to install itself in a location higher up the PATH hierarchy?).
Anyway, qualms aside (and remember, this is my work PC, so I'm Qualm Free™), this will bring up the Welcome screen:
The thing to check here is that the date, in the window's title bar up there at the top, is reasonably current. It should be, of course, if Windows Update has been working correctly, but if not, amble over to MS and get your installation up to date.
There aren't a whole heap of options to choose from. Despite what the pic shows, I've only run the 'Quick Scan' on the work PC. I'm putting off running the full enchilada for overnight.
There's not a great deal to look at, but the software does it best to let you know it's busy...
Finally, once it's complete, you can click to view a full status report:
As you can see, this check is trying to find rather a lot of malware and stuff, and is probably worth running (since you've already got it installed), just for the comfort factor.
ETA: I have now learned that the MSRT is run in quick mode on the reboot after it's installed as part of the Windows Update process. However, the Full Scan is not automatic at all, and can only be user initiated (probably because doing so will take an aaaaaaaaaaaggggggggggeeee</Entish>).
Well, it turns out, it's a user startable program... indeed, I'm not wholly clear if this thing runs by itself at all.
So, assuming that you've been over to Windows Update, and your machine is fully patched and whatever (caveat: I only have XP, can't speak for Vista), you can then launch the Malicious Software Removal Tool from the 'Run' option off the start menu.
Here's the sneaky bit. You or I, dear reader, might assume that the program would be called something helpful - like, 'MaliciousSoftwareRemovalTool.exe', or MSRT.exe to keep it short. Helpfully, however, MS have dropped the 'S' from the abbreviation, so you need to be thinking gold jewellery, Bad Attitude and souped up GMC minivans: MrT.exe (if I'm allowed to be liberal with capitalisation for the mnemonic advantage):
This bothers me slightly - typing 'mrt.exe' in the 'Run' dialogue box will run the first file of that name it comes across within the system's PATH (a definition of which directories Windows will scan when trying to launch a program whose filename hasn't been fully specified {in this case: C:\Windows\System32\mrt.exe}). What's to stop some enterprising malware artist constructing a trojan horse called mrt.exe that either overwrites the MS version, or manages to install itself in a location higher up the PATH hierarchy?).
Anyway, qualms aside (and remember, this is my work PC, so I'm Qualm Free™), this will bring up the Welcome screen:
The thing to check here is that the date, in the window's title bar up there at the top, is reasonably current. It should be, of course, if Windows Update has been working correctly, but if not, amble over to MS and get your installation up to date.
There aren't a whole heap of options to choose from. Despite what the pic shows, I've only run the 'Quick Scan' on the work PC. I'm putting off running the full enchilada for overnight.
There's not a great deal to look at, but the software does it best to let you know it's busy...
Finally, once it's complete, you can click to view a full status report:
As you can see, this check is trying to find rather a lot of malware and stuff, and is probably worth running (since you've already got it installed), just for the comfort factor.
ETA: I have now learned that the MSRT is run in quick mode on the reboot after it's installed as part of the Windows Update process. However, the Full Scan is not automatic at all, and can only be user initiated (probably because doing so will take an aaaaaaaaaaaggggggggggeeee</Entish>).
no subject
Date: 2009-05-18 02:42 pm (UTC)no subject
Date: 2009-05-18 02:44 pm (UTC)no subject
Date: 2009-05-18 04:19 pm (UTC)It's only a matter of time before the various Apple platforms face similar viral and wormish assaults on a regular basis. I'm frankly astounded that the iPhone is not under constant barrage of malware, given its broad appeal.
no subject
Date: 2009-05-18 08:31 pm (UTC)no subject
Date: 2009-05-18 08:18 pm (UTC)ETA: Well, first hurdle is that Vista has no Run option on its menu. :P
But typing mrt into the Search box does bring it up.
no subject
Date: 2009-05-18 08:32 pm (UTC)Whatever, I thought it interesting enough to warrant the post :-)
no subject
Date: 2009-05-18 08:38 pm (UTC)Q13: After I run the tool from Microsoft Update, Windows Update, or Automatic Updates, where are the tool files stored? Can I rerun the tool?
A13: When it is downloaded from Microsoft Update or from Windows Update, the tool runs only one time each month. To manually run the tool multiple times a month, download the tool from the Download Center or by visiting the following Microsoft Web site:
Runs so stealthily, you don't know it has done unless there's a problem. :)
no subject
Date: 2009-05-18 08:40 pm (UTC)Good find on the FAQ, anyway :-)
no subject
Date: 2011-09-20 07:22 pm (UTC)