Solved May's Malicious Software Removal Tool returns to haunt me June 13

Vistaar

Vista Guru
This morning, Windows Update was prompting me to install Windows Malicious Software Removal Tool - May 2016. Did anyone else see that? My update history shows that it was successfully installed on May 10. Let's say the tool didn't run properly then (which I have no reason to believe): Why would it take Windows Update more than a month to make that determination? I tried checking for Windows updates again, but the removal tool repeat was still offered. I then opened MSE and checked for definition updates, after which I opened Windows Update again - and oddly enough, it then said that "Windows is up to date"!?

Googling "KB890830 keeps installing" reveals that such issues have been reported for years. (There was no repeated install in my case because I don't allow updates to install automatically - and never will!)
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
My update history shows that it was successfully installed on May 10. Let's say the tool didn't run properly then (which I have no reason to believe): Why would it take Windows Update more than a month to make that determination?

Hi Vistaar:

The scan log for the MSRT is located at C:\Windows\Debug\mrt.log and can be opened with Notepad or any other text editor. Here's an excerpt from my log that shows that the 12-May-2016 scan that ran when I installed my May 2016 Patch Tuesday updates completed successfully:

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.36, May 2016 (build 5.36.12600.0)
Started On Thu May 12 12:14:28 2016

Engine: 1.1.12706.0
Signatures: 1.219.58.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 12 12:26:13 2016

---------------------------------------------------------------------------------------

My own Windows Update is currently configured to never check for updates so I couldn't tell you if an updated set of signature definitions has been released since 12-May-2016, but the release information at https://support.microsoft.com/en-us/kb/890830#bookmark-usage shows that detections for two new families of malware - Win32/Kovter and Win32/Locky - were added to the MSRT in May 2016 (V 5.36). What you observed was likely just another odd glitch in Vista's Windows Update but it's always possible there was a late out-of-band update for the tool this month to include scanning for Win32/Locky.
------------
32-bit Vista Home Premium SP2 * Firefox v47.0 * NIS v21.7.0.11 * MBAM Premium v2.2.1
 
Last edited:

My Computers

System One System Two

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Other Info
    Malwarebytes Premium v3.5.1-1.0.365 * Firefox ESR v52.9.0
  • Operating System
    64-bit Win 10 Pro v22H2
    Manufacturer/Model
    Dell Inspiron 15 5584
    CPU
    Intel i5-8265U @1.60/1.80 GHz
    Motherboard
    Dell Inc. 07R8NW
    Memory
    8 GB DDR4 SDRAM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    Toshiba 256 GB KBG40ZNS256G NVMe SSD
    Other Info
    Microsoft Defender * Malwarebytes Premium * Firefox
What you observed was likely just another odd glitch in Vista's Windows Update
I'm leaning strongly toward that type of explanation. I tried hiding the update, after which Windows Update proceeded to offer me the April Malicious Software Removal Tool (successfully installed April 12). In case Windows was trying to hint that I have a malware infection, I ran scans with Malwarebytes Free and Kaspersky Rescue Disk, in addition to Microsoft Security Essentials. No threats detected, and of course I have now successfully installed the latest and greatest removal tool for June, and I probably won't post again unless Windows Update offers me a rerun of this one. However it would still be interesting to know if anyone else observed this in the hours preceding Patch Tuesday updates. There was a similar post here in December, but at that time I had no idea how to reply to the hapless Vista user: http://www.vistax64.com/windows-upd...any-windows-update-kb890830-removal-tool.html.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
Hi Vistaar:

I just stumbled across Caravelle's thread Windows Malicious Software Removal Tool - update chaos in the bleepingcomputer forum that might be of interest. Moderator quietman7 has an excellent reputation in that forum but there is some very questionable advice given out in that thread by other users (e.g., deleting Windows files with Unlocker), so you might want to skip straight to the OP's solution in post # 17.
-----------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v21.7.0.11 * MBAM Premium v2.2.1
 

My Computers

System One System Two

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Other Info
    Malwarebytes Premium v3.5.1-1.0.365 * Firefox ESR v52.9.0
  • Operating System
    64-bit Win 10 Pro v22H2
    Manufacturer/Model
    Dell Inspiron 15 5584
    CPU
    Intel i5-8265U @1.60/1.80 GHz
    Motherboard
    Dell Inc. 07R8NW
    Memory
    8 GB DDR4 SDRAM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    Toshiba 256 GB KBG40ZNS256G NVMe SSD
    Other Info
    Microsoft Defender * Malwarebytes Premium * Firefox
Yeah, that thread is mostly a wild goose chase. Even the Microsoft link provided by quietman7 in post #18 misses the point because it assumes that an update is being repeatedly offered because it failed, whereas we are now in the realm of successful updates being repeatedly offered. If this can happen with MSRT, then it can happen with any Windows update. I had an isolated incident in December that never recurred: http://www.vistax64.com/windows-updates/304266-security-update-windows-vista-kb2570947-deja-vu.html.

In my case, the issue reported in the present thread hasn't recurred since the June MSRT was installed (at least not yet). I do not and will never allow Windows to install updates automatically, and I did not reinstall the May MSRT just because Windows Update was offering it again for reasons unknown. Caravelle's first post shows that both the May and June MSRT were repeatedly and successfully installed, so his experience was somewhat different from mine.
 
Last edited:

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
I don't install that tool so I don't have any input. If it shows up I ignore it.
 

My Computers

System One System Two

  • Operating System
    Windows 8.1 Industry Pro x64
    Manufacturer/Model
    HP Pavillion Elite HPE-250f
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF
    Screen Resolution
    1920x1080 &1680x1050
    Hard Drives
    1 TB x2
    Other Info
    https://www.cnet.com/products/hp-pavilion-elite-hpe-250f/
  • Operating System
    Windows 2012 R2 Data center/Linux Mint
    Manufacturer/Model
    Dell Poweredge T140
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 360 GB x2
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
On the morning of July 4, Windows Update decided it was time to offer me a repeat of the June MSRT (successfully installed June 14). After updating definitions for MSE, Windows Update is no longer offering the MSRT (for now).

[Edit] This has happened two more times, so I'm setting Windows Update to "never check for updates" until after July 12 patches are installed. That should fix it!
 
Last edited:

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
On the morning of July 4, Windows Update decided it was time to offer me a repeat of the June MSRT (successfully installed June 14). After updating definitions for MSE, Windows Update is no longer offering the MSRT (for now).

[Edit] This has happened two more times, so I'm setting Windows Update to "never check for updates" until after July 12 patches are installed. That should fix it!

Vistaar...are you a Comcast customer? If so, do you use Xfinity Norton Security Suite (specifically ver. 22.7.0.76)?

It's funny because I have a vague memory that this started happening to me (your exact MSRT description) after a NSS version upgrade. I had an issue with Windows 7 (along with the NSS upgrade) that was fixed with a subsequent patch. Just wondering if Norton may have something to do with it?
 

My Computer

Vistaar...are you a Comcast customer? If so, do you use Xfinity Norton Security Suite...
No, I'm a Mediacom customer using Microsoft Security Essentials 4.9. As I mentioned in the original post, installing MSE definition updates can actually cause Windows Update to change its mind about the "need" for an MSRT repeat. However the link in post #3 does mention Norton. I think Imacri uses Norton, but he hasn't reported this issue. Setting Windows Update to "never check for updates" except on Patch Tuesday following installation of the kernel-mode driver update is an effective preventative.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
No, I'm a Mediacom customer using Microsoft Security Essentials 4.9. As I mentioned in the original post, installing MSE definition updates can actually cause Windows Update to change its mind about the "need" for an MSRT repeat.

Wow! Sorry about that! I don't think you could've have stated that any clearer.

Forgot to include that if you run WU again ( after the initial auto check at startup) the MSRT is removed from available updates. Bizarre!!

Anyway, I think I'll set WU to never check for updates. It's a lot easier at this point in the game.

Thanks again!
 

My Computer

Setting Windows Update to "never check for updates" except on Patch Tuesday following installation of the kernel-mode driver update is an effective preventative.

Probably not a good idea because I've seen MSE definition updates during the month. I've also noticed that unlike most other AVs MSE doesn't automatically download definition updates or even tell you that there is one. The only notification that you get is through Windows update.
 

My Computers

System One System Two

  • Operating System
    Windows 8.1 Industry Pro x64
    Manufacturer/Model
    HP Pavillion Elite HPE-250f
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF
    Screen Resolution
    1920x1080 &1680x1050
    Hard Drives
    1 TB x2
    Other Info
    https://www.cnet.com/products/hp-pavilion-elite-hpe-250f/
  • Operating System
    Windows 2012 R2 Data center/Linux Mint
    Manufacturer/Model
    Dell Poweredge T140
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 360 GB x2
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
Probably not a good idea because I've seen MSE definition updates during the month. I've also noticed that unlike most other AVs MSE doesn't automatically download definition updates or even tell you that there is one. The only notification that you get is through Windows update.
I appreciate your concern, but I'm afraid you are quite mistaken: MSE automatically updates definitions daily, and there is no user setting that will prevent that, including setting Windows Update to "never check for updates" - which also doesn't prevent manual definition updates. I am quite certain this is true of MSE 4.9, but I'm obviously not in a position to test the older version that you are still using.

If you have any thoughts on why Windows Update would repeatedly offer the MSRT or any other update that was successfully installed, don't hesitate to post them here.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
I remember reading when MSE is installed it should not be necessary to run the Malicious Software Tool. I occasionally run the MSTR. It sometimes takes a very long time. Wouldn't a MSE scan be a better option to running MSTR?
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Thinkcentre
    CPU
    Intel Core 2 CPU 2.67 Ghz
    Motherboard
    OEM
    Memory
    4 GB
    Monitor(s) Displays
    NEC
    Screen Resolution
    1920 x 1080p
I remember reading when MSE is installed it should not be necessary to run the Malicious Software Tool...

Where did you read that?

This thread is not about MSE, not everyone seeing MSRT repeatedly offered for download is using MSE, and I do not have a problem with definition updates. Forum members should refrain from long-winded off-topic posts!

Edit: Thank you albertz for editing out a lengthy off-topic passage.
 
Last edited:

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
Where did you read that?

This thread is not about MSE, not everyone seeing MSRT repeatedly offered for download is using MSE, and I do not have a problem with definition updates. Forum members should refrain from long-winded off-topic posts!

While performing a Vista installation and Windows Upgrades IIRC a popup or screen message appeared. Windows message saying something concerning MSRT and MSE. I unable to emember exactly only that the message addressed something to the effect that if MSE is installed then it wouldn't be necessary to run MSRT.

Sorry for addressing other things about MSE and making the previous post too long. I have deleted that part of the message.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Thinkcentre
    CPU
    Intel Core 2 CPU 2.67 Ghz
    Motherboard
    OEM
    Memory
    4 GB
    Monitor(s) Displays
    NEC
    Screen Resolution
    1920 x 1080p
Vistaar,

Did you ever come across this:
How not to install KB890830 Windows update as it create problems? - Microsoft Community

For whatever reason, I never turned off automatic updates. After patch Tuesday updates, I continued to receive multiple offers for the MSRT since July. I would hide the update, and sometimes it worked, sometimes it didn't.

Today, I tried creating the MRT key and adding the DWord value as outlined in the link above. So far, the offers for the MSRT have stopped and the hidden MSRT updates (July-through-October) have been removed.

Just wondering if anyone has tried this approach? Personally I can do without the MSRT being offered each month. Hope it works!
 

My Computer

No, I never came across that. If you hide the update, my experience was that it would then offer you an older MSRT that wasn't hidden. I say "was" because I am keeping Windows Update turned off all the time now. As I mentioned in post #365 of http://www.vistax64.com/windows-upd...seems-hang-while-checking-37.html#post1408295, Windows Update last night informed me that one update was "Not Needed," and apparently this was the October MSRT, which was offered for download after pre-installing the two updates that didn't work for you but now does not appear in my update history. That could be related to the fact that I'm using MSE (and haven't yet upgraded to the latest version of MSE), as albertz suggested above.

October 12 patches2.JPG
 
Last edited:

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT
If you hide the update, my experience was that it would then offer you an older MSRT that wasn't hidden.

Same here. Sometimes it'll re-appear later in the month but it definitely starts all over after Patch Tuesday updates. If this registry hack keeps the MSRT from downloading, I'll take it as a "fix."

Update: just tried the MRT registry key addition on my wife's Win 7 business laptop before running Windows Update. The MSRT didn't download. Removed the key and DWORD value from the registry. Checked WU for updates, the MSRT downloaded.

Hope it works this way with Vista next month! Adios MSRT...:D
 
Last edited:

My Computer

Back
Top