Malicious Software Removal Tool

How to Use the Malicious Software Removal Tool in Vista
This will show you how to open and use the Malicious Software Removal Tool to manually run scans for and automatically remove malicious software.
How to Use the Malicious Software Removal Tool in Vista

information   Information
This will show you how to open and use the Malicious Software Removal Tool (MRT) to manually run scans for and automatically remove malicious software.

For more information and FAQs about the Malicious Software Removal Tool, please read:
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000

Tip   Tip

  • The Microsoft Malicious Software Removal Tool is normally installed and updated on the second Tuesday of every month by the KB890830 Windows Update.
  • After a scan with MRT, the scan log is located at: C:\Windows\Debug\mrt.log
  • After a scan with MRT, yhe event log is located at: C:\Windows\Debug\mrteng.log
Note   Note
The Malicious Software Removal Tool normally runs in quiet mode. If it detects malicious software on your computer, the next time that you log on to your computer as a computer administrator, a balloon will appear in the notification area to make you aware of the detection and prompt you to run a full scan.
warning   Warning
The Microsoft Malicious Software Removal Tool does not replace an antivirus program. It is strictly a post-infection removal tool. Therefore, it is strongly recommend that you install and use an up-to-date antivirus program.

The Microsoft Malicious Software Removal Tool differs from an antivirus program in three key ways:
  • The tool removes malicious software from an already-infected computer. Antivirus products block malicious software from running on a computer. It is significantly more desirable to block malicious software from running on a computer than to remove it after infection.
  • The tool removes only specific, prevalent malicious software. Specific, prevalent malicious software is a small subset of all the malicious software that exists today.
  • The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running on the computer. The tool cannot remove malicious software that is not running. However, an antivirus product can perform this task.

Here's How:
Note   Note

The Windows Malicious Software Removal Tool - (KB89030) Windows Update will need to be installed first before you will have it available in Windows Vista.

If not, then you can also download and install it manually from Microsoft at:

1. Open the Start Menu.​
2. In the white line (Start Search) area, type mrt.exe and press Enter. (See screenshot below)​
NOTE: You can also type mrt.exe in the RUN window. This file is located at C:\Windows\System32\mrt.exe.​

3. If prompted by UAC, click on Continue.​
4. Click on the Next button. (See screenshot below)​

5. Select and dot the type of scan you would like to run and click on Next. (See screenshot below)​

6. It will now start the scan and can take a bit to finish depending on what scan type you selected in step 5. (See screenshot below)​

7. When finished, it will report the scan results. (See screenshot below step 8)​
8. Click on the Finish button when you are ready to close the Microsoft Malicious Software Removal Tool window.​
NOTE: To see detailed scan results, click on the View detailed results of the scan link.​

Tip   Tip

How to Run the "Windows Malicious Software Removal Tool" from the Command Prompt

In a command prompt, type mrt.exe followed by one of the switches below. For example, type mrt.exe /F:Y to run a full scan and automatically clean the infected files.


That's it,

Last edited by a moderator:
Shawn Brink


Thanks for the info on this. I to did not know you could run it when ever you wanted.
I learn more every day.
Many thanks.
You're welcome Brian. I didn't know about it either at first until I just clicked on it to see what it did.

Is there a way to place a shortcut to start menu from this program?
thanks, and I really do like the "format" that this site supplies. i.e., breaking down the info to a newbies (me) level.
Yeah I've been looking at the tutorials for the past 2 days now,and have managed to free up considerably disk space,there are so many little hints n tips that most of us dont seem to not know about.Thanks Brink

ps loving Auslogics BoostSpeed & Disk DeFrag:D
This post (and the whole tutorial section for that matter) was very useful, thank you for having such useful info on this site!!
Hello Dinesh.

I never was in a situation where I needed to use it, but I would image that it could be handy if you picked up some form of malware that it can clean from your system for you.
Hi Shawn, does the MRT really works?
G'Day dinesh,

Yes it does work. In Jul 08 I had cause to seek Windows Live OneCare Support. Before entering a 'Shared session' with the WLOC Techs., they had me first run a Quick Scan [which came up clean], and then secondly, a FULL MSRT SCAN. We were in phone contact, and because the Full Scan takes about 6 hours to complete, an arrangement was made for them to call back later. At re-connection, the Shared Session was initiated, and the results of the Full MSRT Scan were produced.

A variant of a Java Script Virus was found and quarantined on two file threads on my D/Drive. A few moments later, these were deleted and gone forever. I've had no further problems since, and the MSRT does it's thing, silently each month.

As a general comment, I must add that the 'clean-up' if anything is discovered in the MSRT scan, is a clear and easy procedure to follow.