|
|
|
Maxabout.com > Tips
The Malicious Software Removal Tool— Postinfection Removal Part 2Added on:10/2/2008 1:36:38 AM
In Windows Vista Tips Rated by 1 users
- When the tool runs in the background (as it usually does without you even being aware of it; it’s called quiet mode), it keeps a log for itself located in the %windir%\ debug\mrt.log.
- After the tool runs, it disappears until the next version is released. Or you could just run the tool manually or online and you’ll see results immediately. In addition to the log file, you can also check the Registry to see whether the tool has run:
- Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT
Entry name: Version <GUID> (1d21fa19-c296-4020-a7c2-c5a9ba4f2356) – Note, this is for the November 2006 version of the MSRT)
- You can find the list of version GUIDs on http://support.microsoft.com/?kbid= 891716&SD=tech#E2ACAAA in the FAQ section.
- In addition, at that link, you can find information regarding Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment. Some options provided include scripting it to run on your systems (a sample login or startup script is provided). You can also use SMS to deploy the tool. If you have Active Directory running your enterprise, you can also use Group Policies to deploy the tool. Some might not like the infection report being sent back to Microsoft, although this helps Microsoft to see what malicious software is being detected and to what degree it is spreading. But you can turn this off in the Registry.
- Add the following Registry value to the system:
Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1
- If the computer is connected to an SUS server, this functionality is already disabled because of the following Registry key value:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer
|
|
|